vpp-swan: fix configuration of policies

This patch fixes configuration of priority, port and type of protocol
for inbound and outbound policies in policy-based IPsec of this plugin.

Type: fix
Signed-off-by: Gabriel Oginski <gabrielx.oginski@intel.com>
Change-Id: I01ddc2e13ebbe87380e66a525aac1b615f619604

.clang-format

@@ -20,6 +20,7 @@ ForEachMacros:
   - 'vlib_foreach_rx_tx'
   - 'foreach_vlib_main'
   - 'foreach_set_bit_index'
+  - 'FOREACH_ARRAY_ELT'
   - 'RTE_ETH_FOREACH_DEV'
 
 StatementMacros:

.gitignore

@@ -128,3 +128,16 @@ compile_commands.json
 /extras/hs-test/vpp-data
 /extras/hs-test/hs-test
 /extras/hs-test/http_server
+/extras/hs-test/.build.vpp
+
+# ./configure
+/CMakeFiles
+/bin
+/lib
+/.ninja_deps
+/.ninja_log
+/CMakeCache.txt
+/build.ninja
+/cmake_install.cmake
+/startup.conf
+/startup.vpp

.gitreview

@@ -2,3 +2,4 @@
 host=gerrit.fd.io
 port=29418
 project=vpp
+defaultbranch=stable/2306

MAINTAINERS

@@ -107,7 +107,7 @@ F:	src/vnet/devices/
 AF PACKET Drivers
 I:	af_packet
 Y:	src/plugins/af_packet/FEATURE.yaml
-M:	Mohsin Kazmi <sykazmi@cisco.com>
+M:	Mohsin Kazmi <mohsin.kazmi14@gmail.com>
 F:	src/plugins/af_packet
 
 VNET TAP Drivers
@@ -115,7 +115,7 @@ I:	tap
 Y:	src/vnet/devices/tap/FEATURE.yaml
 M:	Damjan Marion <damarion@cisco.com>
 M:	Steven Luong <sluong@cisco.com>
-M:	Mohsin Kazmi <sykazmi@cisco.com>
+M:	Mohsin Kazmi <mohsin.kazmi14@gmail.com>
 F:	src/vnet/devices/tap/
 
 VNET Vhost User Driver
@@ -127,7 +127,7 @@ F:	src/plugins/vhost
 VNET Native Virtio Drivers
 I:	virtio
 Y:	src/vnet/devices/virtio/FEATURE.yaml
-M:	Mohsin Kazmi <sykazmi@cisco.com>
+M:	Mohsin Kazmi <mohsin.kazmi14@gmail.com>
 M:	Damjan Marion <damarion@cisco.com>
 F:	src/vnet/devices/virtio/
 
@@ -248,7 +248,7 @@ F:	src/vnet/gre/
 VNET GSO
 I:	gso
 M:	Andrew Yourtchenko <ayourtch@gmail.com>
-M:	Mohsin Kazmi <sykazmi@cisco.com>
+M:	Mohsin Kazmi <mohsin.kazmi14@gmail.com>
 F:	src/vnet/gso/
 
 Plugin - MAP
@@ -288,9 +288,10 @@ F:	src/vnet/udp
 
 VNET VXLAN
 I:	vxlan
+Y:	src/plugins/vxlan/FEATURE.yaml
 M:	John Lo <lojultra2020@outlook.com>
 M:	Steven Luong <sluong@cisco.com>
-F:	src/vnet/vxlan/
+F:	src/plugins/vxlan/
 
 VNET VXLAN-GPE
 I:	vxlan-gpe
@@ -357,7 +358,7 @@ F:	src/vnet/flow/
 
 VNET Hash
 I:	hash
-M:	Mohsin Kazmi <sykazmi@cisco.com>
+M:	Mohsin Kazmi <mohsin.kazmi14@gmail.com>
 M:	Damjan Marion <damarion@cisco.com>
 F:	src/vnet/hash/
 
@@ -417,7 +418,6 @@ F:	src/plugins/dpdk/
 
 Plugin - DPDK Crypto
 I:	dpdk-cryptodev
-M:	Sergio Gonzalez Monroy <sergio.gonzalez.monroy@outlook.com>
 M:	Radu Nicolau <radu.nicolau@intel.com>
 M:	Fan Zhang <roy.fan.zhang@intel.com>
 F:	src/plugins/dpdk/cryptodev/
@@ -770,6 +770,11 @@ I:	geneve
 M:	community vpp-dev@lists.fd.io
 F:	src/plugins/geneve/
 
+Plugin - IP session redirect
+I:	ip_session_redirect
+M:	Benoît Ganne <bganne@cisco.com>
+F:	src/plugins/ip_session_redirect/
+
 Plugin - linux-cp
 I:	linux-cp
 M:	Neale Ranns <neale@graphiant.com>

