make test: mark all BFD tests as extended

Change-Id: Id6c482cf01f49257a05600ae1458f5db09c13cf0
Signed-off-by: Ole Troan <ot@cisco.com>

.gitreview

@@ -2,3 +2,4 @@
 host=gerrit.fd.io
 port=29418
 project=vpp
+defaultbranch=stable/1704

MAINTAINERS

@@ -57,7 +57,7 @@ M:	Damjan Marion <damarion@cisco.com>
 F:	src/vnet/devices/
 
 VNET Device Drivers - DPDK Crypto
-M:	Sergio Gonzales Monroy <sergio.gonzalez.monroy@intel.com>
+M:	Sergio Gonzalez Monroy <sergio.gonzalez.monroy@intel.com>
 F:	src/devices/dpdk/ipsec/
 
 VNET Feature Arcs
@@ -81,7 +81,7 @@ M:	Pablo Camarillo <pcamaril@cisco.com>
 F:	src/vnet/sr/
 
 VNET IPSec
-M:	Sergio Gonzales Monroy <sergio.gonzalez.monroy@intel.com>
+M:	Sergio Gonzalez Monroy <sergio.gonzalez.monroy@intel.com>
 M:	Matus Fabian <matfabia@cisco.com>
 F:	src/vnet/ipsec/
 

Makefile

@@ -40,7 +40,7 @@ DEB_DEPENDS  = curl build-essential autoconf automake bison libssl-dev ccache
 DEB_DEPENDS += debhelper dkms git libtool libganglia1-dev libapr1-dev dh-systemd
 DEB_DEPENDS += libconfuse-dev git-review exuberant-ctags cscope pkg-config
 DEB_DEPENDS += lcov chrpath autoconf nasm
-DEB_DEPENDS += python-dev python-virtualenv python-pip libffi6
+DEB_DEPENDS += python-all python-dev python-virtualenv python-pip libffi6
 ifeq ($(OS_VERSION_ID),14.04)
 	DEB_DEPENDS += openjdk-8-jdk-headless
 else

RELEASE.md

@@ -1,12 +1,105 @@
 # Release Notes    {#release_notes}
 
 * @subpage release_notes_1704
+* @subpage release_notes_17011
 * @subpage release_notes_1701
 * @subpage release_notes_1609
 * @subpage release_notes_1606
 
 @page release_notes_1704 Release notes for VPP 17.04
 
+More than 500 commits since the 1701 release.
+
+## Features
+- Infrastructure
+  - make test improvements
+  - vnet: add device-input threadplacement infra
+  - 64 bit per-thread counters
+  - process restart cli
+  - High performance timer wheels
+  - Plugin infrastructure improvements
+    - Support for .default_disabled, .version_required
+  - Added MAINTAINERS file
+
+- Host stack
+  - TCP stack (experimental)
+  - DHCPv4 / DHCPv6 relay multi-destination
+  - DHCPv4 option 82
+  - ND proxy
+  - Attached hosts
+  - Consolidated DHCPv4 and DHCPv6 implementation
+
+- Interfaces
+  - DPDK 17.02 (retire support for DPDK 16.07)
+  - Add memif - packet memory interface for intra-host communication
+  - vhost: support interrupt mode
+  - DPDK as plugin (retired vpp_lite)
+  - DPDPK input optimizations
+  - Loopback interface allocation scheme
+
+- Network features
+  - IP Multicast FIB
+
+  - Bridging
+    - Learning on local interfaces
+    - Flushing of MACs from the L2 FIB
+
+  - SNAT
+    - CGN (Deterministic and dynamic)
+    - CGN configurable port allocation algorithm
+    - ICMP support
+    - Tentant VRF id for SNAT outside addresses
+    - Session dump / User dump
+    - Port allocation per protocol
+
+  - Security groups
+    - Routed interface support
+    - L2+L3 unified processing node
+    - Improve fragment handling
+
+  - Segement routing v6
+    - SR policies with weighted SID lists
+    - Binding SID
+    - SR steering policies
+    - SR Local SIDs
+    - Framework to expand local SIDs w/plugins
+    - Documentation
+
+  - IOAM
+    - UDP Pinger w/path fault isolation
+    - IOAM as type 2 metadata in NSH
+    - IAOM raw IPFIX collector and analyzer
+    - Anycast active server selection
+    - Documentation
+    - SRv6 Local SID
+    - IP6 HBH header and SR header co-existence
+    - Active probe
+
+  - LISP
+    - Statistics collection
+    - Generalize encap for overlay transport (vxlan-gpe support)
+    - Improve data plane speed
+
+  - GPE
+    - CLI
+    - NSH added to encap/decap path
+    - Renamed LISP GPE API to GPE
+
+  - MPLS
+    - Performance improvements (quad loop)
+
+  - BFD
+    - Command line interface
+    - Echo function
+    - Remote demand mode
+    - SHA1 authentication
+
+  - IPsec
+    - IKEv2 initiator features
+
+  - VXLAN
+    - unify IP4/IP6 control plane handling
+
 ## API changes
 
 - Python API: To avoid conflicts between VPP API messages names and
@@ -23,23 +116,112 @@
   For backwards compatibility VPP API methods are left in the main
   name space (VPP), but will be removed from 17.07.
 
+  - Python API: Change from cPython to CFFI.
+
 - create_loopback message to be replaced with create_loopback_instance
   create_loopback will be removed from 17.07.
   https://gerrit.fd.io/r/#/c/5572/
 
-@todo Release 17.04 needs release notes.
+## Known issues
+
+For the full list of issues please reffer to fd.io [JIRA](https://jira.fd.io).
+
+## Issues fixed
+
+For the full list of fixed issues please reffer to:
+- fd.io [JIRA](https://jira.fd.io)
+- git [commit log](https://git.fd.io/vpp/log/?h=stable/1704)
+
+@page release_notes_17011 Release notes for VPP 17.01.1
+
+This is bug fix release.
+
+For the full list of fixed issues please reffer to:
+- fd.io [JIRA](https://jira.fd.io)
+- git [commit log](https://git.fd.io/vpp/log/?h=stable/1701)
 
 @page release_notes_1701 Release notes for VPP 17.01
 
 @note This release was for a while known as 16.12.
-@todo Release 17.01 needs release notes. It will show up here soon...
 
