The code path which sets the sw_if_index aimed to restrict the output
did not set the flag to trigger that output.
Change-Id: I0a1a3977fdddbce9a276960df43fed745d099ca0
Signed-off-by: Andrew Yourtchenko <ayourtch@gmail.com>
The logic to print the line " output " is wrong for the case of n_input == 0,
and the applied ACLs are printed as if they were applied on input.
One may still figure out the truth by looking at the n_input value above,
but it is confusing.
Change-Id: I7b4a4d548e569994678dd1e139eb829456548b88
Signed-off-by: Andrew Yourtchenko <ayourtch@gmail.com>
re-enable l2 fib flush tests
reorder l2bd multi instance tests - move flags test as last
enabling of uu-flood will now flood when entry is stale
Change-Id: I052663ec3eb4acee5f296fb7525dd535924e0003
Signed-off-by: Eyal Bari <ebari@cisco.com>
l2_classify memeber table_index was overlaid over l2.l2fib_seq_num
which over written when table_index gets initialized in l2_input_classify
solved by overlaying both table_index and opaque_index as only one is used
seperated l2fib seq num from l2_input configs
for better handling of theoretical ABA issue where an entry for a deleted
interface is considered valid by the ager because a different interface with
same sw_if_index and seq_num was created before the ager got a chance to delete
Change-Id: I7b0eeded971627406f1c80834d7e02c0ebe62136
Signed-off-by: Eyal Bari <ebari@cisco.com>
In IP mode memif interface is L3 point-to-point interfaces and
we don't pass l2 header. There is no l2 header rewrite operation and
received packets are sent straight to ip4-input / ip6-input nodes.
Change-Id: I4177f3fce3004da7ecf14d235006ae053fcf3f09
Signed-off-by: Damjan Marion <damarion@cisco.com>
Add a bihash-based ACL lookup mechanism and make it a new default.
This changes the time required to lookup a 5-tuple match
from O(total_N_entries) to O(total_N_mask_types), where
"mask type" is an overall mask on the 5-tuple required
to represent an ACE.
For testing/comparison there is a temporary debug CLI
"set acl-plugin use-hash-acl-matching {0|1}", which,
when set to 0, makes the plugin use the "old" linear lookup,
and when set to 1, makes it use the hash-based lookup.
Based on the discussions on vpp-dev mailing list,
prevent assigning the ACL index to an interface,
when the ACL with that index is not defined,
also prevent deleting an ACL if that ACL is applied.
Also, for the easier debugging of the state, there are
new debug CLI commands to see the ACL plugin state at
several layers:
"show acl-plugin acl [index N]" - show a high-level
ACL representation, used for the linear lookup and
as a base for building the hashtable-based lookup.
Also shows if a given ACL is applied somewhere.
"show acl-plugin interface [sw_if_index N]" - show
which interfaces have which ACL(s) applied.
"show acl-plugin tables" - a lower-level debug command
used to see the state of all of the related data structures
at once. There are specifiers possible, which make
for a more focused and maybe augmented output:
"show acl-plugin tables acl [index N]"
show the "bitmask-ready" representations of the ACLs,
we well as the mask types and their associated indices.
"show acl-plutin tables mask"
show the derived mask types and their indices only.
"show acl-plugin tables applied [sw_if_index N]"
show the table of all of the ACEs applied for a given
sw_if_index or all interfaces.
"show acl-plugin tables hash [verbose N]"
show the 48x8 bihash used for the ACL lookup.
Change-Id: I89fff051424cb44bcb189e3cee04c1b8f76efc28
Signed-off-by: Andrew Yourtchenko <ayourtch@gmail.com>
Add optional keywords to show memif to allow display a particular
interface and option to display the descriptor tables. The new syntax for
the show memif command is now
show memif [<interface>] [descriptors]
Change-Id: I20696bbea1142bdc152b6e351c6ece24b1cf5500
Signed-off-by: Steven <sluong@cisco.com>
Current memif interface supports frame size up to 2048. This patch is to
enhance memif to support jumbo frames.
On tx (writing buffers to the ring), keep reading the next buffer in vlib
when the flag VLIB_BUFFER_NEXT_PRESENT and merge it to the same ring entry.
Use descriptor chaining if the buffer is not big enough.
On rx (reading buffers from the ring), if the packet is greater than 2048,
create multiple vlib buffers, chained with the VLIB_BUFFER_NEXT_PRESENT.
Testing:
Because the ping command provided by VPP does not support jumbo frames,
I have to use linux ping. Here is the set up that I use for testing.
VM1 --- vhost ---- VPP1 --- memif --- VPP2 --- vhost --- VM2
Create vhost-user interfaces between VM1 and VPP1 and between VPP2 and VM2
VM configuration:
Set the interface mtu on the VM, e.g 9216 to support jumbo frames.
create static route and static arp on VM1 to VM2 and vice versa.
Use iperf3 or ping -s 8000 from VM1 to VM2 or vice versa.