Makefile

@@ -56,7 +56,7 @@ endif
 
 ifeq ($(filter ubuntu debian,$(OS_ID)),$(OS_ID))
 PKG=deb
-else ifeq ($(filter rhel centos fedora opensuse-leap,$(OS_ID)),$(OS_ID))
+else ifeq ($(filter rhel centos fedora opensuse-leap rocky,$(OS_ID)),$(OS_ID))
 PKG=rpm
 endif
 
@@ -111,7 +111,7 @@ endif
 
 DEB_DEPENDS += $(LIBFFI)
 
-RPM_DEPENDS  = redhat-lsb glibc-static
+RPM_DEPENDS  = glibc-static
 RPM_DEPENDS += apr-devel
 RPM_DEPENDS += numactl-devel
 RPM_DEPENDS += check check-devel
@@ -120,7 +120,7 @@ RPM_DEPENDS += ninja-build
 RPM_DEPENDS += libuuid-devel
 RPM_DEPENDS += ccache
 RPM_DEPENDS += xmlto
-RPM_DEPENDS += elfutils-libelf-devel
+RPM_DEPENDS += elfutils-libelf-devel libpcap-devel
 RPM_DEPENDS += libnl3-devel libmnl-devel
 RPM_DEPENDS += nasm
 
@@ -133,6 +133,15 @@ ifeq ($(OS_ID),fedora)
 	RPM_DEPENDS += python3-virtualenv python3-jsonschema
 	RPM_DEPENDS += cmake
 	RPM_DEPENDS_GROUPS = 'C Development Tools and Libraries'
+else ifeq ($(OS_ID),rocky)
+	RPM_DEPENDS += yum-utils
+	RPM_DEPENDS += subunit subunit-devel
+	RPM_DEPENDS += openssl-devel
+	RPM_DEPENDS += python3-devel  # needed for python3 -m pip install psutil
+	RPM_DEPENDS += python3-ply  # for vppapigen
+	RPM_DEPENDS += python3-virtualenv python3-jsonschema
+	RPM_DEPENDS += infiniband-diags llvm clang cmake
+	RPM_DEPENDS_GROUPS = 'Development Tools'
 else ifeq ($(OS_ID)-$(OS_VERSION_ID),centos-8)
 	RPM_DEPENDS += yum-utils
 	RPM_DEPENDS += compat-openssl10 openssl-devel
@@ -140,6 +149,7 @@ else ifeq ($(OS_ID)-$(OS_VERSION_ID),centos-8)
 	RPM_DEPENDS += python3-virtualenv python3-jsonschema
 	RPM_DEPENDS += libarchive cmake
 	RPM_DEPENDS += infiniband-diags libibumad
+	RPM_DEPENDS += libpcap-devel llvm-toolset
 	RPM_DEPENDS_GROUPS = 'Development Tools'
 else
 	RPM_DEPENDS += yum-utils
@@ -317,6 +327,12 @@ ifeq ($(OS_ID),rhel)
 	@sudo -E yum groupinstall $(CONFIRM) $(RPM_DEPENDS_GROUPS)
 	@sudo -E yum install $(CONFIRM) $(RPM_DEPENDS)
 	@sudo -E debuginfo-install $(CONFIRM) glibc openssl-libs zlib
+else ifeq ($(OS_ID),rocky)
+	@sudo -E dnf install $(CONFIRM) dnf-plugins-core epel-release
+	@sudo -E dnf config-manager --set-enabled \
+          $(shell dnf repolist all 2>/dev/null|grep -i crb|cut -d' ' -f1|grep -v source)
+	@sudo -E dnf groupinstall $(CONFIRM) $(RPM_DEPENDS_GROUPS)
+	@sudo -E dnf install $(CONFIRM) $(RPM_DEPENDS)
 else ifeq ($(OS_ID)-$(OS_VERSION_ID),centos-8)
 	@sudo -E dnf install $(CONFIRM) dnf-plugins-core epel-release
 	@sudo -E dnf config-manager --set-enabled \

build/external/deb/debian/rules

@@ -26,6 +26,7 @@ override_dh_auto_configure:
 
 override_dh_install:
 	make $(MAKE_ARGS) install
+	@mkdir -p $(INSTALL_DIR)
 	dh_install -p$(PKG) --autodest /opt
 
 override_dh_shlibdeps:

build/external/mlx_rdma_dpdk_matrix.txt

@@ -1 +1,3 @@
-rdma=41.0 dpdk=22.07
+rdma=41.0 dpdk=22.07
+rdma=43.0 dpdk=22.11.1
+rdma=45.0 dpdk=23.03

build/external/packages.mk

@@ -101,11 +101,18 @@ define $1_config_cmds
 endef
 endif
 
-$(B)/.$1.config.ok: $(B)/.$1.patch.ok $(addsuffix -install,$($1_depends))
+ifneq ($(filter $1,$(VPP_SKIP_EXTERNAL)), $1)
+$(B)/.$1.config.ok: $(B)/.$1.patch.ok $(addprefix $(B)/.,$(addsuffix .install.ok,$($1_depends)))
 	$$(call h1,"configuring $1 $($1_version) - log: $$($1_config_log)")
 	@mkdir -p $$($1_build_dir)
 	$$(call $1_config_cmds)
 	@touch $$@
+else
+$(B)/.$1.config.ok:
+	$$(call h1,"Skipping $1 $($1_version)")
+	@mkdir -p $(B)
+	@touch $$@
+endif
 