 ## Features
 
+- [Integrated November 2016 DPDK release](http://www.dpdk.org/doc/guides/rel_notes/release_16_11.html)
+
+- Complete rework of Forwarding Information Base (FIB)
+
+- Performance Improvements
+  - Improvements in DPDK input and output nodes
+  - Improvements in L2 path
+  - Improvmeents in IPv4 lookup node
+
+- Feature Arcs Improvements
+  - Consolidation of the code
+  - New feature arcs
+    - device-input
+    - interface-output
+
+- DPDK Cryptodev Support
+  - Software and Hardware Crypto Support
+
+- DPDK HQoS support
+
+- Simple Port Analyzer (SPAN)
+
+- Bidirectional Forwarding Detection
+  - Basic implementation
+
+- IPFIX Improvements
+
+- L2 GRE over IPSec tunnels
+
+- Link Layer Discovery Protocol (LLDP)
+
+- Vhost-user Improvements
+  - Performance Improvements
+  - Multiqueue
+  - Reconnect
+
+- LISP Enhancements
+  - Source/Dest control plane support
+  - L2 over LISP and GRE
+  - Map-Register/Map-Notify/RLOC-probing support
+  - L2 API improvements, overall code hardening
+
+- Plugins:
+  - New: ACL
+  - New: Flow per Packet
+  - Improved: SNAT
+    - Mutlithreading
+    - Flow export
+
+- Doxygen Enhancements
+
+- Luajit API bindings
+
+- API Refactoring
+  - file split
+  - message signatures
+
+- Python and Scapy based unit testing infrastructure
+  - Infrastructure
+  - Various tests
+
+- Packet Generator improvements
+
+- TUN/TAP jumbo frames support
+
+- Other various bug fixes and improvements
+
 ## Known issues
 
+For the full list of issues please reffer to fd.io [JIRA](https://jira.fd.io).
+
 ## Issues fixed
 
+For the full list of fixed issues please reffer to:
+- fd.io [JIRA](https://jira.fd.io)
+- git [commit log](https://git.fd.io/vpp/log/?h=stable/1701)
 
 @page release_notes_1609 Release notes for VPP 16.09
 

build-data/platforms.mk

@@ -59,10 +59,6 @@ install-deb: $(patsubst %,%-find-source,$(ROOT_PACKAGES))
 	./scripts/find-vpp-api-java-contents $(INSTALL_PREFIX)$(ARCH)	\
 	 deb/debian/vpp-api-java.install ;				\
 									\
-	: vpp-api-python package ;					\
-	./scripts/find-vpp-api-python-contents $(INSTALL_PREFIX)$(ARCH)	\
-	 deb/debian/vpp-api-python.install ;				\
-									\
 	: bin package needs startup config ; 				\
 	echo ../../src/vpp/conf/startup.conf /etc/vpp 			\
 	   >> deb/debian/vpp.install ;					\

build-root/deb/debian/control

@@ -2,7 +2,7 @@ Source: vpp
 Section: net
 Priority: extra
 Maintainer: Cisco OpenVPP Packaging Team <bogus.address@cisco.com>
-Build-Depends: debhelper (>= 9), dh-systemd, dh-python, chrpath
+Build-Depends: debhelper (>= 9), dh-systemd, dh-python, chrpath, python-all
 Standards-Version: 3.9.4
 
 Package: vpp

build-root/deb/debian/rules

@@ -16,9 +16,15 @@ include /usr/share/dpkg/default.mk
 # package maintainers to append LDFLAGS
 #export DEB_LDFLAGS_MAINT_APPEND = -Wl,--as-needed
 
+export PYBUILD_NAME = vpp-api-python
+export PYBUILD_DIR = ../../src/vpp-api/python
+export PYBUILD_DESTDIR_python2=debian/vpp-api-python/
+export PYBUILD_DISABLE_python2=test
+export PYBUILD_SYSTEM=distutils
+
 # main packaging script based on dh7 syntax
 %:
-	dh $@ --with systemd,python2
+	dh $@ --with systemd,python2 --buildsystem=pybuild
 
 override_dh_install:
 	dh_install --exclude .git

build-root/deb/debian/vpp-api-python.postinst

@@ -1,5 +0,0 @@
-#!/bin/sh -e
-
-# after installing python-api files
-python2_sitedir=$(python -c "from distutils.sysconfig import get_python_lib; print(get_python_lib())")
-easy_install --install-dir=$python2_sitedir  -z $python2_sitedir/vpp_papi/vpp_papi-*.egg

build-root/deb/debian/vpp-api-python.prerm

@@ -1,8 +0,0 @@
-#!/bin/sh -e
-
-# before removing python-api files
-python2_sitedir=$(python -c "from distutils.sysconfig import get_python_lib; print(get_python_lib())")
-easy_install --install-dir=$python2_sitedir -mxNq vpp_papi
-
-# the egg has been copied during install
-rm $python2_sitedir/vpp_papi-*.egg

doxygen/Makefile

@@ -53,7 +53,8 @@ DOXY_SRC_DIRECTORIES = \
 	$(DOXY_SRC)/vlibsocket \
 	$(DOXY_SRC)/vnet \
 	$(DOXY_SRC)/vpp \
-	$(DOXY_SRC)/vpp-api
+	$(DOXY_SRC)/vpp-api \
+	$(DOXY_SRC)/examples
 
 # Input directories and files
 DOXY_INPUT ?= \
@@ -72,9 +73,8 @@ DOXY_INPUT := $(subst $(WS_ROOT)/,,$(DOXY_INPUT))
 # These must be left-anchored paths for the regexp below to work.
 DOXY_EXCLUDE ?= \
 	$(DOXY_SRC)/vlib/vlib/buffer.c \
-	$(DOXY_SRC)/vlib/example \
 	$(DOXY_SRC)/vpp-api/lua \
-	plugins/sample-plugin
+	$(DOXY_SRC)/examples/sample-plugin
 
 # Generate a regexp for filenames to exclude
 DOXY_EXCLUDE_REGEXP = ($(subst .,\.,$(shell echo '$(strip $(DOXY_EXCLUDE))' | sed -e 's/ /|/g')))

doxygen/user_doc.md

@@ -4,13 +4,14 @@ User Documentation    {#user_doc}
 Several modules provide operational, dataplane-user focused documentation.
 
 - [GUI guided user demo](https://wiki.fd.io/view/VPP_Sandbox/vpp-userdemo)
-- @subpage qos_doc
-- @subpage ipsec_gre_doc
-- @subpage dpdk_crypto_ipsec_doc
-- @subpage map_doc
-- @subpage lldp_doc
-- @subpage ioam_plugin_doc
-- @subpage lb_plugin_doc
-- @subpage flowperpkt_plugin_doc
-- @subpage span_doc
 - @subpage bfd_doc
+- @subpage ioam_plugin_doc
+- @subpage ipsec_gre_doc
+- @subpage lb_plugin_doc
+- @subpage lldp_doc
+- @subpage map_doc
+- @subpage dpdk_crypto_ipsec_doc
+- @subpage flowperpkt_plugin_doc
+- @subpage qos_doc
+- @subpage span_doc
+- @subpage srv6_doc

src/configure.ac

@@ -154,7 +154,6 @@ PLUGIN_ENABLED(lb)
 PLUGIN_ENABLED(memif)
 PLUGIN_ENABLED(sixrd)
 PLUGIN_ENABLED(snat)
-PLUGIN_DISABLED(srv6sample)
 
