Jon Loeliger [Fri, 30 Mar 2018 18:34:47 +0000 (13:34 -0500)]
DSLite: Implement new API call DSLITE_ADDRESS_DUMP.
Change-Id: I92ca28d3007f7ea43cd3e8b20659e400dfa6c75c
Signed-off-by: Jon Loeliger <jdl@netgate.com>
Chris Luke [Wed, 4 Apr 2018 20:41:56 +0000 (16:41 -0400)]
Bump package version
Change-Id: I81d870ab9fc0b1f0e1b777d56ca7870ff99c7c2c
Signed-off-by: Chris Luke <chrisy@flirble.org>
Chris Luke [Wed, 4 Apr 2018 18:17:44 +0000 (18:17 +0000)]
Hm this ended up on master, but should not have.
Revert "Setup for branch stable/1804"
This reverts commit
c9c0988a0f331cbecfefb3f8cf0617b42bc89139.
Change-Id: I53ac0e9742317962aebe6f6eb5c9180fa87af2a8
Signed-off-by: Chris Luke <chrisy@flirble.org>
Chris Luke [Wed, 4 Apr 2018 18:16:00 +0000 (14:16 -0400)]
Setup for branch stable/1804
Change-Id: I09360055222efba6fad178b4fa5917808b551a9d
Signed-off-by: Chris Luke <chrisy@flirble.org>
Chris Luke [Wed, 4 Apr 2018 18:13:50 +0000 (14:13 -0400)]
Doc updates prior to branch
Change-Id: Ibcffee7d20dbb79720199bcd82d2353f39d5544f
Signed-off-by: Chris Luke <chrisy@flirble.org>
Damjan Marion [Wed, 28 Mar 2018 16:27:38 +0000 (18:27 +0200)]
memif: zero copy slave
Change-Id: I65306fb1f8e39221dd1d8c00737a7fb1c0129ba8
Signed-off-by: Damjan Marion <damarion@cisco.com>
Neale Ranns [Thu, 29 Mar 2018 08:28:09 +0000 (01:28 -0700)]
Detailed stats collection feature
Use device-input and interface-output feautre arcs to collect unicast, multicast
and broadcast states for RX and TX resp. Since these feature arcs are present only
for 'physical' interfaces (i.e. not su-interfaces) counter collection is supported
only on parent interface types.
Change-Id: I915c235e336b0fc3a3c3de918f95dd674e4e0e4e
Signed-off-by: Neale Ranns <nranns@cisco.com>
Signed-off-by: Mohsin Kazmi <sykazmi@cisco.com>
Neale Ranns [Wed, 4 Apr 2018 12:00:48 +0000 (05:00 -0700)]
NAT added FIB entries have a preference lower than API/CLI
Change-Id: Ia99490180683e8649784f7d9d18c509c3ca78438
Signed-off-by: Neale Ranns <nranns@cisco.com>
Matus Fabian [Wed, 4 Apr 2018 10:27:43 +0000 (03:27 -0700)]
NAT44: prohibit multiple static mappings for a single local address (VPP-1224)
Change-Id: I32b30210c2f1aec10a1b614d04f427662326a3d2
Signed-off-by: Matus Fabian <matfabia@cisco.com>
Matus Fabian [Wed, 4 Apr 2018 07:38:02 +0000 (00:38 -0700)]
NAT44: fix static mapping for DHCP addressed interface deleting (VPP-1223)
Change-Id: Ifb4d23059b7989c32a52eaf0c25c275b35e83010
Signed-off-by: Matus Fabian <matfabia@cisco.com>
Eyal Bari [Sun, 1 Apr 2018 12:13:06 +0000 (15:13 +0300)]
dpdk:fix checksum handling of l2 interfaces
dpdk-input was dropping packets with bad ip-checksum on l2 interfaces
Change-Id: Ife5b52766bb71e878b1da6e94ae7b8a1e59fc478
Signed-off-by: Eyal Bari <ebari@cisco.com>
Ed Kern [Mon, 2 Apr 2018 22:42:48 +0000 (16:42 -0600)]
Makefile: Alter VPP_PYTHON_PREFIX for preloading deps
Allow setting of VPP_PYTHON_PREFIX to alternate location
so the python prereqs can be installed into base image
Also added test-dep trigger to isolate dependency install
from actual test run
Change-Id: Ia80f5dbf71bc24eb46cd6586bcadd474ef822704
Signed-off-by: Ed Kern <ejk@cisco.com>
Klement Sekera [Tue, 27 Mar 2018 08:34:43 +0000 (10:34 +0200)]
reassembly: bug fixes
This change fixes a bug which would corrupt features infra by making
feature infra resistant to double-removal. It also fixes 'out of memory'
issue by properly initializing the bihash tables.