 .PHONY: $1-config
 $1-config: $(B)/.$1.config.ok
@@ -120,10 +127,17 @@ define $1_build_cmds
 endef
 endif
 
+ifneq ($(filter $1,$(VPP_SKIP_EXTERNAL)), $1)
 $(B)/.$1.build.ok: $(B)/.$1.config.ok
 	$$(call h1,"building $1 $($1_version) - log: $$($1_build_log)")
 	$$(call $1_build_cmds)
 	@touch $$@
+else
+$(B)/.$1.build.ok:
+	$$(call h1,"Skipping $1 $($1_version)")
+	@mkdir -p $(B)
+	@touch $$@
+endif
 
 .PHONY: $1-build
 $1-build: $(B)/.$1.build.ok
@@ -138,10 +152,17 @@ define $1_install_cmds
 endef
 endif
 
+ifneq ($(filter $1,$(VPP_SKIP_EXTERNAL)), $1)
 $(B)/.$1.install.ok: $(B)/.$1.build.ok
 	$$(call h1,"installing $1 $($1_version) - log: $$($1_install_log)")
 	$$(call $1_install_cmds)
 	@touch $$@
+else
+$(B)/.$1.install.ok:
+	$$(call h1,"Skipping $1 $($1_version)")
+	@mkdir -p $(B)
+	@touch $$@
+endif
 
 .PHONY: $1-install
 $1-install: $(B)/.$1.install.ok

build/external/packages/dpdk.mk

@@ -19,14 +19,14 @@ DPDK_FAILSAFE_PMD            ?= n
 DPDK_MACHINE                 ?= default
 DPDK_MLX_IBV_LINK            ?= static
 
-dpdk_version                 ?= 22.07
+dpdk_version                 ?= 23.03
 dpdk_base_url                ?= http://fast.dpdk.org/rel
 dpdk_tarball                 := dpdk-$(dpdk_version).tar.xz
+dpdk_tarball_md5sum_23.03    := 3cf8ebbcd412d5726db230f2eeb90cc9
+dpdk_tarball_md5sum_22.11.1  := 0594708fe42ce186a55b0235c6e20cfe
 dpdk_tarball_md5sum_22.07    := fb73b58b80b1349cd05fe9cf6984afd4
 dpdk_tarball_md5sum_22.03    := a07ca8839f98062f46e1cc359735cce8
 dpdk_tarball_md5sum_21.11    := 58660bbbe9e95abce86e47692b196555
-dpdk_tarball_md5sum_21.08    := de33433a1806280996a0ecbe66e3642f
-dpdk_tarball_md5sum_21.05    := a78bba290b11d9717d1272cc6bfaf7c3
 dpdk_tarball_md5sum          := $(dpdk_tarball_md5sum_$(dpdk_version))
 dpdk_url                     := $(dpdk_base_url)/$(dpdk_tarball)
 dpdk_tarball_strip_dirs      := 1
@@ -164,6 +164,7 @@ DPDK_MESON_ARGS = \
 	--libdir lib \
 	--prefix $(dpdk_install_dir) \
 	-Dtests=false \
+	-Denable_driver_sdk=true \
 	"-Ddisable_drivers=$(DPDK_DRIVERS_DISABLED)" \
 	"-Ddisable_libs=$(DPDK_LIBS_DISABLED)" \
 	-Db_pie=true \

build/external/packages/rdma-core.mk

@@ -13,10 +13,22 @@
 
 RDMA_CORE_DEBUG?=n
 
-rdma-core_version             := 41.0
+# NOTE: When updating the rdma-core version in conjunction with an update of the
+#       dpdk version, please update ../mlx_rdma_dpdk_matrix.txt to include the
+#       updated version matrix with the dpdk and rdma-core version.
+#
+#       Also, please verify that the DPDK RDMA driver is built into the dpdk plugin
+#       as follows:
+#       	1. from workspace root directory, 'make -C build/external build-deb'
+#       	2. Verify that the file build/external/dpdk_mlx_default.sh was generated
+#              and contains 'DPDK_MLX_DEFAULT=y'
+#
+rdma-core_version             := 45.0
 rdma-core_tarball             := rdma-core-$(rdma-core_version).tar.gz
 rdma-core_tarball_md5sum_39.1 := 63ba4632fd01173a2331e5b990373330
 rdma-core_tarball_md5sum_41.0 := 2250389cb61a7130133e6411fdeef2f9
+rdma-core_tarball_md5sum_43.0 := 3785fd2b35cd41043ab53226fc112d41
+rdma-core_tarball_md5sum_45.0 := 2b170e6d2ad66fb688580520a16d1ad5
 rdma-core_tarball_md5sum      := $(rdma-core_tarball_md5sum_$(rdma-core_version))
 rdma-core_tarball_strip_dirs  := 1
 rdma-core_url                 := http://github.com/linux-rdma/rdma-core/releases/download/v$(rdma-core_version)/$(rdma-core_tarball)