 ###############################################################################
 # Dependency checks

src/examples/srv6-sample-localsid/srv6_sample_localsid_doc.md

@@ -1,12 +1,4 @@
-# SRv6 Sample LocalSID documentation    {#srv6_plugin_doc}
-
-## Disclaimer
-
-This is a memo intended to contain documentation for the sample SRv6 LocalSID behavior plugin
-Everything that is not directly obvious should come here.
-For any feedback on content that should be explained please mailto:pcamaril@cisco.com
- 
-This plugin refers to Segment Routing. Please read the SR documentation first.
+# Sample SRv6 LocalSID documentation    {#srv6_plugin_doc}
 
 ## Introduction
 

src/plugins/Makefile.am

@@ -69,10 +69,6 @@ if ENABLE_SNAT_PLUGIN
 include snat.am
 endif
 
-if ENABLE_SRV6SAMPLE_PLUGIN
-include sample_srv6_localsid.am
-endif
-
 include ../suffix-rules.mk
 
 # Remove *.la files

src/plugins/acl.am

@@ -22,6 +22,7 @@ acl_plugin_la_SOURCES =				\
 	acl/l2sess.c				\
 	acl/l2sess_node.c			\
 	acl/l2sess.h				\
+	acl/manual_fns.h			\
 	acl/acl_plugin.api.h
 
 API_FILES += acl/acl.api
@@ -29,8 +30,9 @@ API_FILES += acl/acl.api
 nobase_apiinclude_HEADERS +=			\
   acl/acl_all_api_h.h				\
   acl/acl_msg_enum.h				\
+  acl/manual_fns.h				\
   acl/acl.api.h
 
-acl_test_plugin_la_SOURCES = acl/acl_test.c acl/acl_plugin.api.h
+acl_test_plugin_la_SOURCES = acl/acl_test.c acl/acl_plugin.api.h acl/acl_all_api.h
 
 # vi:syntax=automake

src/plugins/acl/acl.api

@@ -60,7 +60,7 @@ define acl_plugin_get_version_reply
     @param tcp_flags_value - if proto==6, mask to AND the TCP flags in the packet with
 */
 
-typeonly manual_print manual_endian define acl_rule
+typeonly manual_print define acl_rule
 {
   u8 is_permit;
   u8 is_ipv6;
@@ -104,7 +104,7 @@ typeonly manual_print manual_endian define acl_rule
     @param src_ip_prefix_len - Source prefix length
 */
 
-typeonly manual_print manual_endian define macip_acl_rule
+typeonly manual_print define macip_acl_rule
 {
   u8 is_permit;
   u8 is_ipv6;
@@ -161,7 +161,7 @@ define acl_add_replace_reply
     @param acl_index - ACL index to delete
 */
 
-define acl_del
+manual_print define acl_del
 {
   u32 client_index;
   u32 context;
@@ -190,7 +190,7 @@ define acl_del_reply
     @param acl_index - index of ACL for the operation
 */
 
-define acl_interface_add_del
+manual_print define acl_interface_add_del
 {
   u32 client_index;
   u32 context;
@@ -224,7 +224,7 @@ define acl_interface_add_del_reply
     @param acls - vector of ACL indices
 */
 
-manual_endian define acl_interface_set_acl_list
+manual_print define acl_interface_set_acl_list
 {
   u32 client_index;
   u32 context;
@@ -266,7 +266,7 @@ define acl_dump
     @param r - Array of rules within this ACL
 */
 
-manual_print manual_endian define acl_details
+manual_endian manual_print define acl_details
 {
   u32 context;
   u32 acl_index;
@@ -296,7 +296,7 @@ define acl_interface_list_dump
     @param acls - the vector of ACL indices
 */
 
-manual_endian define acl_interface_list_details
+define acl_interface_list_details
 {
   u32 context;
   u32 sw_if_index;
@@ -313,7 +313,7 @@ manual_endian define acl_interface_list_details
     @param r - vector of MACIP ACL rules
 */
 
-manual_print manual_endian define macip_acl_add
+manual_endian manual_print define macip_acl_add
 {
   u32 client_index;
   u32 context;
@@ -341,7 +341,7 @@ define macip_acl_add_reply
     @param acl_index - MACIP ACL index to delete
 */
 
-define macip_acl_del
+manual_print define macip_acl_del
 {
   u32 client_index;
   u32 context;
@@ -367,7 +367,7 @@ define macip_acl_del_reply
     @param acl_index - MACIP ACL index
 */
 
-define macip_acl_interface_add_del
+manual_print define macip_acl_interface_add_del
 {
   u32 client_index;
   u32 context;
@@ -409,7 +409,7 @@ define macip_acl_dump
     @param r - rules comprising this ACL
 */
 
-manual_print manual_endian define macip_acl_details
+manual_endian manual_print define macip_acl_details
 {
   u32 context;
   u32 acl_index;

src/plugins/acl/acl.c

@@ -1767,8 +1767,6 @@ vl_api_macip_acl_interface_get_t_handler (vl_api_macip_acl_interface_get_t *
   vl_msg_api_send_shmem (q, (u8 *) & rmp);
 }
 
-
-
 /* Set up the API message handling tables */
 static clib_error_t *
 acl_plugin_api_hookup (vlib_main_t * vm)
@@ -2010,6 +2008,11 @@ acl_set_aclplugin_fn (vlib_main_t * vm,
     }
     goto done;
   }
+  if (unformat (input, "l4-match-nonfirst-fragment %u", &val))
+    {
+      am->l4_match_nonfirst_fragment = (val != 0);
+      goto done;
+    }
   if (unformat (input, "session")) {
     if (unformat (input, "clear")) {
       acl_main_t *am = &acl_main;
@@ -2120,10 +2123,15 @@ acl_show_aclplugin_fn (vlib_main_t * vm,
         u64 n_dels = sw_if_index < vec_len(am->fa_session_dels_by_sw_if_index) ? am->fa_session_dels_by_sw_if_index[sw_if_index] : 0;
         out0 = format(out0, "sw_if_index %d: add %lu - del %lu = %lu\n", sw_if_index, n_adds, n_dels, n_adds - n_dels);
       }));
+      out0 = format(out0, "\n\nConn cleaner thread counters:\n");
+#define _(cnt, desc) out0 = format(out0, "             %20lu: %s\n", am->cnt, desc);
+      foreach_fa_cleaner_counter;
+#undef _
       vlib_cli_output(vm, "\n\n%s\n\n", out0);
       vlib_cli_output(vm, "Sessions per interval: min %lu max %lu increment: %f ms current: %f ms",
               am->fa_min_deleted_sessions_per_interval, am->fa_max_deleted_sessions_per_interval,
               am->fa_cleaner_wait_time_increment * 1000.0, ((f64)am->fa_current_cleaner_timer_wait_interval) * 1000.0/(f64)vm->clib_time.clocks_per_second);
+
       vec_free(out0);
     }
   return error;
@@ -2190,10 +2198,20 @@ acl_init (vlib_main_t * vm)
   am->fa_max_deleted_sessions_per_interval = ACL_FA_DEFAULT_MAX_DELETED_SESSIONS_PER_INTERVAL;
   am->fa_cleaner_wait_time_increment = ACL_FA_DEFAULT_CLEANER_WAIT_TIME_INCREMENT;
 