Change-Id: I78ac03139234a9a0e0b48e7bdfac1c38a0069e82
Signed-off-by: Klement Sekera <ksekera@cisco.com>
Dave Barach [Tue, 3 Apr 2018 18:58:14 +0000 (14:58 -0400)]
Fix bugs in emacs plugin templates
use api_helper_macros.h
declare plugin_main_t external in the header file
declare plugin_main_t instance in plugin.c
setup main_t->vlib_main, main_t->vnet_main in the init routine
Change-Id: Ib8c742a60c63adfe9724447e1a2acc8c7723e90c
Signed-off-by: Dave Barach <dave@barachs.net>
Florin Coras [Tue, 3 Apr 2018 09:10:05 +0000 (02:10 -0700)]
session: use fib index in ip local test
Change-Id: I148cb40c8bea55dabe54fa6a662d46862e571640
Signed-off-by: Florin Coras <fcoras@cisco.com>
Andrew Yourtchenko [Wed, 28 Mar 2018 13:32:10 +0000 (15:32 +0200)]
make test: print a warning in case a core_pattern contains a filter program
The default config on Ubuntu 16.04.4 desktop results in truncated cores
when running make test which coredumps. Uninstalling the filter program
(apport) makes the corefiles normal size. Print a warning about that fact,
so the others potentially affected didn't have to wonder.
Change-Id: Iba4b0a2765a25100d6e24fd7f4de0e0339efd835
Signed-off-by: Andrew Yourtchenko <ayourtch@gmail.com>
Steven [Sat, 31 Mar 2018 05:18:11 +0000 (22:18 -0700)]
tapv2: Sporadic SIGABRT in ethernet_input [VPP-1183]
virtio_free_rx_buffers uses the wrong slot in the vring to get
the buffer index. It uses desc_next. It should be last_used_idx
which is the slot number for the first valid descriptor.
Change-Id: I6b62b794f06869fbffffce45430b8b2e37b1266c
Signed-off-by: Steven <sluong@cisco.com>
Jakub Grajciar [Thu, 29 Mar 2018 11:15:10 +0000 (13:15 +0200)]
libmemif: zero-copy-slave mode + header space
Slave is now able to dequeue buffers from rx queue and enqueue them to tx queue
(zero-copy operation). Slave can produce buffers with headroom, which will allow adding
encap without copy.
Change-Id: Ia189f8de1a68be787545ed46cf78d36403e7e9bf
Signed-off-by: Jakub Grajciar <jgrajcia@cisco.com>
Andrew Yourtchenko [Wed, 28 Mar 2018 12:33:48 +0000 (14:33 +0200)]
acl-plugin: implement an optional session reclassification when ACL is (re-)applied
There were several discussions in which users would expect the sessions to be deleted
if the new policy after the change does not permit them.
There is no right or wrong answer to this question - it is a policy decision.
This patch implements an idea to approach this. It uses a per-interface-per-direction counter to designate
a "policy epoch" - a period of unchanging rulesets. The moment one removes or adds an ACL applied to
an interface, this counter increments.
The newly created connections inherit the current policy epoch in a given direction.
Likewise, this counter increments if anyone updates an ACL applied to an interface.
There is also a new (so far hidden) CLI "set acl-plugin reclassify-sessions [0|1]"
(with default being 0) which allows to enable the checking of the existing sessions
against the current policy epoch in a given direction.
The session is not verified unless there is traffic hitting that session
*in the direction of the policy creation* - if the epoch has changed,
the session is deleted and within the same processing cycle is evaluated
against the ACL rule base and recreated - thus, it should allow traffic-driven
session state refresh without affecting the connectivity for the existing sessions.
If the packet is coming in the direction opposite to which the session was initially
created, the state adjustment is never done, because doing so generically
is not really possible without diving too deep into the special cases,
which may or may not work.
Change-Id: I9e90426492d4bd474b5e89ea8dfb75a7c9de2646
Signed-off-by: Andrew Yourtchenko <ayourtch@gmail.com>
Maciek Konstantynowicz [Wed, 28 Mar 2018 18:39:24 +0000 (19:39 +0100)]
Updated sample startup.conf with supported plugin config options.
Change-Id: Id2884a4c2208b4382fce56019b11e4b7fdc4275b
Signed-off-by: Maciek Konstantynowicz <mkonstan@cisco.com>
John DeNisco [Fri, 30 Mar 2018 14:50:19 +0000 (10:50 -0400)]
Fix minor issues.
Change-Id: I1ce5106d99dd4d4b1c033d4873b4511e9a170afc
Signed-off-by: John DeNisco <jdenisco@cisco.com>
Chris Luke [Fri, 30 Mar 2018 13:56:42 +0000 (06:56 -0700)]
Add missing stdint.h
Coverity has started whining about uint32_t missing in this .h
Change-Id: I57992121c0593d6a0ada35917802d0300cf91259
Signed-off-by: Chris Luke <chrisy@flirble.org>
Steven [Thu, 29 Mar 2018 17:35:41 +0000 (10:35 -0700)]
lacp: faster convergence for slow-rate config option
Do fast-rate if we are not yet synchronized with the partner.
Stop sending LACP updates as a flash in the worker thread. Just expire the
timer and let the lacp_process handle sending LACP PDU.
Change-Id: I8b36fe74e752e7f45bd4a8d70512c0341cc197a1
Signed-off-by: Steven <sluong@cisco.com>
Steven [Thu, 29 Mar 2018 00:59:00 +0000 (17:59 -0700)]
bond: show trace causes a crash if the interface is deleted
For the debug image, if the interface is removed and the trace was
collected prior to the interface delete, show trace may cause a crash.
This is because vnet_get_sw_interface_name and vnet_get_sup_hw_interface
are not safe if the interface is deleted.
The fix is to use format_vnet_sw_if_index_name if all we need is to
get the interface name in the trace to display. It would show "DELETED"
which is better than a crash.