build/external/patches/dpdk_22.11.1/0001-allow-the-use-of-ab-flag-the-same-time-in-EAL.patch

@@ -0,0 +1,54 @@
+From baa172f1a9e370a0549a31840c3cd148046d1d84 Mon Sep 17 00:00:00 2001
+From: Xinyao Cai <xinyao.cai@intel.com>
+Date: Tue, 18 Apr 2023 16:37:17 +0800
+Subject: [PATCH] allow the use of -a and -b flag the same time in EAL
+ parameters.
+
+---
+ lib/eal/common/eal_common_options.c | 14 --------------
+ 1 file changed, 14 deletions(-)
+
+diff --git a/lib/eal/common/eal_common_options.c b/lib/eal/common/eal_common_options.c
+index 0305933698..0d8f9c5a38 100644
+--- a/lib/eal/common/eal_common_options.c
++++ b/lib/eal/common/eal_common_options.c
+@@ -1623,24 +1623,15 @@ int
+ eal_parse_common_option(int opt, const char *optarg,
+ 			struct internal_config *conf)
+ {
+-	static int b_used;
+-	static int a_used;
+-
+ 	switch (opt) {
+ 	case 'b':
+-		if (a_used)
+-			goto ba_conflict;
+ 		if (eal_option_device_add(RTE_DEVTYPE_BLOCKED, optarg) < 0)
+ 			return -1;
+-		b_used = 1;
+ 		break;
+ 
+ 	case 'a':
+-		if (b_used)
+-			goto ba_conflict;
+ 		if (eal_option_device_add(RTE_DEVTYPE_ALLOWED, optarg) < 0)
+ 			return -1;
+-		a_used = 1;
+ 		break;
+ 	/* coremask */
+ 	case 'c': {
+@@ -1929,11 +1920,6 @@ eal_parse_common_option(int opt, const char *optarg,
+ 	}
+ 
+ 	return 0;
+-
+-ba_conflict:
+-	RTE_LOG(ERR, EAL,
+-		"Options allow (-a) and block (-b) can't be used at the same time\n");
+-	return -1;
+ }
+ 
+ static void
+-- 
+2.34.1
+

build/external/patches/dpdk_23.03/0001-allow-the-use-of-ab-flag-the-same-time-in-EAL.patch

@@ -0,0 +1,54 @@
+From baa172f1a9e370a0549a31840c3cd148046d1d84 Mon Sep 17 00:00:00 2001
+From: Xinyao Cai <xinyao.cai@intel.com>
+Date: Tue, 18 Apr 2023 16:37:17 +0800
+Subject: [PATCH] allow the use of -a and -b flag the same time in EAL
+ parameters.
+
+---
+ lib/eal/common/eal_common_options.c | 14 --------------
+ 1 file changed, 14 deletions(-)
+
+diff --git a/lib/eal/common/eal_common_options.c b/lib/eal/common/eal_common_options.c
+index 0305933698..0d8f9c5a38 100644
+--- a/lib/eal/common/eal_common_options.c
++++ b/lib/eal/common/eal_common_options.c
+@@ -1623,24 +1623,15 @@ int
+ eal_parse_common_option(int opt, const char *optarg,
+ 			struct internal_config *conf)
+ {
+-	static int b_used;
+-	static int a_used;
+-
+ 	switch (opt) {
+ 	case 'b':
+-		if (a_used)
+-			goto ba_conflict;
+ 		if (eal_option_device_add(RTE_DEVTYPE_BLOCKED, optarg) < 0)
+ 			return -1;
+-		b_used = 1;
+ 		break;
+ 
+ 	case 'a':
+-		if (b_used)
+-			goto ba_conflict;
+ 		if (eal_option_device_add(RTE_DEVTYPE_ALLOWED, optarg) < 0)
+ 			return -1;
+-		a_used = 1;
+ 		break;
+ 	/* coremask */
+ 	case 'c': {
+@@ -1929,11 +1920,6 @@ eal_parse_common_option(int opt, const char *optarg,
+ 	}
+ 
+ 	return 0;
+-
+-ba_conflict:
+-	RTE_LOG(ERR, EAL,
+-		"Options allow (-a) and block (-b) can't be used at the same time\n");
+-	return -1;
+ }
+ 
+ static void
+-- 
+2.34.1
+

configure

@@ -30,6 +30,7 @@ OPTIONS:
   --build-type, -t        Build type (release, debug, ...)
   --native-only, -n       Only compile for Native CPU (no multiarch)
   --wipe, -w              Wipe whole repo (except startup.* files)
+  --sanitize, -s          Enable sanitizer (mem)
 __EOF__
 }
 
