9460 Commits

Author SHA1 Message Date
Mohsin Kazmi
a7a2281732 virtio: remove kernel virtio header dependencies
Type: refactor

tap, virtio and vhost use virtio/vhost header files from linux
kernel. Different features are supported on different kernel
versions, making it difficult to use those in VPP. This patch
removes virtio/vhost based header dependencies to local header
files.

Change-Id: I064a8adb5cd9753c986b6f224bb075200b3856af
Signed-off-by: Mohsin Kazmi <sykazmi@cisco.com>
2020-09-04 13:34:20 +00:00
Matthew Smith
f1cd3da20f vrrp: improve RFC compliance for ARP/ND
Type: fix

The ARP/ND feature nodes reply to requests for a VR virtual IP address
when a VR is in the master state. If the VR is in the backup state, the
request is passed to the next node on the feature arc.

This can cause an incorrect response to be sent. If some other feature
(e.g. NAT) causes a virtual IP address to be configured as a "local"
address on the system, a later node on the feature arc may respond to
an ARP/ND request with the real MAC address of the interface.

RFC 5798 says that a router must respond to ARP/ND requests for VR
virtual IP addresses with the VR virtual MAC address. And it says a
router must not respond to ARP/ND requests for VR virtual IP addresses
when the VR is in the backup state. Ensure that ARP/ND requests for
VR virtual IP addresses are dropped when in the backup state rather
than allowing them to continue on the feature arc where another node
may end up responding.

In order to do this, enable/disable the feature nodes when leaving
or entering the init state instead of the master state.

Change-Id: I416f83e125cbf91deb90c3b6eb00ba3207de24ad
Signed-off-by: Matthew Smith <mgsmith@netgate.com>
2020-09-04 12:55:42 +00:00
Damjan Marion
0be1b764a3 buffers: improve cache occupancy
Adjust buffer allocation so it always have odd number of cache lines.
That should result in better distribution of cachelines among cache sets.

Type: improvement
Change-Id: I0d39d4cf01cff36ad6f70a700730823a96448c22
Signed-off-by: Damjan Marion <damarion@cisco.com>
2020-09-04 12:45:46 +00:00
Christian Hopps
93a7f63943 dpdk-ipsec: use init function instead of one-time process
Use VLIB_MAIN_LOOP_ENTER_FUNCTION to do post init initialization for
dpdk crypto rather than create a one-time process to do the same.

Type: fix
Signed-off-by: Christian Hopps <chopps@labn.net>
Change-Id: I06e480b028c8e1fc1b0024a66b2338eb21a797ca
2020-09-04 12:40:54 +00:00
Nathan Skrzypczak
5cd626eb1e vpp: Fix node APIs
Type: fix

Change-Id: Ic6e2b7e05b50945a8e2222019c2942a6ee52e465
Signed-off-by: Nathan Skrzypczak <nathan.skrzypczak@gmail.com>
2020-09-04 12:14:51 +00:00
Christian Hopps
942b9803f8 dpdk-ipsec: fix show output
Fix the shown crypto inflight counts which were reversed. Also improve a
couple error descriptions to tell them apart when viewed.

Type: fix
Signed-off-by: Christian Hopps <chopps@labn.net>
Change-Id: I6d4054c64aa842658cfcde8969c7aa48f6d21207
2020-09-04 12:12:57 +00:00
Christian Hopps
d570e53c74 ipsec: fix trace of GRE_teb packets
The issue is not easily hit. When GRE_teb packets are received the post
crypto processing adjusts the l2.l2_len value in the vnet_buffer opaque
data. This is overwriting the ipsec opaque data. Later the trace code
fetches the sa_index from the ipsec opaque data. It's just an accident
that this currently works, if the ipsec data is changed so that the
sa_index moves around it will be overwritten by the l2_len modification.
Indeed, this was found b/c local development changes had moved the
sa_index so it was over-lapping with the l2_len memory space, and the UT
failed.