Change-Id: I912402d3e71592ece9f49d36c8a6b7af97f3b69e
Signed-off-by: Steven <sluong@cisco.com>
Steve Shin [Fri, 30 Mar 2018 07:40:40 +0000 (00:40 -0700)]
dpdk: fix crash due to incorrect xd->flags value with slave's link toggling
xd->flags is set incorrectly when a slave link is down in bonded interface mode.
This can result in VPP crash when data traffic flows to the interface.
Change-Id: Ideb9f5231db1211e8452c52fde646d681310c951
Signed-off-by: Steve Shin <jonshin@cisco.com>
Chris Luke [Thu, 29 Mar 2018 19:56:58 +0000 (12:56 -0700)]
Coverity fixes (VPP-1204)
Minor bug fixes
CID 183000: double close
CID 180996: dead code
CID 180995: NULL deref
CID 181957: NULL deref
CID 182676: NULL deref
CID 182675: NULL deref
Change-Id: Id35e391c95fafb8cd771984ee8a1a6e597056d37
Signed-off-by: Chris Luke <chrisy@flirble.org>
Florin Coras [Wed, 28 Mar 2018 09:18:29 +0000 (02:18 -0700)]
ip6: fix ip6-local urpf checking
Use sw_if_index[VLIB_TX] if set as fib index when doing the urpf check.
Change-Id: I5ec3e7f7a54c6782704d91e9a5614fd0f7f9e3de
Signed-off-by: Florin Coras <fcoras@cisco.com>
Eyal Bari [Wed, 28 Mar 2018 12:25:28 +0000 (15:25 +0300)]
l2_input:optimize counter access
only one counter update per frame (was updated per iteration)
only access ethertype for casts (was always accessing ethertype)
Change-Id: I3a3c3219ec63e975cf5bd8cf2d93103932a4aaa3
Signed-off-by: Eyal Bari <ebari@cisco.com>
Florin Coras [Wed, 28 Mar 2018 00:29:32 +0000 (17:29 -0700)]
tcp: fix fib index buffer tagging
Change-Id: I373cc252df3621d44879b8eca70aed17d7752a2a
Signed-off-by: Florin Coras <fcoras@cisco.com>
Dave Barach [Wed, 28 Mar 2018 23:08:45 +0000 (19:08 -0400)]
No need for this routine to be global
Causes subtle misbehavior elsewhere
Change-Id: I3a0ade26e8e03b8c5dc8e722f6a01fb99ec7a1e0
Signed-off-by: Dave Barach <dave@barachs.net>
Mohsin Kazmi [Wed, 28 Mar 2018 15:25:23 +0000 (17:25 +0200)]
vom: Fix the error handling for already existing itf
Change-Id: I5695d51dd4f6daff472877fe1cce3ddcb924b187
Signed-off-by: Mohsin Kazmi <sykazmi@cisco.com>
Damjan Marion [Mon, 26 Mar 2018 12:09:38 +0000 (14:09 +0200)]
Build libmemif as part of verify job
Change-Id: I7e808b5bcbb74343a4ed6782f115ed07e9bfe3a6
Signed-off-by: Damjan Marion <damarion@cisco.com>
Signed-off-by: Jakub Grajciar <jgrajcia@cisco.com>
Steven [Tue, 27 Mar 2018 22:04:47 +0000 (15:04 -0700)]
bond: cli rename
rename "enslave interface <slave> to <BondEthernetx>" to
"bond add <BondEthernetx> <slave>
"detach interface <slave>" to
"bond del <slave>"
Change-Id: I1bf8f017517b1f8a823127c7efedd3766e45cd5b
Signed-off-by: Steven <sluong@cisco.com>
Marco Varlese [Wed, 28 Mar 2018 10:06:10 +0000 (12:06 +0200)]
SCTP: use custom fib
Following TCP fixes from Florin (11430), this patch follows the same
approach to indicate a fib (not just using the default one).
Change-Id: Ib883aa0e9a1c6157acfea69c44426ba07d6c932a
Signed-off-by: Marco Varlese <marco.varlese@suse.com>
Jakub Grajciar [Wed, 28 Mar 2018 08:21:05 +0000 (10:21 +0200)]
libmemif: add private header size field
Change-Id: I09567c8ee9c92e91918840f80942a005069d9842
Signed-off-by: Jakub Grajciar <jgrajcia@cisco.com>
Matus Fabian [Wed, 28 Mar 2018 11:06:26 +0000 (04:06 -0700)]
NAT44: make 1:1NAT for DHCP addressed interface persistent
Static mapping is not deleted from resolution vector after address is set on
interface.