+  am->fa_cleaner_cnt_delete_by_sw_index = 0;
+  am->fa_cleaner_cnt_delete_by_sw_index_ok = 0;
+  am->fa_cleaner_cnt_unknown_event = 0;
+  am->fa_cleaner_cnt_deleted_sessions = 0;
+  am->fa_cleaner_cnt_timer_restarted = 0;
+  am->fa_cleaner_cnt_wait_with_timeout = 0;
+
+
 #define _(N, v, s) am->fa_ipv6_known_eh_bitmap = clib_bitmap_set(am->fa_ipv6_known_eh_bitmap, v, 1);
   foreach_acl_eh
 #undef _
 
+  am->l4_match_nonfirst_fragment = 1;
+
   return error;
 }
 

src/plugins/acl/acl.h

@@ -181,6 +181,9 @@ typedef struct {
   /* EH values that we can skip over */
   uword *fa_ipv6_known_eh_bitmap;
 
+  /* whether to match L4 ACEs with ports on the non-initial fragment */
+  int l4_match_nonfirst_fragment;
+
   /* conn table per-interface conn table parameters */
   u32 fa_conn_table_hash_num_buckets;
   uword fa_conn_table_hash_memory_size;
@@ -209,6 +212,22 @@ typedef struct {
   u32 fa_conn_list_head[ACL_N_TIMEOUTS];
   u32 fa_conn_list_tail[ACL_N_TIMEOUTS];
 
+  /* Counters for the cleaner thread */
+
+#define foreach_fa_cleaner_counter                                         \
+  _(fa_cleaner_cnt_delete_by_sw_index, "delete_by_sw_index events")        \
+  _(fa_cleaner_cnt_delete_by_sw_index_ok, "delete_by_sw_index handled ok") \
+  _(fa_cleaner_cnt_unknown_event, "unknown events received")               \
+  _(fa_cleaner_cnt_deleted_sessions, "sessions deleted")                   \
+  _(fa_cleaner_cnt_timer_restarted, "session idle timers restarted")       \
+  _(fa_cleaner_cnt_wait_with_timeout, "event wait with timeout called")    \
+  _(fa_cleaner_cnt_wait_without_timeout, "event wait w/o timeout called")  \
+  _(fa_cleaner_cnt_event_cycles, "total event cycles")                     \
+  _(fa_cleaner_cnt_already_deleted, "try to delete already deleted conn")  \
+/* end of counters */
+#define _(id, desc) u32 id;
+  foreach_fa_cleaner_counter
+#undef _
 
   /* convenience */
   vlib_main_t * vlib_main;
@@ -219,6 +238,7 @@ typedef struct {
    _(HOPBYHOP , 0  , "IPv6ExtHdrHopByHop")                      \
    _(ROUTING  , 43 , "IPv6ExtHdrRouting")                       \
    _(DESTOPT  , 60 , "IPv6ExtHdrDestOpt")                       \
+   _(FRAGMENT , 44 , "IPv6ExtHdrFragment")                      \
    _(MOBILITY , 135, "Mobility Header")                         \
    _(HIP      , 139, "Experimental use Host Identity Protocol") \
    _(SHIM6    , 140, "Shim6 Protocol")                          \
@@ -231,7 +251,6 @@ typedef struct {
  Also, Fragment header needs special processing.
 
    _(NONEXT   , 59 , "NoNextHdr")                               \
-   _(FRAGMENT , 44 , "IPv6ExtHdrFragment")                      \
 
 
 ESP is hiding its internal format, so no point in trying to go past it.

src/plugins/acl/acl_test.c

@@ -164,14 +164,14 @@ vl_api_acl_rule_t_pretty_format (u8 *out, vl_api_acl_rule_t * a)
   inet_ntop(af, a->src_ip_addr, (void *)src, sizeof(src));
   inet_ntop(af, a->dst_ip_addr, (void *)dst, sizeof(dst));
 
-  out = format(out, "%s action %d src %s/%d dst %s/%d proto %d sport %d-%d dport %d-%d tcpflags %d %d",
+  out = format(out, "%s action %d src %s/%d dst %s/%d proto %d sport %d-%d dport %d-%d tcpflags %d mask %d",
                      a->is_ipv6 ? "ipv6" : "ipv4", a->is_permit,
                      src, a->src_ip_prefix_len,
                      dst, a->dst_ip_prefix_len,
                      a->proto,
                      a->srcport_or_icmptype_first, a->srcport_or_icmptype_last,
 	             a->dstport_or_icmpcode_first, a->dstport_or_icmpcode_last,
-                     a->tcp_flags_mask, a->tcp_flags_value);
+                     a->tcp_flags_value, a->tcp_flags_mask);
   return(out);
 }
 
@@ -326,6 +326,7 @@ static int api_acl_add_replace (vat_main_t * vam)
     vl_api_acl_rule_t *rules = 0;
     int rule_idx = 0;
     int n_rules = 0;
+    int n_rules_override = -1;
     u32 proto = 0;
     u32 port1 = 0;
     u32 port2 = 0;
@@ -363,6 +364,10 @@ static int api_acl_add_replace (vat_main_t * vam)
             vec_validate_acl_rules(rules, rule_idx);
             rules[rule_idx].is_permit = 1;
           }
+        else if (unformat (i, "count %d", &n_rules_override))
+          {
+            /* we will use this later */
+          }
         else if (unformat (i, "action %d", &action))
           {
             vec_validate_acl_rules(rules, rule_idx);
@@ -430,6 +435,12 @@ static int api_acl_add_replace (vat_main_t * vam)
             rules[rule_idx].tcp_flags_value = tcpflags;
             rules[rule_idx].tcp_flags_mask = tcpmask;
           }
+        else if (unformat (i, "tcpflags %d mask %d", &tcpflags, &tcpmask))
+          {
+            vec_validate_acl_rules(rules, rule_idx);
+            rules[rule_idx].tcp_flags_value = tcpflags;
+            rules[rule_idx].tcp_flags_mask = tcpmask;
+          }
         else if (unformat (i, "proto %d", &proto))
           {
             vec_validate_acl_rules(rules, rule_idx);
@@ -455,6 +466,9 @@ static int api_acl_add_replace (vat_main_t * vam)
     else
       n_rules = 0;
 