Type: fix
Change-Id: Iaecfa750cf0b36653fd9e75b4d799f323a14d932
Signed-off-by: Christian Hopps <chopps@labn.net>
2020-09-04 11:56:06 +00:00
Christian Hopps
99975388a2 ipsec: cli: add missing flags for SA add
Add missing cli options for setting IPsec SA flags, inbound,
use-anti-replay, and use-esn.

Type: fix
Change-Id: Ia7a91b4b0a12be9e4dd0e684be3e04d8ccafb9d4
Signed-off-by: Christian Hopps <chopps@labn.net>
2020-09-04 11:40:45 +00:00
Zhiyong Yang
5e52417a2a ip: enhance vtep4_check of tunnel by vector way
This patch aims to improve decap performance by reducing expensive
hash_get callings as less as possible using AVX512 on XEON.
e.g. vxlan, vxlan_gpe, geneve, gtpu.

For the existing code, if vtep4 of the current packet match the last
vtep4_key_t well, expensive hash computation can be avoided and the
code returns directly.

This patch improves tunnel decap multiple flows case greatly by
leveraging 512bit vector register on XEON accommodating 8 vtep4_keys.
It enhances the possiblity of avoiding unnecessary hash computing
once hash key of the current packet hits any one of 8 in the 512bit
cache.

The oldest element in vtep4_cache_t is updated in round-robin order.

vlib_get_buffers is also leveraged in the meanwhile.

Type: improvement

Signed-off-by: Zhiyong Yang <zhiyong.yang@intel.com>
Signed-off-by: Ray Kinsella <mdr@ashroe.eu>
Signed-off-by: Junfeng Wang <drenfong.wang@intel.com>
Change-Id: I313103202bd76f2dd638cd942554721b37ddad60
2020-09-04 02:34:03 +00:00
Christian Hopps
4a433f4608 api: fix ipsec custom_dump function
The protocol value was changed to 50 and 51 (rather than 0 and 1), but
the custom_dump function wasn't updated to reflect this. Also the is_add
value wasn't being shown. Fix both these issues.

Type: fix
Change-Id: I429b4616d6c7937f73308b644154370fab32eaae
Signed-off-by: Christian Hopps <chopps@labn.net>
2020-09-03 22:53:34 +00:00
Christian Hopps
4d56b18ce5 misc: l2tp: cli: fix overly generic CLI commands
"clear counters" is not appropriate for a protocol to own. Change
to "clear l2tp counters" (and "test l2tp counter").

Type: fix
Signed-off-by: Christian Hopps <chopps@labn.net>
Change-Id: I3faac3907c4697c1c95df34ac7d31e48063869a8
2020-09-03 22:51:24 +00:00
Christian Hopps
1da08197eb vlib: exit 0 (nocore) on SIGHUP
Scenarios where SIGHUP is sent would include the user closing an xterm
while in interactive/nodaemon mode, or similarly when running vpp in the
same mode during testing (e.g., using ssh to run VPP on a DUT). VPP
should exit in these cases; however, generating a core is unwanted.

Type: fix
Signed-off-by: Christian Hopps <chopps@labn.net>
Change-Id: Ibccfe5e676547e913c8a205ff16ab56d9abb1c82
2020-09-03 22:50:13 +00:00
Nathan Skrzypczak
0c936b147f crypto: Add async crypto APIs
Type: feature

This adds api calls for the following CLIs:
* set sw_scheuduler worker <N> crypto on|off
* set crypto async dispatch polling|interrupt
* set crypto handler
* set crypto async handler

Change-Id: Ic701d149c440e42ea4575da42b9f69e4c8759602
Signed-off-by: Nathan Skrzypczak <nathan.skrzypczak@gmail.com>
2020-09-03 16:49:19 +02:00
PiotrX Kleski
2284817eae crypto: SW scheduler async crypto engine
Type: feature

This patch adds new sw_scheduler async crypto engine.
The engine transforms async frames info sync crypto ops and
delegates them to active sync engines. With the patch it
is possible to increase the single worker crypto throughput
by offloading the crypto workload to multiple workers.