Change-Id: Ib7c45ca2e307123d101248c5a1b17d130ac32cd0
Signed-off-by: Matus Fabian <matfabia@cisco.com>
Neale Ranns [Tue, 27 Mar 2018 20:25:17 +0000 (13:25 -0700)]
test: fix VppNeighbor.query_vpp_config
Change-Id: I2a879ee9d5065a14eb351eccd0350693eb1ff521
Signed-off-by: Neale Ranns <neale.ranns@cisco.com>
Damjan Marion [Tue, 27 Mar 2018 20:00:17 +0000 (22:00 +0200)]
avf: keep input node in disabled state unless needed
Change-Id: I9a0105aa2373bd4db218851b1bbee50c6b6dfc7d
Signed-off-by: Damjan Marion <damarion@cisco.com>
Matus Fabian [Tue, 27 Mar 2018 08:07:25 +0000 (01:07 -0700)]
NAT44: fix nat44_user_session_dump and nat44_del_session crash with one worker (VPP-1213)
Change-Id: I8e0c7ed2ff462b9ab59c233f56be262ec03c29ff
Signed-off-by: Matus Fabian <matfabia@cisco.com>
Eyal Bari [Tue, 27 Mar 2018 08:43:57 +0000 (11:43 +0300)]
vxlan:refactor add del command function
Change-Id: I33ba5a011100baf1c786f9a63a0cf3d2e1020493
Signed-off-by: Eyal Bari <ebari@cisco.com>
Damjan Marion [Tue, 27 Mar 2018 19:07:58 +0000 (21:07 +0200)]
vlib: gcc-7 -O3 uninitialized values
Change-Id: I59b4142daab439d60a1ebd48b2c1366df0160288
Signed-off-by: Damjan Marion <damarion@cisco.com>
Damjan Marion [Tue, 27 Mar 2018 19:06:10 +0000 (21:06 +0200)]
vlib: make cloned structures cacheline aligned
This address crash with gcc-7 observed when -o3 is used.
Change-Id: I10e87da8e5037ad480eba7fb0aaa9a657d3bf48d
Signed-off-by: Damjan Marion <damarion@cisco.com>
Andrew Yourtchenko [Mon, 26 Mar 2018 16:19:20 +0000 (18:19 +0200)]
acl-plugin: autosize the ACL plugin heap and fix the heap size types and parsing
- autosize the ACL plugin heap size based on the number of workers
- for manual heap size setting, use the proper types (uword),
and proper format/unformat functions (unformat_memory_size)
Change-Id: I7c46134e949862a0abc9087d7232402fc5a95ad8
Signed-off-by: Andrew Yourtchenko <ayourtch@gmail.com>
Neale Ranns [Tue, 20 Mar 2018 23:30:51 +0000 (16:30 -0700)]
VOM: Fix connection state
Change-Id: I4851b2245f81bcf3cf5f40909c4d158a51af7068
Signed-off-by: Neale Ranns <neale.ranns@cisco.com>
Damjan Marion [Tue, 27 Mar 2018 13:02:56 +0000 (15:02 +0200)]
memif: add private header size field
private header size allows to reserve firs X bytes of payload to be
considered as private metadata. For now we just support value 0
but adding this field to address future needs without changing protocol
version.
Change-Id: Id77336584c0194a303b20210aff584c7372cba01
Signed-off-by: Damjan Marion <damarion@cisco.com>
Steven [Tue, 27 Mar 2018 04:52:11 +0000 (21:52 -0700)]
bond: coverity woes
coverity complains about statements in function A
function A
{
x % vec_len (y)
}
because vec_len (y) is a macro and may return 0 if the pointer y is null.
But coverity fails to realize the same statement vec_len (y) was already
invoked and checked in the caller of function A and punt if vec_len (y) is 0.
We can fix the coverity warning and shave off a few cpu cycles by caching
the result of vec_len (y) and pass it around to avoid calling vec_len (y)
again in multiple places.
Change-Id: I095166373abd3af3859646f860ee97c52f12fb50
Signed-off-by: Steven <sluong@cisco.com>
Mohsin Kazmi [Fri, 2 Mar 2018 11:31:37 +0000 (12:31 +0100)]
VOM: bond: Add support for LACP
Change-Id: I0245263b212142858d3305b0f365d8342912dbb9
Signed-off-by: Mohsin Kazmi <sykazmi@cisco.com>
Dave Wallace [Tue, 20 Mar 2018 13:22:13 +0000 (09:22 -0400)]
VCL: add IPv6 to socket_test.sh and make test
Change-Id: If3827828062a46f1cce43642535333f677f06e62
Signed-off-by: Dave Wallace <dwallacelf@gmail.com>
Szymon Sliwa [Tue, 20 Mar 2018 13:45:21 +0000 (13:45 +0000)]
plugins: dpdk: ipsec: fix l3 offset
Changes the source of the l3 offset to a more
proper one, same as I5d9f41599ba8d8eb14ce2d9d523f82ea6e0fd10d.
Change-Id: I5ff05d7d89507ecb378a2bd62f5b149189ca9e99
Signed-off-by: Szymon Sliwa <szs@semihalf.com>
Neale Ranns [Mon, 26 Mar 2018 16:10:41 +0000 (09:10 -0700)]
Restore the brief FIB entry printing
Change-Id: I007d48aeb934e5d2f087ca3b8ddc6f7a0e48d411
Signed-off-by: Neale Ranns <nranns@cisco.com>
Damjan Marion [Mon, 26 Mar 2018 13:35:33 +0000 (15:35 +0200)]
vlib: add support for vfio no-iommu mode
Change-Id: Ic83971d8d9d8d0bb90a35932e60761cd728457f3
Signed-off-by: Damjan Marion <damarion@cisco.com>
Mohsin Kazmi [Thu, 22 Mar 2018 22:45:23 +0000 (23:45 +0100)]
afpacket: Fix the reply if itf already exits
Change-Id: I47768ea50140222fec54e97cbaff2049bd3cb599
Signed-off-by: Mohsin Kazmi <sykazmi@cisco.com>
Damjan Marion [Mon, 26 Mar 2018 11:36:46 +0000 (13:36 +0200)]
Disable -Waddress-of-packed-member warnings reported by clang
Change-Id: Ic07ea5b0a7addec7b0ccfbe0570f341056e6d55b
Signed-off-by: Damjan Marion <damarion@cisco.com>
Andrew Yourtchenko [Mon, 26 Mar 2018 10:30:47 +0000 (12:30 +0200)]
acl-plugin: defer the ACL plugin user module registration with ACL lookup until it is needed
Registering ACL plugin user module within the "ACL as a service" infra during the plugin init
causes an unnecesary ACL heap allocation and prevents the changing of the ACL heap size
from the startup config.