@@ -83,6 +84,15 @@ while (( "$#" )); do
       wipe=yes
       shift 1
       ;;
+    -s|--sanitize)
+      shift 1
+      case "$1" in
+	mem)
+	  shift 1
+	  args+=("-DVPP_ENABLE_SANITIZE_ADDR=ON")
+	  ;;
+      esac
+      ;;
     -*|--*=) # unsupported flags
       echo "Error: Unsupported flag $1" >&2
       exit 1

docs/aboutvpp/releasenotes/index.rst

@@ -6,7 +6,10 @@ Release notes
 .. toctree::
     :maxdepth: 2
 
+    v23.06
+    v23.02
+    v22.10.1
     v22.10
+    v22.06.1
     v22.06
-    v22.02
     past

docs/aboutvpp/releasenotes/past.rst

@@ -6,6 +6,7 @@ Past releases
 .. toctree::
     :maxdepth: 1
 
+    v22.02
     v21.10.1
     v21.10
     v21.06
@@ -39,4 +40,3 @@ Past releases
     v17.01
     v16.09
     v16.06
-

docs/aboutvpp/releasenotes/v22.06.1.rst

@@ -0,0 +1,12 @@
+Release notes for VPP 22.06.1
+=============================
+
+This is bug fix release.
+
+Of particular importance, this release contains the fix for
+`JIRA VPP-2307: CVE-2022-46397 FD.io VPP (Vector Packet Processor) IPSec generates a predictable IV in AES-CBC mode <https://jira.fd.io/browse/VPP-2037>`__
+
+For the full list of fixed issues please refer to:
+
+- fd.io `JIRA <https://jira.fd.io>`__
+- git `commit log <https://git.fd.io/vpp/log/?h=stable/2206>`__

docs/aboutvpp/releasenotes/v22.10.1.rst

@@ -0,0 +1,12 @@
+Release notes for VPP 22.10.1
+=============================
+
+This is bug fix release.
+
+Of particular importance, this release contains the fix for
+`JIRA VPP-2307: CVE-2022-46397 FD.io VPP (Vector Packet Processor) IPSec generates a predictable IV in AES-CBC mode <https://jira.fd.io/browse/VPP-2037>`__
+
+For the full list of fixed issues please refer to:
+
+- fd.io `JIRA <https://jira.fd.io>`__
+- git `commit log <https://git.fd.io/vpp/log/?h=stable/2210>`__

docs/developer/corearchitecture/vnet.rst

@@ -499,7 +499,7 @@ These commands have the following optional parameters:
 
    512.
 
--  filter - Use the pcap rx / tx / drop trace filter, which must be
+-  filter - Use the pcap trace rx / tx / drop filter, which must be
    configured. Use classify filter pcap… to configure the filter. The
    filter will only be executed if the per-interface or any-interface
    tests fail.
@@ -528,8 +528,8 @@ packet trace capture filtering
 ------------------------------
 
 The “classify filter pcap \| \| trace” debug CLI command constructs an
-arbitrary set of packet classifier tables for use with “pcap rx \| tx \|
-drop trace,” and with the vpp packet tracer on a per-interface or
+arbitrary set of packet classifier tables for use with “pcap trace rx \|
+tx \| drop,” and with the vpp packet tracer on a per-interface or
 system-wide basis.
 
 Packets which match a rule in the classifier table chain will be traced.

docs/developer/corefeatures/index.rst

@@ -17,6 +17,7 @@ Core Features
     span_doc
     mtu
     gso
+    tx_queue
     sylog_doc
     eventviewer
     stats

docs/developer/corefeatures/tx_queue.rst

@@ -0,0 +1 @@
+../../../src/vnet/interface/tx_queue.rst

docs/developer/plugins/index.rst

@@ -40,3 +40,4 @@ For more on plugins please refer to :ref:`add_plugin`.
     acl_hash_lookup
     acl_lookup_context
     bufmon_doc
+    ip_session_redirect_doc

docs/developer/plugins/ip_session_redirect_doc.rst

@@ -0,0 +1 @@
+../../../src/plugins/ip_session_redirect/ip_session_redirect_doc.rst

docs/interfacing/go/index.rst

@@ -4,7 +4,7 @@
 Go api (govpp)
 ==============
 
-If you are writing a Control plane in GO that interfaces with VPP, `GoVPP <https://github.com/FDio/govpp>`__ is the library that will allow you to connect to VPP, and program it through its binary API socket.
+If you are writing a Go application that needs to control and manage VPP, the `GoVPP <https://github.com/FDio/govpp>`__ is a toolset providing a client library that will allow you to connect to VPP and interact with VPP binary API, Stats API and more.
 