By default all workers in the system will attend the crypto
workload processing. However a worker's available cycles
are limited. To avail more cycles to one worker to process
other workload (e.g. the worker core that handles the RX/TX
and IPSec stack processing), a useful cli command is added
to remove itself (or add it back later) from the heavy
crypto workload but only let other workers to process the
crypto. The command is:

 - set sw_scheduler worker <idx> crypto <on|off>

It also adds new interrupt mode to async crypto dispatch node.
This mode signals the node when new frames are enqueued
as opposed to polling mode that continuously calls dispatch node.

New cli commands:
 - set crypto async dispatch [polling|interrupt]
 - show crypto async status (displays mode and nodes' states)

Signed-off-by: PiotrX Kleski <piotrx.kleski@intel.com>
Signed-off-by: DariuszX Kazimierski <dariuszx.kazimierski@intel.com>
Reviewed-by: Fan Zhang <roy.fan.zhang@intel.com>
Change-Id: I332655f347bb9e3bc9c64166e86e393e911bdb39
2020-09-03 14:23:51 +00:00
Florin Coras
56230097e2 vcl: handle svm fifo write failure
Type: fix

Signed-off-by: Florin Coras <fcoras@cisco.com>
Change-Id: I4b132cad8ff906ef24846cc43935ccfd6aa7b4ec
2020-09-02 20:52:58 -07:00
Florin Coras
67fe778546 tcp: fix connection refused error
Type: fix

Signed-off-by: Florin Coras <fcoras@cisco.com>
Change-Id: I436741e061f11685980a71fb3989befc7af1e081
2020-09-02 17:54:31 +00:00
Filip Varga
6484f4b9cb nat: twice-nat static mapping pool address
Let twice-nat static mapping pick specific
address from the twice-nat pool.

Type: improvement

Change-Id: Iadaa036af2fa3b0e6e9a68ff6e68b4bbe1650eb1
Signed-off-by: Filip Varga <fivarga@cisco.com>
2020-09-02 16:42:41 +00:00
Neale Ranns
42845dd56e fib: IPv6 lookup data structure MP safe when prefixes change
Type: fix

adding routes should be MP safe. When new prefixes with differrent
prefix lengths are added, adjust the sorted list in an MP safe way.

Change-Id: Ib73a3c84d01eb86d17f8e79ea2bd2505dd9afb3d
Signed-off-by: Neale Ranns <nranns@cisco.com>
2020-09-02 16:09:42 +00:00
yedg
f6698d2674 fib: fix ADJ_NBR_ITF_OK param error
Type: fix
Signed-off-by: yedonggang <yedg@wangsu.com>
Change-Id: I3bf67070ed01df40626f3b90f2762158b6c3ce05
2020-09-02 16:07:24 +00:00
Steven Luong
ea7178631e bonding: add bond_create2 API to include gso option
gso option is available for the debug CLI version of bond create.
This patch is to create a new API to have the corresponding option in
the binary API. The old binary API bond_create is marked deprecated.

Type: improvement

Signed-off-by: Steven Luong <sluong@cisco.com>
Change-Id: Id9501b8e6d267ae09e2b411957f181343da459c0
2020-09-02 14:47:28 +00:00
Florin Coras
8ccea00339 session: fix non-blocking msg enqueue to vpp mq
Type: fix

Signed-off-by: Florin Coras <fcoras@cisco.com>
Change-Id: I7228a01d38e61cc00358419b2512ca0da4f76ff5
2020-09-02 14:28:19 +00:00
Yulong Pei
2e84d66554 ipsec: add ipsec set async mode api
Type: improvement

Signed-off-by: Yulong Pei <yulong.pei@intel.com>
Change-Id: I841f4407ed8c1a448e5102059fc79ae1f7d461de
2020-09-02 13:09:10 +00:00
Benoît Ganne
7d4a997ea1 misc: fix pcap [rx|tx|drop] filename stem overflow
Type: fix

