VPP 18.04 release notes

- Notes for the 18.04 release
- Fixes for table layout of previous API summary
- Update list_api_changes.py script

Change-Id: Id99ed4df2e76e2704f949ee940eedf9ede7e8f4b
Signed-off-by: Chris Luke <chrisy@flirble.org>

.gitreview

@@ -2,3 +2,4 @@
 host=gerrit.fd.io
 port=29418
 project=vpp
+defaultbranch=stable/1804

Makefile

@@ -84,19 +84,21 @@ RPM_DEPENDS += apr-devel
 RPM_DEPENDS += numactl-devel
 RPM_DEPENDS += check check-devel
 RPM_DEPENDS += boost boost-devel
-RPM_DEPENDS += subunit subunit-devel
 RPM_DEPENDS += selinux-policy selinux-policy-devel
-RPM_DEPENDS += mbedtls-devel
 
 ifeq ($(OS_ID)-$(OS_VERSION_ID),fedora-25)
+	RPM_DEPENDS += subunit subunit-devel
 	RPM_DEPENDS += openssl-devel
 	RPM_DEPENDS += python-devel python2-ply
 	RPM_DEPENDS += python2-virtualenv
+	RPM_DEPENDS += mbedtls-devel
 	RPM_DEPENDS_GROUPS = 'C Development Tools and Libraries'
 else ifeq ($(shell if [ "$(OS_ID)" = "fedora" ]; then test $(OS_VERSION_ID) -gt 25; echo $$?; fi),0)
+	RPM_DEPENDS += subunit subunit-devel
 	RPM_DEPENDS += compat-openssl10-devel
 	RPM_DEPENDS += python2-devel python2-ply
 	RPM_DEPENDS += python2-virtualenv
+	RPM_DEPENDS += mbedtls-devel
 	RPM_DEPENDS_GROUPS = 'C Development Tools and Libraries'
 else
 	RPM_DEPENDS += openssl-devel
@@ -507,13 +509,6 @@ endef
 verify: install-dep $(BR)/.deps.ok dpdk-install-dev
 	$(call banner,"Building for PLATFORM=vpp using gcc")
 	@make -C build-root PLATFORM=vpp TAG=vpp wipe-all install-packages
-ifeq ($(OS_ID)-$(OS_VERSION_ID),ubuntu-16.04)
-	$(call banner,"Installing dependencies")
-	@sudo -E apt-get update
-	@sudo -E apt-get $(CONFIRM) $(FORCE) install clang
-	$(call banner,"Building for PLATFORM=vpp using clang")
-	@make -C build-root CC=clang PLATFORM=vpp TAG=vpp_clang wipe-all install-packages
-endif
 	$(call banner,"Building sample-plugin")
 	@make -C build-root PLATFORM=vpp TAG=vpp sample-plugin-install
 	$(call banner,"Building libmemif")

README.md

@@ -24,28 +24,28 @@ Details of the changes leading up to this version of VPP can be found under
 
 ## Directory layout
 
-Directory name         | Description
----------------------- | -------------------------------------------
-     build-data        | Build metadata
-     build-root        | Build output directory
-     doxygen           | Documentation generator configuration
-     dpdk              | DPDK patches and build infrastructure
-@ref extras/libmemif   | Client library for memif
-@ref src/examples      | VPP example code
-@ref src/plugins       | VPP bundled plugins directory
-@ref src/svm           | Shared virtual memory allocation library
-     src/tests         | Standalone tests (not part of test harness)
-     src/vat           | VPP API test program
-@ref src/vlib          | VPP application library
-@ref src/vlibapi       | VPP API library
-@ref src/vlibmemory    | VPP Memory management
-@ref src/vlibsocket    | VPP Socket I/O
-@ref src/vnet          | VPP networking
-@ref src/vpp           | VPP application
-@ref src/vpp-api       | VPP application API bindings
-@ref src/vppinfra      | VPP core library
-@ref src/vpp/api       | Not-yet-relocated API bindings
-     test              | Unit tests and Python test harness
+| Directory name         | Description                                 |
+| ---------------------- | ------------------------------------------- |
+|      build-data        | Build metadata                              |
+|      build-root        | Build output directory                      |
+|      doxygen           | Documentation generator configuration       |
+|      dpdk              | DPDK patches and build infrastructure       |
+| @ref extras/libmemif   | Client library for memif                    |
+| @ref src/examples      | VPP example code                            |
+| @ref src/plugins       | VPP bundled plugins directory               |
+| @ref src/svm           | Shared virtual memory allocation library    |
+|      src/tests         | Standalone tests (not part of test harness) |
+|      src/vat           | VPP API test program                        |
+| @ref src/vlib          | VPP application library                     |
+| @ref src/vlibapi       | VPP API library                             |
+| @ref src/vlibmemory    | VPP Memory management                       |
+| @ref src/vlibsocket    | VPP Socket I/O                              |
+| @ref src/vnet          | VPP networking                              |
+| @ref src/vpp           | VPP application                             |
+| @ref src/vpp-api       | VPP application API bindings                |
+| @ref src/vppinfra      | VPP core library                            |
+| @ref src/vpp/api       | Not-yet-relocated API bindings              |
+|      test              | Unit tests and Python test harness          |
 
