If one is not selected by the user, the next available id
will be allocated, thus maintaining backward compatibility.
Change-Id: I4691ed0638b8072f9cfa9f20b9fe4f981e708800
Signed-off-by: Jon Loeliger <jdl@netgate.com>
The thread0 in some configurations can handle the traffic.
Some of the previous fixes accomodated for that, but
the interrupt sending for connection clearing
was not adapted to that, resulting in a deadlock
during clearing of all connections...
Change-Id: I32b4c7bac09c91c22b796baab843bdaf41f7045c
Signed-off-by: Andrew Yourtchenko <ayourtch@gmail.com>
(VPP-1085)
The NEON implementation searches particular address in
VHOST_MEMORY_MAX_NREGIONS regions. Searching two regions at a
time.
Change-Id: Icc3c6746bc98e3a1fa71424e51b64f62efbfdc74
Signed-off-by: Nitin Saxena <nitin.saxena@cavium.com>
In multi-worker cases, af-packet tx was subject to a pretty
serious race condition as the device lock was obtained
after some queue values were read from queue.
Result could go from packet loss to queue inconsistency, leading
to tx being stuck for 'some time'.
The fix is really simple. Finding the problem was not...
Change-Id: Ib18967b7459a8609428a56de934c577cea87b165
Signed-off-by: Pierre Pfister <ppfister@cisco.com>
For implementation of MACIP ACLs enhancement (VPP-1088), an outbound
classifier-based ACL would be needed. There was an existing incomplete
code for outbound ACLs, it looked almost exact copy of input ACLs, minus
the various enhancements, trying to sync that code seemed error-prone
and cumbersome to maintain in the longer run.
This change refactors the input+output ACLs processing into a unified
routine (thus any changes will have effect on both), and also adds
the API to set the output interface ACL, with the same format
and semantics as the existing input one (except working on output
ACL of course).
WARNING: IP outbound ACL in L3 mode clobbers the ip.* fields
in the vnet_buffer_opaque_t, since the code is using l2_classify.*
The net_buffer (p0)->ip.save_rewrite_length is rescued into
l2_classify.pad.l2_len, and used to rewind the header in case of
drop, so that ipX_drop prints something sensible.
Change-Id: I62f814f1e3650e504474a3a5359edb8a0a8836ed
Signed-off-by: Andrew Yourtchenko <ayourtch@gmail.com>
error: passing an object that undergoes default argument promotion to
'va_start' has undefined behavior [-Werror,-Wvarargs]
Change-Id: Id342beea916ec73e29e399087532caecfa19055f
Signed-off-by: Damjan Marion <damarion@cisco.com>
This patch teaches worer threads to sleep and to be waken up by
kernel if there is activity on file desctiptors assigned to that thread.
It also adds counters to epoll file descriptors and new
debug cli 'show unix file'.
Change-Id: Iaf67869f4aa88ff5b0a08982e1c08474013107c4
Signed-off-by: Damjan Marion <damarion@cisco.com>
This patch address the need to send/receive heartbeats between peers.
At the same time, the number of unacked heartbeats is tracked and when
the peer requests to send DATA to the remote-peer the value of unacked
heartbeats needs to be checked against the maximum value allowed for
retransmissions. If the unacked heartbeats value is higher then the
remote-peer is considered unreachable and the connetion needs to be
shutdown.
Change-Id: I2b1a21c26775e734dbe82486f40982ed5702dc63
Signed-off-by: Marco Varlese <marco.varlese@suse.com>
Do not set UDS related system parameters if DOCKER_TEST is set to "True"
as docker environment doesn't contain the necessary /proc/... entries.
Change-Id: Id85e4512c7bba6b3feb6e6fd1fbe1e05aa10a341
Signed-off-by: Klement Sekera <ksekera@cisco.com>
When the number of threads results being more than 1, the spinlock
structure requires to be initialized otherwise subsequent calls to
the "lock" API (clib_spinlock_lock_if_init) would result in a void
operation.