 Components involved
 ===================
@@ -37,6 +37,7 @@ Generating the API bindings from the VPP source
 
 
 .. note::
+
     The two options are similar but specify two different things. The output-dir option sets the directory where the generated bindings will be stored. The import prefix sets the go package name to be used in the generated bindings, this will be the string to be used in your ``import ( "" )`` in go. Both can or can not match depending on your ``go.mod``.
 
 
@@ -52,11 +53,11 @@ Generating the API bindings from the VPP package
     # First install the binary API generator
     #   It will be installed to $GOPATH/bin/binapi-generator
     #   or $HOME/go/bin/binapi-generator
-    go install git.fd.io/govpp.git/cmd/binapi-generator@latest
+    go install go.fd.io/govpp/cmd/binapi-generator@latest
 
     # Run the binapi-generator
     $GOPATH/bin/binapi-generator \
-      --input-dir=/usr/share/vpp/api/ \
+      --input=/usr/share/vpp/api/ \
       --output-dir=$HOME/myproject/vppbinapi \
       --import-prefix=mygit.com/myproject/vppbinapi
 
@@ -94,7 +95,7 @@ Once you have your go bindings in ``$HOME/myproject/vppbinapi``, you can start b
 
     cd "$HOME/myproject"
     go mod init mygit.com/myproject
-    go get git.fd.io/govpp.git@latest
+    go get go.fd.io/govpp@latest
 
 * Create ``main.go`` in ``$HOME/myproject`` like below :
 
@@ -106,15 +107,15 @@ Once you have your go bindings in ``$HOME/myproject/vppbinapi``, you can start b
         "os"
         "fmt"
 
-        "git.fd.io/govpp.git"
-        "git.fd.io/govpp.git/api"
+        "go.fd.io/govpp"
+        "go.fd.io/govpp/api"
 
         "mygit.com/myproject/vppbinapi/af_packet"
         interfaces "mygit.com/myproject/vppbinapi/interface"
         "mygit.com/myproject/vppbinapi/interface_types"
     )
 
-    func CreateHostInterface (ch api.Channel, ifName string) (uint32, error) {
+    func CreateHostInterface(ch api.Channel, ifName string) (uint32, error) {
         response := &af_packet.AfPacketCreateReply{}
         request := &af_packet.AfPacketCreate{HostIfName: ifName}
         err := ch.SendRequest(request).ReceiveReply(response)

docs/spelling_wordlist.txt

@@ -1130,6 +1130,7 @@ tmpl
 Tollet
 toolchain
 toolchains
+toolset
 tos
 tp
 tps
@@ -1146,6 +1147,8 @@ tuntap
 tw
 twovppinstances
 tx
+txq
+TXQ
 txt
 typedef
 ubuntu
@@ -1177,6 +1180,7 @@ unmounting
 Unmounting
 unmounts
 unreachables
+unregister
 unrouteable
 unserialization
 unserialize
@@ -1346,4 +1350,4 @@ zoomin
 zoomout
 zx
 µs
-oflags
+oflags

extras/bpf/Makefile

@@ -1,13 +1,14 @@
-CC?=clang
-# where to find bpf includes?
-BPF_ROOT?=/usr/include
-#BPF_ROOT?=/opt/vpp/external/x86_64/include
+CC := $(shell which clang)
 
-CFLAGS:=-O3 -g -Wextra -Wall -target bpf
+# where to find bpf includes?
+BPF_ROOT ?= /usr/include
+#BPF_ROOT ?= /opt/vpp/external/x86_64/include
+
+CFLAGS := -O3 -g -Wextra -Wall -target bpf
 # Workaround for Ubuntu/Debian for asm/types.h
-CFLAGS+= -I/usr/include/x86_64-linux-gnu
-CFLAGS+= -I$(BPF_ROOT)
-#CFLAGS+= -DDEBUG
+CFLAGS += -I/usr/include/x86_64-linux-gnu
+CFLAGS += -I$(BPF_ROOT)
+#CFLAGS += -DDEBUG
 
 all: af_xdp.bpf.o
 

extras/bpf/af_xdp.bpf.c

@@ -4,11 +4,15 @@
  * Copyright (c) 2020 Cisco and/or its affiliates.
  */
 #include <linux/bpf.h>
+#include <bpf/bpf_helpers.h>
+#include <xdp/xdp_helpers.h>
 #include <linux/in.h>
 #include <linux/if_ether.h>
 #include <linux/ip.h>
 #include <linux/udp.h>
-#include <bpf/bpf_helpers.h>
+
+#define XDP_METADATA_SECTION "xdp_metadata"
+#define XSK_PROG_VERSION     1
 