 ## Getting started
 

dpdk/Makefile

@@ -25,14 +25,14 @@ DPDK_MLX5_PMD         ?= n
 
 B := $(DPDK_BUILD_DIR)
 I := $(DPDK_INSTALL_DIR)
-DPDK_VERSION ?= 18.02
+DPDK_VERSION ?= 18.02.1
 PKG_SUFFIX ?= vpp1
 DPDK_BASE_URL ?= http://fast.dpdk.org/rel
 DPDK_TARBALL := dpdk-$(DPDK_VERSION).tar.xz
 DPDK_TAR_URL := $(DPDK_BASE_URL)/$(DPDK_TARBALL)
 DPDK_17.11_TARBALL_MD5_CKSUM := 53ee9e054a8797c9e67ffa0eb5d0c701
-DPDK_18.02_TARBALL_MD5_CKSUM := ca13077a014a2102c6e10153dfa3b920
-DPDK_SOURCE := $(B)/dpdk-$(DPDK_VERSION)
+DPDK_18.02.1_TARBALL_MD5_CKSUM := 3bbb5468f662e1f7472d4abc5c4cf08e
+DPDK_SOURCE := $(B)/dpdk-stable-$(DPDK_VERSION)
 MACHINE=$(shell uname -m)
 
 NASM_BASE_URL := http://www.nasm.us/pub/nasm/releasebuilds

extras/rpm/vpp.spec

@@ -3,8 +3,7 @@
 %define _vpp_build_dir   build-tool-native
 %define _unitdir         /lib/systemd/system
 %define _builddir        %{_topdir}
-%define _tmp_build_dir   %{name}-%{_version}.0
-%define _mu_build_dir    %{_topdir}/%{_tmp_build_dir}/build-root
+%define _mu_build_dir    %{_topdir}/%{name}-%{_version}/build-root
 %define _vpp_tag	 %{getenv:TAG}
 %if "%{_vpp_tag}" == ""
 %define _vpp_tag	 vpp
@@ -50,14 +49,17 @@ Release: %{_release}
 Requires: vpp-lib = %{_version}-%{_release}, vpp-selinux-policy = %{_version}-%{_release}, net-tools, pciutils, python
 BuildRequires: systemd, chrpath
 BuildRequires: check, check-devel
-BuildRequires: subunit, subunit-devel
 %if 0%{?fedora} >= 26
+BuildRequires: subunit, subunit-devel
 BuildRequires: compat-openssl10-devel
 BuildRequires: python2-devel, python2-virtualenv
+BuildRequires: mbedtls-devel
 %else
 %if 0%{?fedora} == 25
+BuildRequires: subunit, subunit-devel
 BuildRequires: openssl-devel
 BuildRequires: python-devel, python2-virtualenv
+BuildRequires: mbedtls-devel
 %else
 BuildREquires: openssl-devel
 BuildRequires: python-devel, python-virtualenv
@@ -70,7 +72,6 @@ BuildRequires: numactl-devel
 BuildRequires: autoconf automake libtool byacc bison flex
 BuildRequires: boost boost-devel
 BuildRequires: selinux-policy selinux-policy-devel
-BuildRequires: mbedtls-devel
 