+    if (n_rules_override >= 0)
+      n_rules = n_rules_override;
+
     msg_size += n_rules*sizeof(rules[0]);
 
     mp = vl_msg_api_alloc_as_if_client(msg_size);
@@ -812,6 +826,7 @@ static int api_macip_acl_add (vat_main_t * vam)
     vl_api_macip_acl_rule_t *rules = 0;
     int rule_idx = 0;
     int n_rules = 0;
+    int n_rules_override = -1;
     u32 src_prefix_length = 0;
     u32 action = 0;
     ip4_address_t src_v4address;
@@ -843,6 +858,10 @@ static int api_macip_acl_add (vat_main_t * vam)
             vec_validate_macip_acl_rules(rules, rule_idx);
             rules[rule_idx].is_permit = 0;
           }
+        else if (unformat (i, "count %d", &n_rules_override))
+          {
+            /* we will use this later */
+          }
         else if (unformat (i, "action %d", &action))
           {
             vec_validate_macip_acl_rules(rules, rule_idx);
@@ -856,6 +875,10 @@ static int api_macip_acl_add (vat_main_t * vam)
             rules[rule_idx].src_ip_prefix_len = src_prefix_length;
             rules[rule_idx].is_ipv6 = 0;
           }
+        else if (unformat (i, "src"))
+          {
+            /* Everything in MACIP is "source" but allow this verbosity */
+          }
         else if (unformat (i, "ip %U/%d",
          unformat_ip6_address, &src_v6address, &src_prefix_length))
           {
@@ -897,6 +920,9 @@ static int api_macip_acl_add (vat_main_t * vam)
     else
       n_rules = 0;
 
+    if (n_rules_override >= 0)
+      n_rules = n_rules_override;
+
     msg_size += n_rules*sizeof(rules[0]);
 
     mp = vl_msg_api_alloc_as_if_client(msg_size);

src/plugins/acl/fa_node.c

@@ -191,7 +191,21 @@ acl_match_5tuple (acl_main_t * am, u32 acl_index, fa_5tuple_t * pkt_5tuple,
 	{
 	  if (pkt_5tuple->l4.proto != r->proto)
 	    continue;
-	  /* A sanity check just to ensure what we jave just matched was a valid L4 extracted from the packet */
+
+          if (PREDICT_FALSE (pkt_5tuple->pkt.is_nonfirst_fragment &&
+                     am->l4_match_nonfirst_fragment))
+          {
+            /* non-initial fragment with frag match configured - match this rule */
+            *trace_bitmap |= 0x80000000;
+            *r_action = r->is_permit;
+            if (r_acl_match_p)
+	      *r_acl_match_p = acl_index;
+            if (r_rule_match_p)
+	      *r_rule_match_p = i;
+            return 1;
+          }
+
+	  /* A sanity check just to ensure we are about to match the ports extracted from the packet */
 	  if (PREDICT_FALSE (!pkt_5tuple->pkt.l4_valid))
 	    continue;
 
@@ -312,6 +326,10 @@ acl_fill_5tuple (acl_main_t * am, vlib_buffer_t * b0, int is_ip6,
       l3_offset = 0;
     }
 
+  /* key[0..3] contains src/dst address and is cleared/set below */
+  /* Remainder of the key and per-packet non-key data */
+  p5tuple_pkt->kv.key[4] = 0;
+  p5tuple_pkt->kv.value = 0;
 
   if (is_ip6)
     {
@@ -333,12 +351,33 @@ acl_fill_5tuple (acl_main_t * am, vlib_buffer_t * b0, int is_ip6,
       int need_skip_eh = clib_bitmap_get (am->fa_ipv6_known_eh_bitmap, proto);
       if (PREDICT_FALSE (need_skip_eh))
 	{
-	  /* FIXME: add fragment header special handling. Currently causes treated as unknown header. */
 	  while (need_skip_eh && offset_within_packet (b0, l4_offset))
 	    {
-	      u8 nwords = *(u8 *) get_ptr_to_offset (b0, 1 + l4_offset);
-	      proto = *(u8 *) get_ptr_to_offset (b0, l4_offset);
-	      l4_offset += 8 * (1 + (u16) nwords);
+	      /* Fragment header needs special handling */
+	      if (PREDICT_FALSE(ACL_EH_FRAGMENT == proto))
+	        {
+	          proto = *(u8 *) get_ptr_to_offset (b0, l4_offset);
+		  u16 frag_offset;
+		  clib_memcpy (&frag_offset, get_ptr_to_offset (b0, 2 + l4_offset), sizeof(frag_offset));
+		  frag_offset = ntohs(frag_offset) >> 3;
+		  if (frag_offset)
+		    {
+                      p5tuple_pkt->pkt.is_nonfirst_fragment = 1;
+                      /* invalidate L4 offset so we don't try to find L4 info */
+                      l4_offset += b0->current_length;
+		    }
+		  else
+		    {
+		      /* First fragment: skip the frag header and move on. */
+		      l4_offset += 8;
+		    }
+		}
+              else
+                {
+	          u8 nwords = *(u8 *) get_ptr_to_offset (b0, 1 + l4_offset);
+	          proto = *(u8 *) get_ptr_to_offset (b0, l4_offset);
+	          l4_offset += 8 * (1 + (u16) nwords);
+                }
 #ifdef FA_NODE_VERBOSE_DEBUG
 	      clib_warning ("ACL_FA_NODE_DBG: new proto: %d, new offset: %d",
 			    proto, l4_offset);
@@ -369,13 +408,26 @@ acl_fill_5tuple (acl_main_t * am, vlib_buffer_t * b0, int is_ip6,
 				   offsetof (ip4_header_t,
 					     protocol) + l3_offset);
       l4_offset = l3_offset + sizeof (ip4_header_t);
+      u16 flags_and_fragment_offset;
+      clib_memcpy (&flags_and_fragment_offset,
+                   get_ptr_to_offset (b0,
+                                      offsetof (ip4_header_t,
+                                                flags_and_fragment_offset)) + l3_offset,
+                                                sizeof(flags_and_fragment_offset));
+      flags_and_fragment_offset = ntohs (flags_and_fragment_offset);
+
+      /* non-initial fragments have non-zero offset */
+      if ((PREDICT_FALSE(0xfff & flags_and_fragment_offset)))
+        {
+          p5tuple_pkt->pkt.is_nonfirst_fragment = 1;
+          /* invalidate L4 offset so we don't try to find L4 info */
+          l4_offset += b0->current_length;
+        }
+
     }
-  /* Remainder of the key and per-packet non-key data */
-  p5tuple_pkt->kv.key[4] = 0;
-  p5tuple_pkt->kv.value = 0;
+  p5tuple_pkt->l4.proto = proto;
   if (PREDICT_TRUE (offset_within_packet (b0, l4_offset)))
     {
-      p5tuple_pkt->l4.proto = proto;
       p5tuple_pkt->pkt.l4_valid = 1;
       if (icmp_protos[is_ip6] == proto)
 	{
@@ -533,6 +585,10 @@ acl_fa_conn_list_add_session (acl_main_t * am, u32 sess_id)
 
   if (~0 == am->fa_conn_list_head[list_id]) {
     am->fa_conn_list_head[list_id] = sess_id;
+    /* If it is a first conn in any list, kick off the cleaner */
+    vlib_process_signal_event (am->vlib_main, am->fa_cleaner_node_index,
+                                 ACL_FA_CLEANER_RESCHEDULE, 0);
+
   }
 }
 