Change-Id: Ia268c4687252e41962bb3f1217f0a849d8c40385
Signed-off-by: Marco Varlese <marco.varlese@suse.com>
Normally session keys are generated by mirroring the packets sent.
ICMP message type should be used and inverted for the stateful ACL.
Supported ICMP messages with this patch:
- ICMPv4: Echo/Timestamp/Information/Address Mask requests
- ICMPv6: Echo request/Node Information Queury
The invmap & valid_new tables can be modified to make any other
ICMP messages to be reflexive ACL.
Change-Id: Ia47b08b79fe0a5b1f7a995af78de3763d275dbd9
Signed-off-by: Steve Shin <jonshin@cisco.com>
For some files such as hugepages files, ftruncate() fails with the error
"Invalid argument" if the 'length' parameter is not on a page boundary.
Change-Id: I42a9cde98707da15e3c5d1653046e2277fc7a424
Signed-off-by: Igor Mikhailov (imichail) <imichail@cisco.com>
- use valloc as a 'central' segment baseva manager
- use per segment manager segment pools and use rwlocks to guard them
- add session test that exercises segment creation
- embed segment manager properties into application since they're shared
- fix rw locks
Change-Id: I761164c147275d9e8a926f1eda395e090d231f9a
Signed-off-by: Florin Coras <fcoras@cisco.com>
Add an ASSERT to vlib_process_signal_event_helper to catch future
instances of passing node_index = 0 to vlib_process_signal_event().
Change-Id: Iec896fc7c3917feb2fd3198cea42851ba88e64e5
Signed-off-by: Dave Barach <dave@barachs.net>
This patch addresses the need to calculate the RTO / RTT and RTTVAR
according to the rules depicted by the RFC4960 at section 6.3.1
Change-Id: I1d346f3c67610070b3f602f32c7738d58b99ffed
Signed-off-by: Marco Varlese <marco.varlese@suse.com>
1. Replace the magic number '-1' with MAP_FAILED
2. On x86 platform, QEMU uses vhostuser required the memory back-end is file based,
the file could be tmpfs(4K page size) or hugetlbfs(2M or 1G page size)
Change-Id: If1818cb6833728d641f68e4d4a3bc645e70f2ee6
Signed-off-by: Haiyang Tan <haiyang.tan.dev@gmail.com>
This fixes a constant setting of random seed forgotten from testing.
Change-Id: Ie3c4db8bb2b4b73ba33de1ffc02cb563391fd31c
Signed-off-by: Klement Sekera <ksekera@cisco.com>
Clients cannot know at svm region detach time if the shm backing files
have been recreated (e.g., if vpp restarts) and therefore should not try
to unlink them. Otherwise, terminating clients attached to previous
instantiations of a re-allocated region end up making the new instance
un-mappable by removing its backing file.
Change-Id: Idcd0cab776e63fd75b821bc9f0fac58217b9ccbe
Signed-off-by: Florin Coras <fcoras@cisco.com>
L3DSR is used to overcome Layer 2 limitations
of Direct Server Return Load Balancing.
It maps VIP to DSCP bits, and reuse TOS bits to transfer it
to server, and then server will get VIP from DSCP-to-VIP mapping.
Please refer to https://www.nanog.org/meetings/nanog51/presentations/Monday/NANOG51.Talk45.nanog51-Schaumann.pdf
Change-Id: I403ffeadfb04ed0265086eb2dc41f2e17f8f34cb
Signed-off-by: Hongjun Ni <hongjun.ni@intel.com>
This patch addresses the need to handle out-of-order data chunks
received by a peer. To do that effectively, we had to add the handling
of data chunks flags (E/B/U bit) to understand whether the stream is
fragmenting user-message data and in that case if a fragment is the
FIRST/MIDDLE/LAST one of a transmission.