 Source: %{name}-%{_version}-%{_release}.tar.xz
 # Source: vpp-latest.tar.xz
@@ -149,20 +150,13 @@ Requires(post): selinux-policy-base >= %{selinux_policyver}, selinux-policy-targ
 This package contains a tailored VPP SELinux policy
 
 %prep
-# Unpack into dir with longer name as work around of debugedit bug in in rpm-build 4.13
-rm -rf %{name}-%{_version}
-rm -rf %{_tmp_build_dir}
-/usr/bin/xz -dc '%{_sourcedir}/%{name}-%{_version}-%{_release}.tar.xz' | /usr/bin/tar -xf -
-mv %{name}-%{_version} %{_tmp_build_dir}
-cd '%{_tmp_build_dir}'
-/usr/bin/chmod -Rf a+rX,u+w,g-w,o-w .
+%setup -q -n %{name}-%{_version}
 
 %pre
 # Add the vpp group
 groupadd -f -r vpp
 
 %build
-cd '%{_tmp_build_dir}'
 %if %{with aesni}
     make bootstrap
     make -C build-root PLATFORM=vpp TAG=%{_vpp_tag} install-packages

extras/scripts/list_api_changes.py

@@ -0,0 +1,33 @@
+#!/usr/bin/env python
+import os, fnmatch, subprocess
+
+starttag = 'v18.04-rc0'
+endtag = 'v18.04-rc2'
+emit_md = True
+apifiles = []
+
+for root, dirnames, filenames in os.walk('.'):
+    for filename in fnmatch.filter(filenames, '*.api'):
+        apifiles.append(os.path.join(root, filename))
+
+for f in apifiles:
+    commits = subprocess.check_output(['git', 'log',
+                                       '--oneline', starttag + '..' + endtag,
+                                       f])
+    if commits:
+        if f[0:2] == './':
+            f = f[2:]
+        if emit_md:
+            print "| @c %s ||" % f
+            print "| ------- | ------- |"
+            for line in commits.splitlines():
+                parts = line.strip().split()
+                commit = parts[0]
+                message = " ".join(parts[1:]).replace("|", "\|")
+                print "| [%s](https://gerrit.fd.io/r/gitweb?" \
+                        "p=vpp.git;a=commit;h=%s) | %s |" % (
+                                commit, commit, message)
+            print
+        else:
+            print f
+            print commits

src/plugins/acl/acl.c

@@ -54,6 +54,7 @@
 #include "public_inlines.h"
 
 acl_main_t acl_main;
+acl_main_t *p_acl_main = &acl_main;
 
 #define REPLY_MSG_ID_BASE am->msg_id_base
 #include <vlibapi/api_helper_macros.h>
@@ -1346,7 +1347,6 @@ acl_interface_set_inout_acl_list (acl_main_t * am, u32 sw_if_index,
 	  lc_index =
 	    acl_plugin_get_lookup_context_index (am->interface_acl_user_id,
 						 sw_if_index, is_input);
-	  ASSERT (lc_index >= 0);
 	  (*pinout_lc_index_by_sw_if_index)[sw_if_index] = lc_index;
 	}
       acl_plugin_set_acl_vec_for_context (lc_index, vec_acl_list_index);
@@ -3936,7 +3936,7 @@ acl_show_aclplugin_tables_fn (vlib_main_t * vm,
   clib_error_t *error = 0;
 
   u32 acl_index = ~0;
-  u32 sw_if_index = ~0;
+  u32 lc_index = ~0;
   int show_acl_hash_info = 0;
   int show_applied_info = 0;
   int show_mask_type = 0;
@@ -3953,7 +3953,7 @@ acl_show_aclplugin_tables_fn (vlib_main_t * vm,
   else if (unformat (input, "applied"))
     {
       show_applied_info = 1;
-      unformat (input, "sw_if_index %u", &sw_if_index);
+      unformat (input, "lc_index %u", &lc_index);
     }
   else if (unformat (input, "mask"))
     {
@@ -3980,7 +3980,7 @@ acl_show_aclplugin_tables_fn (vlib_main_t * vm,
   if (show_acl_hash_info)
     acl_plugin_show_tables_acl_hash_info (acl_index);
   if (show_applied_info)
-    acl_plugin_show_tables_applied_info (sw_if_index);
+    acl_plugin_show_tables_applied_info (lc_index);
   if (show_bihash)
     acl_plugin_show_tables_bihash (show_bihash_verbose);
 