Change-Id: I2b6b7b6f28cbf7accf883743e390b0031dd13bbb
Signed-off-by: Benoît Ganne <bganne@cisco.com>
2020-09-02 13:02:02 +00:00
Mohsin Kazmi
a1a2246eab tap: add the static assert for api flags
Type: improvement

Signed-off-by: Mohsin Kazmi <sykazmi@cisco.com>
Change-Id: Ia1276d00dded36ee28b4b2e93b4cc7c1df6b1eef
2020-09-02 12:00:31 +00:00
Mohsin Kazmi
518251bc8a virtio: add virtio 1.1 api flags
Type: feature

Signed-off-by: Mohsin Kazmi <sykazmi@cisco.com>
Change-Id: I95d7fc1cc8db5199570c66535f45e867a7cae676
2020-09-02 11:50:00 +00:00
jiangxiaoming
9f1dbd20b3 build: Fix 'make build VPP_EXTRA_CMAKE_ARGS=-DVPP_ENABLE_SANITIZE_ADDR=ON' error on Centos 7
Type: fix

Signed-off-by: jiangxiaoming <jiangxiaoming@outlook.com>
Change-Id: Ic47f5e8627923c951333c70004850b53ed4cab06
2020-09-02 10:02:50 +00:00
Mohsin Kazmi
50bd165599 tap: add virtio 1.1 API flag
Type: feature

Signed-off-by: Mohsin Kazmi <sykazmi@cisco.com>
Change-Id: I3e00deb94943c545d1649865b2efdf7d51b90f4d
2020-09-02 08:48:58 +00:00
Artem Glazychev
1b6ed022e7 crypto-openssl: add chacha20-poly1305 to crypto-openssl
Type: feature

Signed-off-by: Artem Glazychev <artem.glazychev@xored.com>
Change-Id: Iec28fb11b6edff1bee23117f56aa3a3e5729541a
Signed-off-by: Damjan Marion <damarion@cisco.com>
2020-09-01 19:12:22 +00:00
Mohsin Kazmi
0a507d7cd5 virtio: fix the bar starting index
Type: fix

Change-Id: Ia28161b583ea26ab820a494332a79b64add7004d
Signed-off-by: Mohsin Kazmi <sykazmi@cisco.com>
2020-09-01 18:18:48 +02:00
Mohsin Kazmi
c79d735362 virtio: fix the NULL deference
Type: fix

Change-Id: I8d55c2bfdd3c4607044370ebabf40cbac78b4996
Signed-off-by: Mohsin Kazmi <sykazmi@cisco.com>
2020-09-01 17:47:36 +02:00
Mohsin Kazmi
c96e64b617 virtio: fix the error return
Type: fix

Change-Id: I12b08333f3f69aaa882e8801f4f69bca2d7bd558
Signed-off-by: Mohsin Kazmi <sykazmi@cisco.com>
2020-09-01 17:47:29 +02:00
Aloys Augustin
b6e211ad3b misc: fix uninitialized use warnings with gcc-{8,9}
Change-Id: I4930c3c2a8025ec9ceb17e994137be67d88d455f
Type: fix
Signed-off-by: Aloys Augustin <aloaugus@cisco.com>
2020-09-01 15:22:32 +00:00
Ole Troan
6006ca8571 vppapigen: supports backwards compatible marking of enums
enum bar_enum {
  BAR1 = 0,
  BAR2,
  BAR3 [backwards_compatible],
  BAR4 = 9 [backwards_compatible],
};

This allows adding backwards compatible (as guaranteed by the developer) enums.
The enums marked backwards compatible are not considered in the CRC calculation.