@@ -556,7 +612,7 @@ acl_fa_conn_list_delete_session (acl_main_t *am, u32 sess_id)
     am->fa_conn_list_head[sess->link_list_id] = sess->link_next_idx;
   }
   if (am->fa_conn_list_tail[sess->link_list_id] == sess_id) {
-    am->fa_conn_list_tail[sess->link_list_id] = sess->link_next_idx;
+    am->fa_conn_list_tail[sess->link_list_id] = sess->link_prev_idx;
   }
 }
 
@@ -982,14 +1038,6 @@ acl_out_ip4_fa_node_fn (vlib_main_t * vm,
 
 /* *INDENT-OFF* */
 #define foreach_acl_fa_cleaner_error \
-_(EVENT_CYCLE, "event processing cycle")  \
-_(TIMER_RESTARTED, "restarted session timers")  \
-_(DELETED_SESSIONS, "deleted sessions")  \
-_(ALREADY_DELETED, "timer event for already deleted session")  \
-_(DELETE_BY_SW_IF_INDEX, "delete by sw_if_index event")  \
-_(DELETE_BY_SW_IF_INDEX_OK, "delete by sw_if_index completed ok")  \
-_(WAIT_WITHOUT_TIMEOUT, "process waits without timeout")  \
-_(WAIT_WITH_TIMEOUT, "process waits with timeout")  \
 _(UNKNOWN_EVENT, "unknown event received")  \
 /* end  of errors */
 
@@ -1067,7 +1115,7 @@ acl_fa_session_cleaner_process (vlib_main_t * vm, vlib_node_runtime_t * rt,
   f64 cpu_cps = vm->clib_time.clocks_per_second;
   u64 next_expire;
   /* We should call timer wheel at least twice a second */
-  u64 max_timer_wait_interval = cpu_cps / 2; 
+  u64 max_timer_wait_interval = cpu_cps / 2;
   am->fa_current_cleaner_timer_wait_interval = max_timer_wait_interval;
 
   u32 *expired = NULL;
@@ -1079,10 +1127,24 @@ acl_fa_session_cleaner_process (vlib_main_t * vm, vlib_node_runtime_t * rt,
     {
       u32 count_deleted_sessions = 0;
       u32 count_already_deleted = 0;
-      u32 count_timer_restarted = 0;
       now = clib_cpu_time_now ();
       next_expire = now + am->fa_current_cleaner_timer_wait_interval;
+      int has_pending_conns = 0;
+      u8 tt;
+      for(tt = 0; tt < ACL_N_TIMEOUTS; tt++)
+        {
+          if (~0 != am->fa_conn_list_head[tt])
+            has_pending_conns = 1;
+        }
 
+      /* If no pending connections then no point in timing out */
+      if (!has_pending_conns)
+        {
+          am->fa_cleaner_cnt_wait_without_timeout++;
+          (void) vlib_process_wait_for_event (vm);
+          event_type = vlib_process_get_events (vm, &event_data);
+        }
+      else
 	{
 	  f64 timeout = ((i64) next_expire - (i64) now) / cpu_cps;
 	  if (timeout <= 0)
@@ -1095,11 +1157,7 @@ acl_fa_session_cleaner_process (vlib_main_t * vm, vlib_node_runtime_t * rt,
 	      /* Timing wheel code is happier if it is called regularly */
 	      if (timeout > 0.5)
 		timeout = 0.5;
-	      vlib_node_increment_counter (vm,
-					   acl_fa_session_cleaner_process_node.
-					   index,
-					   ACL_FA_CLEANER_ERROR_WAIT_WITH_TIMEOUT,
-					   1);
+              am->fa_cleaner_cnt_wait_with_timeout++;
 	      (void) vlib_process_wait_for_event_or_clock (vm, timeout);
 	      event_type = vlib_process_get_events (vm, &event_data);
 	    }
@@ -1119,11 +1177,7 @@ acl_fa_session_cleaner_process (vlib_main_t * vm, vlib_node_runtime_t * rt,
 	    uword *sw_if_index0;
 	    vec_foreach (sw_if_index0, event_data)
 	    {
-	      vlib_node_increment_counter (vm,
-					   acl_fa_session_cleaner_process_node.
-					   index,
-					   ACL_FA_CLEANER_ERROR_DELETE_BY_SW_IF_INDEX,
-					   1);
+              am->fa_cleaner_cnt_delete_by_sw_index++;
 #ifdef FA_NODE_VERBOSE_DEBUG
 	      clib_warning
 		("ACL_FA_NODE_CLEAN: ACL_FA_CLEANER_DELETE_BY_SW_IF_INDEX: %d",
@@ -1134,11 +1188,7 @@ acl_fa_session_cleaner_process (vlib_main_t * vm, vlib_node_runtime_t * rt,
 		acl_fa_clean_sessions_by_sw_if_index (am, *sw_if_index0,
 						      &count);
 	      count_deleted_sessions += count;
-	      vlib_node_increment_counter (vm,
-					   acl_fa_session_cleaner_process_node.
-					   index,
-					   ACL_FA_CLEANER_ERROR_DELETE_BY_SW_IF_INDEX_OK,
-					   result);
+              am->fa_cleaner_cnt_delete_by_sw_index_ok += result;
 	    }
 	  }
 	  break;
@@ -1147,17 +1197,21 @@ acl_fa_session_cleaner_process (vlib_main_t * vm, vlib_node_runtime_t * rt,
 	  clib_warning ("ACL plugin connection cleaner: unknown event %u",
 			event_type);
 #endif
-	  vlib_node_increment_counter (vm,
-				       acl_fa_session_cleaner_process_node.
-				       index,
-				       ACL_FA_CLEANER_ERROR_UNKNOWN_EVENT, 1);
+          vlib_node_increment_counter (vm,
+                                       acl_fa_session_cleaner_process_node.
+                                       index,
+                                       ACL_FA_CLEANER_ERROR_UNKNOWN_EVENT, 1);
+          am->fa_cleaner_cnt_unknown_event++;
 	  break;
 	}
 