@@ -4049,7 +4049,7 @@ VLIB_CLI_COMMAND (aclplugin_show_sessions_command, static) = {
 
 VLIB_CLI_COMMAND (aclplugin_show_tables_command, static) = {
     .path = "show acl-plugin tables",
-    .short_help = "show acl-plugin tables [ acl [index N] | applied [ sw_if_index N ] | mask | hash [verbose N] ]",
+    .short_help = "show acl-plugin tables [ acl [index N] | applied [ lc_index N ] | mask | hash [verbose N] ]",
     .function = acl_show_aclplugin_tables_fn,
 };
 

src/plugins/acl/acl.h

@@ -362,6 +362,16 @@ AH has a special treatment of its length, it is in 32-bit words, not 64-bit word
 
 
 extern acl_main_t acl_main;
+/*
+ * pointer to the above.
+ * Needed for some gymnastics to be able to provide
+ * the inline functions from this plugin to other plugins.
+ * If the ACL_PLUGIN_EXTERNAL_EXPORTS is defined, then
+ * there is a static definition in public_exports.h - do not collide with that.
+ */
+#ifndef ACL_PLUGIN_EXTERNAL_EXPORTS
+extern acl_main_t *p_acl_main;
+#endif
 
 void *acl_plugin_set_heap();
 

src/plugins/acl/fa_node.c

@@ -723,9 +723,7 @@ acl_fa_node_fn (vlib_main_t * vm,
 
 	  acl_plugin_fill_5tuple_inline (lc_index0, b0, is_ip6, is_input, is_l2_path, (fa_5tuple_opaque_t *)&fa_5tuple);
           fa_5tuple.l4.lsb_of_sw_if_index = sw_if_index0 & 0xffff;
-	  fa_5tuple.pkt.lc_index = lc_index0;
 	  valid_new_sess = acl_make_5tuple_session_key (am, is_input, is_ip6, sw_if_index0,  &fa_5tuple, &kv_sess);
-          fa_5tuple.pkt.is_ip6 = is_ip6;
           // XXDEL fa_5tuple.pkt.is_input = is_input;
           fa_5tuple.pkt.mask_type_index_lsb = ~0;
 #ifdef FA_NODE_VERBOSE_DEBUG

src/plugins/acl/hash_lookup.c

@@ -831,67 +831,42 @@ acl_plugin_print_pae (vlib_main_t * vm, int j, applied_hash_ace_entry_t * pae)
 }
 
 void
-acl_plugin_show_tables_applied_info (u32 sw_if_index)
+acl_plugin_show_tables_applied_info (u32 lc_index)
 {
   acl_main_t *am = &acl_main;
   vlib_main_t *vm = am->vlib_main;
-  u32 swi; //, j;
-  vlib_cli_output (vm, "Applied lookup entries for interfaces");
+  u32 lci, j;
+  vlib_cli_output (vm, "Applied lookup entries for lookup contexts");
 