 /*
  * when compiled, debug print can be viewed with eg.
@@ -26,63 +30,70 @@
 #define DEBUG_PRINT(fmt, ...)
 #endif  /* DEBUG */
 
-#define ntohs(x)        __constant_ntohs(x)
+#define ntohs(x) __constant_ntohs (x)
 
-SEC("maps")
-struct bpf_map_def xsks_map = {
-    .type = BPF_MAP_TYPE_XSKMAP,
-    .key_size = sizeof(int),
-    .value_size = sizeof(int),
-    .max_entries = 64, /* max 64 queues per device */
-};
+#define DEFAULT_QUEUE_IDS 64
 
-SEC("xdp_sock")
-int xdp_sock_prog(struct xdp_md *ctx) {
-    const void *data = (void *)(long)ctx->data;
-    const void *data_end = (void *)(long)ctx->data_end;
+struct
+{
+  __uint (type, BPF_MAP_TYPE_XSKMAP);
+  __uint (key_size, sizeof (int));
+  __uint (value_size, sizeof (int));
+  __uint (max_entries, DEFAULT_QUEUE_IDS);
+} xsks_map SEC (".maps");
 
-    DEBUG_PRINT("rx %ld bytes packet", (long)data_end - (long)data);
+struct
+{
+  __uint (priority, 10);
+  __uint (XDP_PASS, 1);
+} XDP_RUN_CONFIG (xdp_sock_prog);
 
-    /* smallest packet we are interesting in is ip-ip */
-    if (data + sizeof(struct ethhdr) + 2 * sizeof(struct iphdr) > data_end) {
-        DEBUG_PRINT("packet too small");
-        return XDP_PASS;
+SEC ("xdp")
+int
+xdp_sock_prog (struct xdp_md *ctx)
+{
+  const void *data = (void *) (long) ctx->data;
+  const void *data_end = (void *) (long) ctx->data_end;
+
+  DEBUG_PRINT ("rx %ld bytes packet", (long) data_end - (long) data);
+
+  /* smallest packet we are interesting in is ip-ip */
+  if (data + sizeof (struct ethhdr) + 2 * sizeof (struct iphdr) > data_end)
+    {
+      DEBUG_PRINT ("packet too small");
+      return XDP_PASS;
     }
 
-    const struct ethhdr *eth = data;
-    if (eth->h_proto != ntohs(ETH_P_IP)) {
-        DEBUG_PRINT("unsupported eth proto %x", (int)eth->h_proto);
-        return XDP_PASS;
+  const struct ethhdr *eth = data;
+  if (eth->h_proto != ntohs (ETH_P_IP))
+    {
+      DEBUG_PRINT ("unsupported eth proto %x", (int) eth->h_proto);
+      return XDP_PASS;
     }
 
-    const struct iphdr *ip = (void *)(eth + 1);
-    switch (ip->protocol) {
-      case IPPROTO_UDP: {
-            const struct udphdr *udp = (void *)(ip + 1);
-            if (udp->dest != ntohs(4789)) { /* VxLAN dest port */
-                DEBUG_PRINT("unsupported udp dst port %x", (int)udp->dest);
-                return XDP_PASS;
-            }
-          }
-      case IPPROTO_IPIP:
-      case IPPROTO_ESP:
-        break;
-      default:
-        DEBUG_PRINT("unsupported ip proto %x", (int)ip->protocol);
-        return XDP_PASS;
-    }
-
-    int qid = ctx->rx_queue_index;
-    if (!bpf_map_lookup_elem(&xsks_map, &qid))
+  const struct iphdr *ip = (void *) (eth + 1);
+  switch (ip->protocol)
+    {
+    case IPPROTO_UDP:
       {
-        DEBUG_PRINT("no socket found");
-        return XDP_PASS;
+	const struct udphdr *udp = (void *) (ip + 1);
+	if (udp->dest != ntohs (4789)) /* VxLAN dest port */
+	  {
+	    DEBUG_PRINT ("unsupported udp dst port %x", (int) udp->dest);
+	    return XDP_PASS;
+	  }
       }
+    case IPPROTO_IPIP:
+    case IPPROTO_ESP:
+      break;
+    default:
+      DEBUG_PRINT ("unsupported ip proto %x", (int) ip->protocol);
+      return XDP_PASS;
+    }
 
-    DEBUG_PRINT("going to socket %d", qid);
-    return bpf_redirect_map(&xsks_map, qid, 0);
+  return bpf_redirect_map (&xsks_map, ctx->rx_queue_index, XDP_PASS);
 }
 