Defer this registration until just before it is needed - i.e. when applying an ACL to
an interface.
Change-Id: Ied79967596b3b76d6630f136c998e59f8cdad962
Signed-off-by: Andrew Yourtchenko <ayourtch@gmail.com>
Mohsin Kazmi [Thu, 22 Mar 2018 22:45:23 +0000 (23:45 +0100)]
plugin: Add plugin 'default' disable/enable
How to use:
plugins
{
plugin default {disable}
plugin dpdk_plugin.so {enable}
plugin acl_plugin.so {enable}
}
It also preserves the old behavior.
Change-Id: I9901c56d82ec4410e69c917992b78052aa6a99e0
Signed-off-by: Mohsin Kazmi <sykazmi@cisco.com>
Jakub Grajciar [Mon, 26 Mar 2018 09:26:34 +0000 (11:26 +0200)]
libmemif: version 2
Change-Id: Ia2532695aa9199d2a7b684aebef43df0b8235531
Signed-off-by: Jakub Grajciar <jgrajcia@cisco.com>
Damjan Marion [Wed, 7 Feb 2018 21:35:06 +0000 (22:35 +0100)]
Intel Adaptive Virtual Function native device driver plugin
Change-Id: If168a9c54baaa516ecbe78de2141f11c17aa2f53
Signed-off-by: Damjan Marion <damarion@cisco.com>
Florin Coras [Sat, 24 Mar 2018 05:56:43 +0000 (22:56 -0700)]
session: fix local session disconnects
Select the right segment manager for local sessions established via
global table.
Change-Id: I88ad4bf70d0cae160a0c744950098a954dfbc911
Signed-off-by: Florin Coras <fcoras@cisco.com>
Klement Sekera [Fri, 23 Mar 2018 20:54:12 +0000 (21:54 +0100)]
make test: fix DEBUG=gdb/gdbserver options
Change-Id: I5a7fa3b1c247ad5611907db27835724dcd31f575
Signed-off-by: Klement Sekera <ksekera@cisco.com>
Klement Sekera [Thu, 22 Mar 2018 10:50:42 +0000 (11:50 +0100)]
make test: fix ext build on centos
Change-Id: I2b01f73c4b10a230310a65b6f35526818bf4f76d
Signed-off-by: Klement Sekera <ksekera@cisco.com>
Klement Sekera [Wed, 21 Mar 2018 16:48:50 +0000 (17:48 +0100)]
make test: use vpp-dev repo for py-lispnetworking
Change-Id: Ia87d55cad1d466a4cc624f06abbc322cddb5608c
Signed-off-by: Klement Sekera <ksekera@cisco.com>
Klement Sekera [Wed, 21 Mar 2018 16:44:20 +0000 (17:44 +0100)]
allow specifying number of concurrent jobs
If defined, Use MAKE_PARALLEL_JOBS as number of concurrent jobs for
build process instead of the internal calculation based on /proc/cpuinfo.
Change-Id: I18d1f526dc5c156c1cd9c9cf6dbbfd9cb8dbbad7
Signed-off-by: Klement Sekera <ksekera@cisco.com>
Klement Sekera [Fri, 23 Mar 2018 09:50:11 +0000 (10:50 +0100)]
make test: enhance core-file information
Change-Id: I1283960a9a49f6d70b9d7b7793cfb345c22ccdea
Signed-off-by: Klement Sekera <ksekera@cisco.com>
Matthew Smith [Fri, 23 Mar 2018 13:30:16 +0000 (08:30 -0500)]
User session counters stay <= per-user limit
When a user session is allocated/reused, only increase
one of the session counters for that user if the counters
are below the per-user limit.
THis addresses a SEGV that arises after the following
sequence of events:
- an outside interface IP address is put in a pool
- a user exceeds the number of per-user translations by
an amount greater than the number of per-user translations
(nsessions + nstaticsessions > 100 + 100)
- the outside interface IP address is deleted and then added
again (observed when using DHCP client, likely happens if
address changed via CLI, API also)
- the user sends more packets that should be translated
When nsessions is > the per-user limit,
nat_session_alloc_or_recycle() reclaims the oldest existing
user session. When an outside address is deleted, the
corresponding user sessions are deleted. If the counters were
far above the per-user limit, the deletions wouldn't result
in the counters dropping back below the limit. So no session
could be reclaimed -> SEGV.