       {
         u8 tt = 0;
         for(tt = 0; tt < ACL_N_TIMEOUTS; tt++) {
-          while((vec_len(expired) < 2*am->fa_max_deleted_sessions_per_interval) && (~0 != am->fa_conn_list_head[tt]) && (acl_fa_conn_has_timed_out(am, now, am->fa_conn_list_head[tt]))) {
+          while((vec_len(expired) < 2*am->fa_max_deleted_sessions_per_interval)
+                && (~0 != am->fa_conn_list_head[tt])
+                && (acl_fa_conn_has_timed_out(am, now,
+                                              am->fa_conn_list_head[tt]))) {
             u32 sess_id = am->fa_conn_list_head[tt];
             vec_add1(expired, sess_id);
             acl_fa_conn_list_delete_session(am, sess_id);
@@ -1165,7 +1219,6 @@ acl_fa_session_cleaner_process (vlib_main_t * vm, vlib_node_runtime_t * rt,
         }
       }
 
-
       u32 *psid = NULL;
       vec_foreach (psid, expired)
       {
@@ -1181,15 +1234,22 @@ acl_fa_session_cleaner_process (vlib_main_t * vm, vlib_node_runtime_t * rt,
 		/* clib_warning ("ACL_FA_NODE_CLEAN: Restarting timer for session %d",
 		   (int) session_index); */
 
-		/* Pretend we did this in the past, at last_active moment */
-		count_timer_restarted++;
+                /* There was activity on the session, so the idle timeout
+                   has not passed. Enqueue for another time period. */
+
+                acl_fa_conn_list_add_session(am, session_index);
+
+		/* FIXME: When/if moving to timer wheel,
+                   pretend we did this in the past,
+                   at last_active moment, so the timer is accurate */
+                am->fa_cleaner_cnt_timer_restarted++;
 	      }
 	    else
 	      {
 		/* clib_warning ("ACL_FA_NODE_CLEAN: Deleting session %d",
 		   (int) session_index); */
 		acl_fa_delete_session (am, sw_if_index, session_index);
-		count_deleted_sessions++;
+                count_deleted_sessions++;
 	      }
 	  }
 	else
@@ -1210,22 +1270,9 @@ acl_fa_session_cleaner_process (vlib_main_t * vm, vlib_node_runtime_t * rt,
         if (am->fa_current_cleaner_timer_wait_interval < max_timer_wait_interval)
           am->fa_current_cleaner_timer_wait_interval += cpu_cps * am->fa_cleaner_wait_time_increment;
       }
-
-      vlib_node_increment_counter (vm,
-				   acl_fa_session_cleaner_process_node.index,
-				   ACL_FA_CLEANER_ERROR_EVENT_CYCLE, 1);
-      vlib_node_increment_counter (vm,
-				   acl_fa_session_cleaner_process_node.index,
-				   ACL_FA_CLEANER_ERROR_TIMER_RESTARTED,
-				   count_timer_restarted);
-      vlib_node_increment_counter (vm,
-				   acl_fa_session_cleaner_process_node.index,
-				   ACL_FA_CLEANER_ERROR_DELETED_SESSIONS,
-				   count_deleted_sessions);
-      vlib_node_increment_counter (vm,
-				   acl_fa_session_cleaner_process_node.index,
-				   ACL_FA_CLEANER_ERROR_ALREADY_DELETED,
-				   count_already_deleted);
+      am->fa_cleaner_cnt_event_cycles++;
+      am->fa_cleaner_cnt_deleted_sessions += count_deleted_sessions;
+      am->fa_cleaner_cnt_already_deleted += count_already_deleted;
     }
   /* NOT REACHED */
   return 0;

src/plugins/acl/fa_node.h

@@ -22,10 +22,12 @@
 typedef union {
   u64 as_u64;
   struct {
-    u8 tcp_flags_valid;
     u8 tcp_flags;
-    u8 is_input;
-    u8 l4_valid;
+    u8 tcp_flags_valid:1;
+    u8 is_input:1;
+    u8 l4_valid:1;
+    u8 is_nonfirst_fragment:1;
+    u8 flags_reserved:4;
   };
 } fa_packet_info_t;
 

src/plugins/dpdk/device/init.c

@@ -419,56 +419,35 @@ dpdk_flag_change (vnet_main_t * vnm, vnet_hw_interface_t * hi, u32 flags)
     }
   else if (ETHERNET_INTERFACE_FLAG_CONFIG_MTU (flags))
     {
-      /*
-       * DAW-FIXME: The Cisco VIC firmware does not provide an api for a
-       *            driver to dynamically change the mtu.  If/when the
-       *            VIC firmware gets fixed, then this should be removed.
-       */
-      if (xd->pmd == VNET_DPDK_PMD_ENIC)
+      int rv;
+
+      xd->port_conf.rxmode.max_rx_pkt_len = hi->max_packet_bytes;
+
+      if (xd->flags & DPDK_DEVICE_FLAG_ADMIN_UP)
+	rte_eth_dev_stop (xd->device_index);
+
+      rv = rte_eth_dev_configure
+	(xd->device_index, xd->rx_q_used, xd->tx_q_used, &xd->port_conf);
+
+      if (rv < 0)
+	vlib_cli_output (vlib_get_main (),
+			 "rte_eth_dev_configure[%d]: err %d",
+			 xd->device_index, rv);
+
+      rte_eth_dev_set_mtu (xd->device_index, hi->max_packet_bytes);
+
+      if (xd->flags & DPDK_DEVICE_FLAG_ADMIN_UP)
 	{
-	  struct rte_eth_dev_info dev_info;
-
-	  /*
-	   * Restore mtu to what has been set by CIMC in the firmware cfg.
-	   */
-	  rte_eth_dev_info_get (xd->device_index, &dev_info);
-	  hi->max_packet_bytes = dev_info.max_rx_pktlen;
-
-	  vlib_cli_output (vlib_get_main (),
-			   "Cisco VIC mtu can only be changed "
-			   "using CIMC then rebooting the server!");
-	}
-      else
-	{
-	  int rv;
-
-	  xd->port_conf.rxmode.max_rx_pkt_len = hi->max_packet_bytes;
-
-	  if (xd->flags & DPDK_DEVICE_FLAG_ADMIN_UP)
-	    rte_eth_dev_stop (xd->device_index);
-
-	  rv = rte_eth_dev_configure
-	    (xd->device_index, xd->rx_q_used, xd->tx_q_used, &xd->port_conf);
-
+	  int rv = rte_eth_dev_start (xd->device_index);
+	  if (!rv && xd->default_mac_address)
+	    rv = rte_eth_dev_default_mac_addr_set (xd->device_index,
+						   (struct ether_addr *)
+						   xd->default_mac_address);
 	  if (rv < 0)
-	    vlib_cli_output (vlib_get_main (),
-			     "rte_eth_dev_configure[%d]: err %d",
-			     xd->device_index, rv);
-
-	  rte_eth_dev_set_mtu (xd->device_index, hi->max_packet_bytes);
-
-	  if (xd->flags & DPDK_DEVICE_FLAG_ADMIN_UP)
-	    {
-	      int rv = rte_eth_dev_start (xd->device_index);
-	      if (!rv && xd->default_mac_address)
-		rv = rte_eth_dev_default_mac_addr_set (xd->device_index,
-						       (struct ether_addr *)
-						       xd->default_mac_address);
-	      if (rv < 0)
-		clib_warning ("rte_eth_dev_start %d returned %d",
-			      xd->device_index, rv);
-	    }
+	    clib_warning ("rte_eth_dev_start %d returned %d",
+			  xd->device_index, rv);
 	}
+
     }
   return old;
 }
@@ -655,11 +634,13 @@ dpdk_lib_init (dpdk_main_t * dm)
 	{
 	  xd->tx_conf.txq_flags |= ETH_TXQ_FLAGS_NOMULTSEGS;
 	  port_conf_template.rxmode.jumbo_frame = 0;
+	  port_conf_template.rxmode.enable_scatter = 0;
 	}
       else
 	{
 	  xd->tx_conf.txq_flags &= ~ETH_TXQ_FLAGS_NOMULTSEGS;
 	  port_conf_template.rxmode.jumbo_frame = 1;
+	  port_conf_template.rxmode.enable_scatter = 1;
 	  xd->flags |= DPDK_DEVICE_FLAG_MAYBE_MULTISEG;
 	}
 