 /* actually Dual GPLv2/Apache2, but GPLv2 as far as kernel is concerned */
-SEC("license")
-char _license[] = "GPL";
+char _license[] SEC ("license") = "GPL";
+__uint (xsk_prog_version, XSK_PROG_VERSION) SEC (XDP_METADATA_SECTION);

extras/configs/pcapcli/setup.tracefilter

@@ -17,6 +17,6 @@ packet-generator new {
     }
 }
 
-comment { Pick one, uncomment, and "pcap rx ..." or "trace add pg-input ..." }
+comment { Pick one, uncomment, and "pcap trace rx ..." or "trace add pg-input ..." }
 comment { classify filter trace mask l3 ip4 src match l3 ip4 src 192.168.1.15 }
 comment { classify filter pcap mask l3 ip4 src match l3 ip4 src 192.168.1.15 }

extras/hs-test/Makefile

@@ -1,13 +1,108 @@
-all: build docker
 
-build:
+ifeq ($(VERBOSE),)
+VERBOSE=false
+endif
+
+ifeq ($(PERSIST),)
+PERSIST=false
+endif
+
+ifeq ($(UNCONFIGURE),)
+UNCONFIGURE=false
+endif
+
+ifeq ($(TEST),)
+TEST=all
+endif
+
+ifeq ($(DEBUG),)
+DEBUG=false
+endif
+
+ifeq ($(CPUS),)
+CPUS=1
+endif
+
+ifeq ($(UBUNTU_CODENAME),)
+UBUNTU_CODENAME=$(shell grep '^UBUNTU_CODENAME=' /etc/os-release | cut -f2- -d=)
+endif
+
+ifeq ($(ARCH),)
+ARCH=$(shell dpkg --print-architecture)
+endif
+
+list_tests = @(grep -r ') Test' *_test.go | cut -d '*' -f2 | cut -d '(' -f1 | \
+		tr -d ' ' | tr ')' '/' | sed 's/Suite//')
+
+.PHONY: help
+help:
+	@echo "Make targets:"
+	@echo " test                 - run tests"
+	@echo " build                - build test infra"
+	@echo " build-debug          - build test infra (vpp debug image)"
+	@echo " build-go             - just build golang files"
+	@echo " fixstyle             - format .go source files"
+	@echo " list-tests           - list all tests"
+	@echo
+	@echo "Make arguments:"
+	@echo " UBUNTU_VERSION           - ubuntu version for docker image"
+	@echo " PERSIST=[true|false]     - whether clean up topology and dockers after test"
+	@echo " VERBOSE=[true|false]     - verbose output"
+	@echo " UNCONFIGURE=[true|false] - unconfigure selected test"
+	@echo " DEBUG=[true|false]       - attach VPP to GDB"
+	@echo " TEST=[test-name]         - specific test to run"
+	@echo " CPUS=[n-cpus]            - number of cpus to run with vpp"
+	@echo
+	@echo "List of all tests:"
+	$(call list_tests)
+
+.PHONY: list-tests
+list-tests:
+	$(call list_tests)
+
+build-vpp-release:
+	@make -C ../.. build-release
+
+build-vpp-debug:
+	@make -C ../.. build
+
+.PHONY: test
+test: .deps.ok .build.vpp
+	@bash ./test --persist=$(PERSIST) --verbose=$(VERBOSE) \
+		--unconfigure=$(UNCONFIGURE) --debug=$(DEBUG) --test=$(TEST) --cpus=$(CPUS)
+
+build-go:
 	go build ./tools/http_server
-	go build .
 
-docker:
-	bash ./script/build.sh
+build: .deps.ok build-vpp-release build-go
+	@rm -f .build.vpp
+	bash ./script/build.sh release
+	@touch .build.vpp
 
+build-debug: .deps.ok build-vpp-debug build-go
+	@rm -f .build.vpp
+	bash ./script/build.sh debug
+	@touch .build.vpp
+
+.deps.ok:
+	@sudo make install-deps
+
+.PHONY: install-deps
+install-deps:
+	@rm -f .deps.ok
+	@apt-get update \
+		&& apt-get install -y apt-transport-https ca-certificates curl software-properties-common \
+		&& apt-get install -y golang apache2-utils wrk bridge-utils
+	@if [ ! -f /usr/share/keyrings/docker-archive-keyring.gpg ] ; then \
+		curl -fsSL https://download.docker.com/linux/ubuntu/gpg | sudo gpg --dearmor -o /usr/share/keyrings/docker-archive-keyring.gpg; \
+		echo "deb [arch=$(ARCH) signed-by=/usr/share/keyrings/docker-archive-keyring.gpg] https://download.docker.com/linux/ubuntu $(UBUNTU_CODENAME) stable" \
+			| sudo tee /etc/apt/sources.list.d/docker.list > /dev/null ; \
+		apt-get update; \
+	fi
+	@apt-get install -y docker-ce
+	@touch .deps.ok
+
+.PHONY: fixstyle
 fixstyle:
 	@gofmt -w .
-
-.PHONY: docker
+	@go mod tidy