Type: improvement
Change-Id: I6fc0c21b19e1a02cff7f5d279a0f3a32d2f8b630
Signed-off-by: Ole Troan <ot@cisco.com>
2020-09-01 15:10:09 +00:00
Artem Glazychev
61f49aa38e crypto: add chacha20-poly1305 algo
Type: feature

Signed-off-by: Artem Glazychev <artem.glazychev@xored.com>
Change-Id: I3697cf7fab7abb7c3d2f61ef326c9116bc1eed66
2020-09-01 14:07:39 +02:00
Benoît Ganne
6e334e3e77 ip: fix ip zero checksum verification
In one's complement, there are two representations of zero: the all
zero and the all one bit values, often referred to as +0 and -0. See
RFC 1624 section 3 for more details.
This used to be taken care of in ip4_header_checksum(), but it is no
longer the case. The check ip->checksum == ip4_header_checksum (ip) is
no longer correct in the -0 case.
Always use ip4_header_checksum_is_valid() instead (which behaves
correctly since 9a79a1ab931c3b5a7ae07d6f0fcfef7c4368a2c4).

Type: fix
Fixes: e5f0050c7a5d411f96af6401797529d58825e2af

Change-Id: Iacc6b60645a834287b085aecb9e3fdb4554cf0cf
Signed-off-by: Benoît Ganne <bganne@cisco.com>
2020-09-01 12:03:27 +00:00
jiangxiaoming
1d104c5ecd dpdk: fix mac address length was wrong
Type: fix

Signed-off-by: jiangxiaoming <jiangxiaoming@outlook.com>
Change-Id: I87c6f423ea8fdd9fb764693055eb1509f994d6f1
2020-09-01 12:01:56 +00:00
Benoît Ganne
faec38f3e1 fib: detect wrong adj neighbour bugs
Type: improvement

Change-Id: Ie063ee0a0c59a9ad632200ce2b23703bc0d936e6
Signed-off-by: Benoît Ganne <bganne@cisco.com>
2020-09-01 11:43:13 +00:00
Benoît Ganne
4069f41c6e mpls: fix adjacencies walk in case of restack
Adjacencies are only defined for IPv4 and IPv6.

Type: fix
Fixes: 20aec3db441074ee5a861a40d6e02fad2f3dcb37

Change-Id: I19b2b7f6958da49f41c6eabc9f248840769acbbb
Signed-off-by: Benoît Ganne <bganne@cisco.com>
2020-09-01 11:42:37 +00:00
Nathan Skrzypczak
7be474635d vppinfra: Fix bihash coverity warning
Type: fix

Hitting a code not reachable when setting
BIHASH_KVP_AT_BUCKET_LEVEL = 1

Change-Id: I24d539df67ae7650a3b1969f5709a6f7366d786b
Signed-off-by: Nathan Skrzypczak <nathan.skrzypczak@gmail.com>
2020-09-01 11:19:34 +00:00
Nathan Skrzypczak
369e4e56e2 cnat: Fix typo in ts handling
Type: fix

Change-Id: I5287f6326726780c09e515eede0992bafb413bb2
Signed-off-by: Nathan Skrzypczak <nathan.skrzypczak@gmail.com>
2020-09-01 11:18:23 +00:00
Damjan Marion
9a79a1ab93 ip: improve ip4_header_checksum_is_valid
It is cheaper to include checksum field in calculation and simply
compare result with zero.

Type: improvement

Change-Id: I6f77632c0a4d2f2c632d044d3a5d2fcf2b5bac62
Signed-off-by: Damjan Marion <damarion@cisco.com>
2020-09-01 06:56:26 +00:00
Klement Sekera
edc816355a nat: fix type in api message
Translation memory size is internally a uword, but in api it was u32,
resulting in the returned value being 0 all the time.

Fix the "incorrect" API reply to return a u32 capped to 0xffffffff if
the u64 is larger than that, introduce the message with
the correct type, deprecate the message with the incorrect type.

Also, while we are updating the message definition,
add the max translations / max users per worker thread
into the new message.

Type: fix
Signed-off-by: Klement Sekera <ksekera@cisco.com>
Change-Id: I92e38a6a2bcb70fc8d1b129bbe416bf7f9e54280
Signed-off-by: Andrew Yourtchenko <ayourtch@gmail.com>
2020-08-31 21:52:42 +00:00
Vladimir Isaev
b59095f830 vlib: extend telnet protocol guard
There is a number of TERMs with big length, such as
'screen.konsole-256color' (23). These TERMs can not
be processed properly by vpp because maximum telnet
byte stream supported is 24 and we need 6 more service
bytes to send TTYPE.