Change-Id: I940bafba0fd5385a563e2ce87534688eb9469f12
Signed-off-by: Matthew Smith <mgsmith@netgate.com>
Neale Ranns [Fri, 23 Mar 2018 18:53:12 +0000 (11:53 -0700)]
Add client hw address to DHCP offer and ack in test case
Change-Id: Ifc9bb4ea39b504372a6a39bbf56c29761d0c6111
Signed-off-by: Neale Ranns <nranns@cisco.com>
Andrew Yourtchenko [Fri, 23 Mar 2018 14:23:15 +0000 (15:23 +0100)]
acl-plugin: improvements in 'show acl-plugin macip acl' CLI
- allow to optionally specify the specific MACIP ACL index:
'show acl-plugin macip acl [index N]'
- after showing the MACIP ACL, show the sw_if_index of
interface(s) where it is applied.
Also, add some executions of this debug commands
to the MACIP test case for easy verification.
Change-Id: I56cf8272abc20b1b2581b60d528d27a70d186b18
Signed-off-by: Andrew Yourtchenko <ayourtch@gmail.com>
Dave Barach [Fri, 23 Mar 2018 13:52:52 +0000 (09:52 -0400)]
Drop dhcp pkts w/ hardware address mismatches
Add a few dhcp client rx packet/state counters
Temporarily disable the dhcp client unit test, since it trips over the
newly-added hardware address check.
Change-Id: I7f68607e6ed3d738cba357c3fe76664a99b71cd8
Signed-off-by: Dave Barach <dave@barachs.net>
Marco Varlese [Fri, 23 Mar 2018 12:32:50 +0000 (13:32 +0100)]
IPSEC_AH: broken initialization (VPP-1208)
The init-path for IPSEC_AH where the CTX gets initialized is broken
since the for-loop never executes due to the wrong usage of
tm->n_vlib_mains which being subtracted by 1.
Change-Id: I4d967f52cd3ca061aa60d824d65f446e06162403
Signed-off-by: Marco Varlese <marco.varlese@suse.com>
Florin Coras [Fri, 16 Mar 2018 15:48:31 +0000 (08:48 -0700)]
tcp/session: sprinkle prefetches
Change-Id: Idef3c665580c13d72e99f43d16b8b13cc6ab746f
Signed-off-by: Florin Coras <fcoras@cisco.com>
Florin Coras [Fri, 23 Mar 2018 04:24:31 +0000 (21:24 -0700)]
session: allow builtin apps to register names
Change-Id: I4b428e170436671b329657283cf7653befc85c9f
Signed-off-by: Florin Coras <fcoras@cisco.com>
Andrew Yourtchenko [Fri, 23 Mar 2018 11:20:56 +0000 (12:20 +0100)]
acl-plugin: make test: do not use a debug CLI where API can be used
Parsing the list of applied ACLs from the debug CLI output
is not a good idea, since the debug CLI can and will change.
Fix that.
Change-Id: Ia47214863f2658a54219f59cb974b5cbc536f862
Signed-off-by: Andrew Yourtchenko <ayourtch@gmail.com>
Andrew Yourtchenko [Fri, 23 Mar 2018 10:56:23 +0000 (11:56 +0100)]
acl-plugin: set ACL heap within the exported functions that might alloc memory
The functions which get called by other plugins need to set the acl plugin heap,
such that the other plugins do not have to think about it.
Change-Id: I673073f17116ffe444c163bf3dff40821d0c2686
Signed-off-by: Andrew Yourtchenko <ayourtch@gmail.com>
Klement Sekera [Wed, 21 Mar 2018 11:35:51 +0000 (12:35 +0100)]
make test: code cleanup
Change-Id: Ic689de569e5b6e6209d16d6acdb13c489daca1f5
Signed-off-by: Klement Sekera <ksekera@cisco.com>
Matus Fabian [Fri, 23 Mar 2018 10:42:06 +0000 (03:42 -0700)]
NAT44: fix ICMP checksum update crash (VPP-1205)
Change-Id: I3e4bbfe205c86cb0839dd5c542f083dbe6bea881
Signed-off-by: Matus Fabian <matfabia@cisco.com>
Andrew Yourtchenko [Fri, 23 Mar 2018 09:38:46 +0000 (10:38 +0100)]
acl-plugin: make test: add a test which deletes an interface with applied ACL
There was no test coverage for a scenario of an interface having an
ACL and that interface being deleted. Add a basic sanity test which
applies an ACL to an interface and then deletes that interface.
Change-Id: Ib6462e02cf69f1173125ac2481c608f68eb389ac
Signed-off-by: Andrew Yourtchenko <ayourtch@gmail.com>
Andrew Yourtchenko [Fri, 23 Mar 2018 08:34:29 +0000 (09:34 +0100)]
acl-plugin: make test: shuffle applied ACLs as part of the tests
During the testing of
94f9a6de3f706243d138e05b63fef1d5c8174f6c
I realized there was no test coverage for the cases where
the ACLs are added then modified while having beein applied.
This change adds some simple shuffling to l2l3 ACL test set,
whereby after each of the ACLs being applied, a few extra ACLs
are applied at the front and the back of the list, and are changed
several times, the base for the changes being the set of all the
ACEs that are being applied previously.
After these few shuffles, the routine restores the applied ACLs
and proceeds to the test as usual.