@@ -1065,16 +1046,13 @@ dpdk_lib_init (dpdk_main_t * dm)
       hi = vnet_get_hw_interface (dm->vnet_main, xd->vlib_hw_if_index);
 
       /*
-       * DAW-FIXME: The Cisco VIC firmware does not provide an api for a
-       *            driver to dynamically change the mtu.  If/when the
-       *            VIC firmware gets fixed, then this should be removed.
+       * For cisco VIC vNIC, set default to VLAN strip enabled, unless
+       * specified otherwise in the startup config.
+       * For other NICs default to VLAN strip disabled, unless specified
+       * otherwis in the startup config.
        */
       if (xd->pmd == VNET_DPDK_PMD_ENIC)
 	{
-	  /*
-	   * Initialize mtu to what has been set by CIMC in the firmware cfg.
-	   */
-	  hi->max_packet_bytes = dev_info.max_rx_pktlen;
 	  if (devconf->vlan_strip_offload != DPDK_DEVICE_VLAN_STRIP_OFF)
 	    vlan_strip = 1;	/* remove vlan tag from VIC port by default */
 	  else

src/plugins/ila/ila.c

@@ -736,8 +736,7 @@ ila_add_del_entry (ila_add_del_entry_args_t * args)
 	      fib_table_entry_special_add(0,
 					  &next_hop,
 					  FIB_SOURCE_RR,
-					  FIB_ENTRY_FLAG_NONE,
-					  ADJ_INDEX_INVALID);
+					  FIB_ENTRY_FLAG_NONE);
 	  e->next_hop_child_index =
 	      fib_entry_child_add(e->next_hop_fib_entry_index,
 				  ila_fib_node_type,

src/plugins/ioam/ioam_analyser_doc.md

@@ -0,0 +1,101 @@
+## IOAM Analyser for IPv6    {#ioam_analyser_doc}
+
+IOAM Analyser for IPv6 does 
+- Analysing iOAM records and aggregating statistics
+- Export the aggregated statistics over IP-FIX to external collector.
+
+Following statistics are collected and exported per IOAM flow:
+- All the Paths available for the flow : Collected using IOAM Trace.
+- Delay
+- POT data: No of packets In Policy and Out of Policy.
+- Packet loss count
+- Reordered Packet count
+- Duplicate Packet count
+
+This feature can work on IOAM decapsulating node or as a standalone external analyser.
+
+## Configuration
+
+Below command can be used to configure a VPP node as IOAM analyser:
+
+    set ioam analyse [export-ipfix-collector] [disable] [listen-ipfix]
+
+- export-ipfix-collector : This keyword instructs VPP to export the IOAM 
+analysis data to be exported to an external collector via IP-Fix. Note 
+that IP-Fix collector information has to be configured using the below 
+command: 
+
+    set ipfix exporter collector <Remote IP Address> src <Local IP address>
+
+- listen-ipfix : This keyword instructs VPP node to listen to IP-Fix port
+4739 to receive RAW IOAM records exported by using IOAM Export plugin and
+analyse IOAM records.
+
+- disable : This keyword is used to instruct VPP to stop analysing IOAM.
+
+Example1 : To use VPP as IOAM Analyser on IOAM decapsulating node and export.
+
+    set ipam analyse export-ipfix-collector
+    set ipfix exporter collector 172.16.1.254 src 172.16.1.229
+
+    Above commands when configured on a IOAM Decapsulating node will analyse 
+    all the IOAM data before Decap, aggregate statistics and export them to
+    node with IP address 172.16.1.254 via IP-Fix.
+
+Example2 : To use VPP as a standalone IOAM Analyser and export.
+
+    set ipam analyse export-ipfix-collector listen-ipfix
+    set ipfix exporter collector 172.16.1.254 src 172.16.1.229
+
+    Above commands when configured on a VPP node will listen on IP-Fix 
+    port 4739 for IP-Fix records containing IOAM Raw data aggregate 
+    statistics and export them to node with IP address 172.16.1.254 via IP-Fix.
+
+## Operational data
+For checking the operational data of VPP IOAM analyser below command needs to be used:
+
+    show ioam analyse
+
+Example:
+
+    vpp# show ioam analyse
+    iOAM Analyse Information:
+    Flow Number: 1 
+    pkt_sent : 400
+    pkt_counter : 400
+    bytes_counter : 458700
+    Trace data: 
+    pkt_sent : 400
+    pkt_counter : 100
+    bytes_counter : 458700
+    Trace data: 
+    path_map:
+    
+    node_id: 0x1, ingress_if: 1, egress_if: 2, state:UP
+    node_id: 0x2, ingress_if: 0, egress_if: 2, state:UP
+    node_id: 0x3, ingress_if: 3, egress_if: 0, state:UP
+    pkt_counter: 200
+    bytes_counter: 229350
+    min_delay: 10
+    max_delay: 50
+    mean_delay: 15
+    
+    node_id: 0x1, ingress_if: 1, egress_if: 2, state:UP
+    node_id: 0x4, ingress_if: 10, egress_if: 12, state:UP
+    node_id: 0x3, ingress_if: 3, egress_if: 0, state:UP
+    pkt_counter: 200
+    bytes_counter: 229350
+    min_delay: 19
+    max_delay: 100
+    mean_delay: 35
+    
+    POT data: 
+    sfc_validated_count : 200
+    sfc_invalidated_count : 200
+    
+    Seqno Data:
+    RX Packets        : 400
+    Lost Packets      : 0
+    Duplicate Packets : 0
+    Reordered Packets : 0
+