The same patch also addresses the security requirement to have a HMAC
calculated and incorporated in the INIT_ACK and COOKIE_ECHO chunks. The
algorithm used is the HMAC-SHA1.
Change-Id: Ib6a9a80492e2aafe5c8480d6e02da895efe9f90b
Signed-off-by: Marco Varlese <marco.varlese@suse.com>
Prior to this commit, the VXLAN "create" API assumed
the vrf_id belonged to only the IPv4 FIB tables space.
With this commit, the FIB table is found in either the
IPv4 or IPv6 table as determined by the is_ipv6 flag.
This follows the same pattern that was already being
done in the CLI code for the VXLAN "create" command.
Change-Id: I35d5e37db24efa858e4696dc2c004fa64bb4a4a8
Signed-off-by: Jon Loeliger <jdl@netgate.com>
Rather than having multiple copies of the same function
scattered around, promote the function into the FIB
PROTOCOL definitions in fib_types.h.
Change-Id: I11c4d85931167d3a5f3dc1278afecc8845b23cd7
Signed-off-by: Jon Loeliger <jdl@netgate.com>
Fixed a typo in tcp_push_header(). The typo only kicks in when the macro
VLIB_BUFFER_TRACE_TRAJECTORY is enabled.
Change-Id: I62832a4932ec5b14e3063d5eac113780851aae59
Signed-off-by: Steven <sluong@cisco.com>
This hash table intends to provide an alternative to the widely
used bihash table in places where either:
- Hash entry timeout is required
- The hash table data does not fit in CPU cache
Although the bihash table is very fast, each lookup requires
accessing two cache lines in a serialized fashion. It works fine
when the hash table is in cache, but hits a wall when it does not.
The 'flowhash' table uses a simplified design (at the cost of a
less good bucket auto-scaling) where each access only requires
a single memory lookup (in the absence of collision). The hash
table also uses a reduced number of registers.
In practice, a VPP node implementing a stateful feature would
typically:
- prefetch buffer metadata (in-cache)
- prefetch packet header (in-cache)
- compute hash & prefetch hash bucket (possibly in RAM)
- read/write key and value from bucket
Using this hash table, it is possible to pipeline accesses in a way
that does not exhaust CPU's line field buffers, even when the
requested value is located in RAM (i.e. not in cache).
Measurements showed it was possible to scale to tens of millions
of flows (with a full 5-tuple matching and 32B value, i.e. 1
cache line per flow) with no performance degradation when
the hash table grows to the point it doesn't fit in cache anymore.
I have used this table in a couple of non-open-sourced projects,
but think it might be useful to lb, nat, and possibly other VPP
subsystems.
More information in the .h file.
Change-Id: I2b13dde0eabd868b75da1cedbfca0bf74d705102
Signed-off-by: Pierre Pfister <ppfister@cisco.com>
When building plugins outside of the VPP tree, the vppapigen
tool requires the use of the C.py / JSON.py code. To that end,
install it in /usr/share/vpp as referenced.
Change-Id: I457d58e7bde7140c7811fa0a93b4f44d1310784a
Signed-off-by: Jon Loeliger <jdl@netgate.com>
a crash on debug image (VPP-1151)
In debug image, there is extra code to validate the buffer when it is
freed. It uses the hash table to lookup the buffer index with spinlock
to prevent contention. However, there is one spinlock for each worker
thread. So allocating the buffer on thread-x and freeing the same buffer
on thread-y causes the validation to fail on thread-y. The fix is to
have only one spinlock, stored in vlib_global_main.
Change-Id: Ic383846cefe84a3e262255afcf82276742f0f62e
Signed-off-by: Steven <sluong@cisco.com>
(cherry picked from commit a7effa1b072463f12305a474f082aeaffb7ada4b)
Support the 1:1 translation of source address for IPv6
Change-Id: I934d18e5ec508bf7422d796ee5f172b79c048011
Signed-off-by: Matus Fabian <matfabia@cisco.com>