Change-Id: Ieda2aa5b7963746d62484e54719309de9c1ee752
Signed-off-by: Andrew Yourtchenko <ayourtch@gmail.com>
Neale Ranns [Wed, 21 Mar 2018 23:34:28 +0000 (16:34 -0700)]
IGMP: coverity fixes and remove checks for scapy IGMPv3
Change-Id: Ic2eddc803f9ba8215e37388a686004830211cf6f
Signed-off-by: Neale Ranns <neale.ranns@cisco.com>
Steven [Fri, 23 Mar 2018 00:46:58 +0000 (17:46 -0700)]
bond: performance enhancement
We were only puting one packet per frame to the output node. Change to
buffer multiple packets per frame. Performance is now on top of dpdk-based
bonding.
Put a spinlock in the tx thread in case the rug is pulled under us.
Change-Id: Ifda5af086a984a7301972cd6c8e428217f676a95
Signed-off-by: Steven <sluong@cisco.com>
Mohsin Kazmi [Thu, 22 Mar 2018 15:07:05 +0000 (16:07 +0100)]
vom: itf: make vhost_user as socket slave
Change-Id: I57b2ec35d9629fb5336c1ccfa4c6c849df118f7b
Signed-off-by: Mohsin Kazmi <sykazmi@cisco.com>
Dave Barach [Thu, 22 Mar 2018 12:15:05 +0000 (08:15 -0400)]
VPP-1204: Fix coverity warning
Change-Id: Iacb32e6e855f7b77108154d956ef27ee141bbde0
Signed-off-by: Dave Barach <dave@barachs.net>
Dave Barach [Thu, 22 Mar 2018 14:54:45 +0000 (10:54 -0400)]
Add circular logging
Change-Id: Ide8bf41e24a427643a3a17b1c9089993790c12a6
Signed-off-by: Dave Barach <dave@barachs.net>
Damjan Marion [Thu, 22 Mar 2018 22:34:06 +0000 (23:34 +0100)]
Revert "acl-plugin: improvement on 'show acl-plugin' CLI"
This reverts commit
378ac0533e5ac8c3121d8f66ba61a8548e55282f.
Change-Id: If34b1c964453adb0e4c44e3eab4f6e306bd9c9e9
Signed-off-by: Damjan Marion <damarion@cisco.com>
Andrew Yourtchenko [Wed, 21 Mar 2018 18:53:39 +0000 (19:53 +0100)]
acl-plugin: implement ACL lookup contexts for "ACL as a service" use by other plugins
This code implements the functionality required for other plugins wishing
to perform ACL lookups in the contexts of their choice, rather than only
in the context of the interface in/out.
The lookups are the stateless ACLs - there is no concept of "direction"
within the context, hence no concept of "connection" either.
The plugins need to include the
The file acl_lookup_context.md has more info.
Change-Id: I91ba97428cc92b24d1517e808dc2fd8e56ea2f8d
Signed-off-by: Andrew Yourtchenko <ayourtch@gmail.com>
Mohsin Kazmi [Thu, 22 Mar 2018 14:46:37 +0000 (15:46 +0100)]
gbp: Add the next node lookup
Change-Id: Ia0f659b810f2c79b1a6c98ce566a86ce413c7448
Signed-off-by: Mohsin Kazmi <sykazmi@cisco.com>
Matus Fabian [Thu, 22 Mar 2018 12:50:47 +0000 (05:50 -0700)]
NAT44: interface output feature and dst NAT (VPP-1200)
Do not translate packet which go out via nat44-in2out-output and was tranlated
in nat44-out2in before. On way back forward packet to nat44-in2out node.
Change-Id: I934d69856f0178c86ff879bc691c9e074b8485c8
Signed-off-by: Matus Fabian <matfabia@cisco.com>
Damjan Marion [Thu, 2 Nov 2017 16:07:59 +0000 (17:07 +0100)]
memif: version 2
In version 1 of the protocol sender was always ring producer and
receiver was consumer. In version 2 slave is always producer,
and in case of master-to-slave rings, slave is responsible for
populating ring with empty buffers.
As this is major change, we need to bump version number.
In addition, descriptor size is reduced to 16 bytes.
This change allows zero-copy-slave operation (to be privided in the separate
patch).
Change-Id: I02115d232f455ffc05c0bd247f7d03f47252cfaf
Signed-off-by: Damjan Marion <damarion@cisco.com>
Signed-off-by: Jakub Grajciar <jgrajcia@cisco.com>
Dave Barach [Tue, 20 Mar 2018 12:49:02 +0000 (08:49 -0400)]
Avoid atomic ops when polling queues
Change-Id: I31c6a0a1d11b5b12d8a5c32c29fea9618b1a53d4
Signed-off-by: Dave Barach <dave@barachs.net>
Mohsin Kazmi [Wed, 21 Mar 2018 14:55:28 +0000 (15:55 +0100)]
vom: l2-emulation: Fix sweep function
Change-Id: I6fdb9e7b718c696f7352541f90026cf60f11338f
Signed-off-by: Mohsin Kazmi <sykazmi@cisco.com>
Damjan Marion [Wed, 21 Mar 2018 21:27:46 +0000 (22:27 +0100)]
udp: make udp encap pool cacheline aligned
This fixes issue with unaligned vector access on gcc-7.
As udp_encap_t is declared as cacheline aligned, alloc also need to be.