So I extended maximum depth guard to 32.

Type: fix
Signed-off-by: Vladimir Isaev <visaev@netgate.com>
Change-Id: I9ca506996a97e9567d06483c5f020d6cc394329c
2020-08-31 20:43:34 +00:00
Damjan Marion
90d05bc7fb vppinfra: convert A_extend_to_B to B_from_A format of vector inlines
Make it shorter and same format when converting to biggor or smaller
types.

Type: refactor

Change-Id: I443d67e18ae65d779b4d9a0dce5406f7d9f0e4ac
Signed-off-by: Damjan Marion <damarion@cisco.com>
2020-08-31 18:46:21 +00:00
Ray Kinsella
f9c8fe4128 vpp_config: update node variants to skx and icl
Node variant names have changed to skx and icl.

Type: fix

Signed-off-by: Ray Kinsella <mdr@ashroe.eu>
Change-Id: I5be832aa59e4e440df53869077d801c011e3defa
2020-08-31 18:17:20 +00:00
Jieqiang Wang
c8833b2191 ip: fix compiling error with gcc-10
Building VPP using gcc-10 fails because of the array bounds check
error for function ip4_header_checksum(), with option field in IPv4
header exceeding the ip4_header_t bound. Fix this error by turning
off the array bounds check option for function ip4_header_checksum().

Change-Id: I68cc241ae9e403d35ac2e320549506dc6565a0b6
Type: fix
Signed-off-by: Jieqiang Wang <jieqiang.wang@arm.com>
2020-08-31 18:15:51 +00:00
Benoît Ganne
4a76d6f6da af_xdp: AF_XDP input plugin
Type: feature

Change-Id: I85aa4ad6b68c1aa0e51938002dc691a4b11c545c
Signed-off-by: Damjan Marion <damarion@cisco.com>
Signed-off-by: Benoît Ganne <bganne@cisco.com>
2020-08-31 17:16:56 +00:00
Mohammed Hawari
bfed7c047d rdma: bugfix in the descriptor refill logic. In case of a partial allocation, the remainder modulo 8 must be returned to the pool so that the number of kept buffers is a multiple of 8.
Type: fix
Change-Id: Ifd97b03ea220300e7e6fe81a8ff4a25060fea6c1
Signed-off-by: Mohammed Hawari <mohammed@hawari.fr>
2020-08-31 17:16:38 +00:00
jiangxiaoming
dfb30d9d30 session: format app_ns_name with %v rather than %s
Type: fix

Signed-off-by: jiangxiaoming <jiangxiaoming@outlook.com>
Change-Id: Ie29dec803aa4ee02755190b09573c23f9b5f0ada
2020-08-31 16:35:49 +00:00
Chenmin Sun
34bfa50b61 flow: code refactor
This is the code refactor for vnet/flow infra and the dpdk_plugin flow
implementation. The main works of the refactor are:
1. Added two base flow type: VNET_FLOW_TYPE_IP4 and VNET_FLOW_TYPE_IP6
   as the base the flow type
2. All the other flows are derived from the base flow types
3. Removed some flow types that are not currently supported by
   the hardware, and VPP won't leverage them either:
   IP4_GTPU_IP4, IP4_GTPU_IP6, IP6_GTPC, IP6_GTPU,
   IP6_GTPU_IP4, IP6_GTPU_IP6
4. Re-implemented the vnet/flow cli as well as the dpdk_plugin
   implementation
5. refine cli prompt
6. refine display info in command "show flow entry"

Type: refactor

Signed-off-by: Chenmin Sun <chenmin.sun@intel.com>
Change-Id: Ica5e61c5881adc73b28335fd83e36ec1cb420c96
2020-08-31 12:14:03 +00:00