Sample run
sluong@ubuntu:~$ ping 131.1.1.1 -c1 -s 8000
ping 131.1.1.1 -c1 -s 8000
PING 131.1.1.1 (131.1.1.1) 8000(8028) bytes of data.
8008 bytes from 131.1.1.1: icmp_seq=1 ttl=62 time=0.835 ms
--- 131.1.1.1 ping statistics ---
1 packets transmitted, 1 received, 0% packet loss, time 0ms
rtt min/avg/max/mdev = 0.835/0.835/0.835/0.000 ms
sluong@ubuntu:~$
DBGvpp# sh interface memif0
Name Idx State Counter Count
memif0 1 up rx packets 1
rx bytes 8042
tx packets 1
tx bytes 8042
ip4 1
DBGvpp#
Change-Id: I469bece3d45a790dceaee1d6a8e976bd018feee2
Signed-off-by: Steven <sluong@cisco.com>
A bihash-per-interface is convenient, but turns out tricky difficult from
the maintenance standpoint with the large number of interfaces.
This patch makes the sessions reside in a single hash table for all the interfaces,
adding the lower 16 bit of sw_if_index as part of the key into the previously
unused space.
There is a tradeoff, that a session with an identical 5-tuple and the same
sw_if_index modulo 65536 will match on either of the interfaces.
The probability of that is deemed sufficiently small to not worry about it.
In case it still happens before the heat death of the universe,
there is a clib_warning and the colliding packet will be dropped,
at which point we will need to bump the hash key size by another u64,
but rather not pay the cost of doing that right now.
Change-Id: I2747839cfcceda73e597cbcafbe1e377fb8f1889
Signed-off-by: Andrew Yourtchenko <ayourtch@gmail.com>
The previous iteration of the code used the L2 classifier tables for session storage,
as a result, the table allocations were pretty big. The new ACL plugin
datapath uses the tables just as a redirection mechanism, without adding any
entries. Thus, the tables can be much smaller.
Change-Id: Ieec4a5abf0abda6e513ab4e675f912f14d47e671
Signed-off-by: Andrew Yourtchenko <ayourtch@gmail.com>
Best guess, tested carefully, should do no harm. Clang doesn't
complain either way; it's not certain that this patch will make the
coverity warnings in tw_timer_template.c disappear.
Change-Id: I75aa0cfd8970751e823a1165df2a755e947c4cf9
Signed-off-by: Dave Barach <dave@barachs.net>
l2_len was not updated for the third tag
as the ethernet node retracts by the vlan count after parse_header (using
ethernet_buffer_header_size) it ends up pointing before the ethernet header
+ some minor cleanups
Change-Id: I4ccaedd33928912e5d837376f146503b27071741
Signed-off-by: Eyal Bari <ebari@cisco.com>
after deleting a sub interface it's l2fib entries are left with a dangling
sw_if_index (while waiting for the ager to delete them).
changed "show l2fib" to reflect that state with "Deleted" as the interface name.
added sleep in test_l2_fib as a workaround for packets still passing after flush
will investigate...
Change-Id: Id998d7d3c6a073ef5005c5f3009e1cfb7febf7db
Signed-off-by: Eyal Bari <ebari@cisco.com>
prep work for s/timing_wheel/tw_timer/ in the vlib process model
Change-Id: I763f4968a8fce1764a3778b12def0afbd30086b1
Signed-off-by: Dave Barach <dave@barachs.net>
- update of CSIT operational branch to be used for VPP-patch test
Change-Id: I0e19f085153ca00ddb46e016cff742b42eca15a0
Signed-off-by: Jan Gelety <jgelety@cisco.com>
crc_u32 was not defined for non x86_64 with SSE4.2 processors.
Calls to "crc_u32" are removed and replaced by either a call to
clib_crc32c or a call to clib_xxhash, as the result is not used
as a check value but as a hash.
Change-Id: I3af4d68e2e5ebd0c9b0a6090f848d043cb0f20a2
Signed-off-by: Christophe Fontaine <christophe.fontaine@enea.com>
- refactor existing congestion control code (RFC 6582/5681). Handling of ack
feedback now consists of: ack parsing, cc event detection, event handling,
congestion control update
- extend sack scoreboard to support sack based retransmissions
- basic implementation of Eifel detection algorithm (RFC 3522) for
detecting spurious retransmissions
- actually initialize the per-thread frame freelist hash tables
- increase worker stack size to 2mb
- fix session queue node out-of-buffer handling
- ensure that the local buffer cache vec_len matches reality
- avoid 2x spurious event requeues when short of buffers
- count out-of-buffer events
- make the builtin server thread-safe
- fix bihash template threading issue: need to paint -1 across uninitialized
working_copy_length vector elements (via rebase from master)
Change-Id: I646cb9f1add9a67d08f4a87badbcb117980ebfc4
Signed-off-by: Florin Coras <fcoras@cisco.com>
Signed-off-by: Dave Barach <dbarach@cisco.com>
Added some user documentation to sample plugin.
Change-Id: I518910f80499307e8fcac8dcef7baaeab5ea8e35
Signed-off-by: Ray Kinsella <ray.kinsella@intel.com>