Change-Id: Ic30876911baf2c22c135097490075fa7bcf0ca18
Signed-off-by: Damjan Marion <damarion@cisco.com>
Steve Shin [Wed, 21 Mar 2018 18:35:12 +0000 (11:35 -0700)]
acl-plugin: improvement on 'show acl-plugin' CLI
- Show interface on which given MACIP ACL is applied
- index is added for show acl-plugin macip acl:
ex) show acl-plugin macip acl [index N]
Change-Id: I3e888c8e3267060fe157dfc1bbe3e65371bd858a
Signed-off-by: Steve Shin <jonshin@cisco.com>
Steven [Wed, 20 Dec 2017 20:43:01 +0000 (12:43 -0800)]
bond: Add bonding driver and LACP protocol
Add bonding driver to support creation of bond interface which composes of
multiple slave interfaces. The slave interfaces could be physical interfaces,
or just any virtual interfaces. For example, memif interfaces.
The syntax to create a bond interface is
create bond mode <lacp | xor | acitve-backup | broadcast | round-robin>
To enslave an interface to the bond interface,
enslave interface TenGigabitEthernet6/0/0 to BondEthernet0
Please see src/plugins/lacp/lacp_doc.md for more examples and additional
options.
LACP is a control plane protocol which manages and monitors the status of
the slave interfaces. The protocol is part of 802.3ad standard. This patch
implements LACPv1. LACPv2 is not supported.
To enable LACP on the bond interface, specify "mode lacp" when the bond
interface is created. The syntax to enslave a slave interface is the same as
other bonding modes.
Change-Id: I06581d3b87635972f9f0e1ec50b67560fc13e26c
Signed-off-by: Steven <sluong@cisco.com>
Dave Barach [Wed, 21 Mar 2018 17:45:12 +0000 (13:45 -0400)]
VPP_1202: handle DHCP NAK packets
Change-Id: I469a734747099cef2d135d77e4db0244e24bf0bc
Signed-off-by: Dave Barach <dbarach@cisco.com>
Neale Ranns [Tue, 20 Mar 2018 08:47:35 +0000 (01:47 -0700)]
UDP Encap counters
Change-Id: Ib5639981dca0b11b2d62acf2c0963cc95c380f70
Signed-off-by: Neale Ranns <nranns@cisco.com>
Neale Ranns [Wed, 21 Mar 2018 13:44:01 +0000 (09:44 -0400)]
Detailed Interface stats API takes sw_if_index
Change-Id: Id09d777c1706c1d613b14b719bcac596194465cd
Signed-off-by: Neale Ranns <nranns@cisco.com>
Neale Ranns [Wed, 21 Mar 2018 14:19:15 +0000 (10:19 -0400)]
IGMP plugin initialises the FIB/MFIB via ip4 module
Change-Id: If9d7b266c4b49d4e7810ebc7d18fa154532d0322
Signed-off-by: Neale Ranns <nranns@cisco.com>
Matus Fabian [Tue, 20 Mar 2018 11:31:42 +0000 (04:31 -0700)]
NAT44: fix removal of LB static mappings with same local address and port pair (VPP-1199)
Change-Id: Iad8c626e83bbc58d5c85b6736f5a3dd5bc9ceafb
Signed-off-by: Matus Fabian <matfabia@cisco.com>
Klement Sekera [Thu, 22 Feb 2018 10:41:12 +0000 (11:41 +0100)]
reassembly: feature/concurrency
This change makes ip reassembly an interface feature, while adding
concurrency support. Due to this, punt is no longer needed to test
reassembly.
Change-Id: I467669514ec33283ce935be0f1dd08f07684f0c7
Signed-off-by: Klement Sekera <ksekera@cisco.com>
Neale Ranns [Wed, 21 Feb 2018 12:57:17 +0000 (04:57 -0800)]
FIB Interpose Source
The interpose source allows the source/provider to insert/interpose
a DPO in the forwarding chain of the FIB entry ahead of the forwarding
provided by the next best source. For example if the API source (i.e
the 'control plane') has provided an adjacency for forwarding, then
an interpose source (e.g. a monitoring service) couold interpose a
replicatte DPO to copy the traffic to another location AND forward
using the API's adjacency.
To use the interose feature an existing source (i.e FIB_SOURCE_PLUGIN_HI)
cn specifiy as a flag FIB_ENTRY_FLAG_INTERPOSE and provide a DPO to
interpose. One might also consider using interpose in conjunction with
FIB_ENTRY_FLAG_COVER_INHERIT to ensure the interpose object affects
all prefixes in the sub-tree.
Change-Id: I8b2737b985f8f7c08123406d0491881def347b52
Signed-off-by: Neale Ranns <nranns@cisco.com>
Steve Shin [Mon, 19 Mar 2018 18:36:10 +0000 (11:36 -0700)]
Fix Allow ARP packets for dot1q interface with MACIP enabled
ARP packets need to be allowed for dot1q interface when MACIP is enabled.
Change-Id: I33dd3cb6c6100c49420d57360a277f65c55ac816
Signed-off-by: Steve Shin <jonshin@cisco.com>
Dave Wallace [Mon, 19 Mar 2018 14:38:00 +0000 (10:38 -0400)]
VCL: Fix Coverity CID183003
*** CID 183003: Program hangs (LOCK)
/src/vcl/vppcom.c: 2988 in vppcom_session_accept()
Change-Id: I123b73198d305fb0226516942caa410d3647a6bc
Signed-off-by: Dave Wallace <dwallacelf@gmail.com>
Code Review / vpp.git / log