-  for (swi = 0;
-       (swi < vec_len (am->input_lc_index_by_sw_if_index))
-       || (swi < vec_len (am->output_lc_index_by_sw_if_index)); swi++)
+  for (lci = 0;
+       (lci < vec_len(am->applied_hash_acl_info_by_lc_index)); lci++)
     {
-      if ((sw_if_index != ~0) && (sw_if_index != swi))
+      if ((lc_index != ~0) && (lc_index != lci))
 	{
 	  continue;
 	}
-/*
-      vlib_cli_output (vm, "sw_if_index %d:", swi);
-      if (swi < vec_len (am->input_applied_hash_acl_info_by_sw_if_index))
+      vlib_cli_output (vm, "lc_index %d:", lci);
+      if (lci < vec_len (am->applied_hash_acl_info_by_lc_index))
 	{
 	  applied_hash_acl_info_t *pal =
-	    &am->input_applied_hash_acl_info_by_sw_if_index[swi];
-	  vlib_cli_output (vm, "  input lookup mask_type_index_bitmap: %U",
+	    &am->applied_hash_acl_info_by_lc_index[lci];
+	  vlib_cli_output (vm, "  lookup mask_type_index_bitmap: %U",
 			   format_bitmap_hex, pal->mask_type_index_bitmap);
-	  vlib_cli_output (vm, "  input applied acls: %U", format_vec32,
+	  vlib_cli_output (vm, "  applied acls: %U", format_vec32,
 			   pal->applied_acls, "%d");
 	}
-      if (swi < vec_len (am->input_hash_entry_vec_by_sw_if_index))
+      if (lci < vec_len (am->hash_entry_vec_by_lc_index))
 	{
-	  vlib_cli_output (vm, "  input lookup applied entries:");
+	  vlib_cli_output (vm, "  lookup applied entries:");
 	  for (j = 0;
-	       j < vec_len (am->input_hash_entry_vec_by_sw_if_index[swi]);
+	       j < vec_len (am->hash_entry_vec_by_lc_index[lci]);
 	       j++)
 	    {
 	      acl_plugin_print_pae (vm, j,
-				    &am->input_hash_entry_vec_by_sw_if_index
-				    [swi][j]);
+				    &am->hash_entry_vec_by_lc_index
+				    [lci][j]);
 	    }
 	}
-
-      if (swi < vec_len (am->output_applied_hash_acl_info_by_sw_if_index))
-	{
-	  applied_hash_acl_info_t *pal =
-	    &am->output_applied_hash_acl_info_by_sw_if_index[swi];
-	  vlib_cli_output (vm, "  output lookup mask_type_index_bitmap: %U",
-			   format_bitmap_hex, pal->mask_type_index_bitmap);
-	  vlib_cli_output (vm, "  output applied acls: %U", format_vec32,
-			   pal->applied_acls, "%d");
-	}
-      if (swi < vec_len (am->output_hash_entry_vec_by_sw_if_index))
-	{
-	  vlib_cli_output (vm, "  output lookup applied entries:");
-	  for (j = 0;
-	       j < vec_len (am->output_hash_entry_vec_by_sw_if_index[swi]);
-	       j++)
-	    {
-	      acl_plugin_print_pae (vm, j,
-				    &am->output_hash_entry_vec_by_sw_if_index
-				    [swi][j]);
-	    }
-	}
-*/
     }
 }
 

src/plugins/acl/lookup_context.c

@@ -201,6 +201,9 @@ void acl_plugin_put_lookup_context_index (u32 lc_index)
  */
 int acl_plugin_set_acl_vec_for_context (u32 lc_index, u32 *acl_list)
 {
+  int rv = 0;
+  uword *seen_acl_bitmap = 0;
+  u32 *pacln = 0;
   acl_main_t *am = &acl_main;
   acl_lookup_context_t *acontext;
   if (am->trace_acl) {
@@ -216,6 +219,25 @@ int acl_plugin_set_acl_vec_for_context (u32 lc_index, u32 *acl_list)
   }
   void *oldheap = acl_plugin_set_heap ();
 
+  vec_foreach (pacln, acl_list)
+  {
+    if (pool_is_free_index (am->acls, *pacln))
+      {
+        /* ACL is not defined. Can not apply */
+        clib_warning ("ERROR: ACL %d not defined", *pacln);
+        rv = VNET_API_ERROR_NO_SUCH_ENTRY;
+        goto done;
+      }
+    if (clib_bitmap_get (seen_acl_bitmap, *pacln))
+      {
+        /* ACL being applied twice within the list. error. */
+        clib_warning ("ERROR: ACL %d being applied twice", *pacln);
+        rv = VNET_API_ERROR_ENTRY_ALREADY_EXISTS;
+        goto done;
+      }
+    seen_acl_bitmap = clib_bitmap_set (seen_acl_bitmap, *pacln, 1);
+  }
+
   acontext = pool_elt_at_index(am->acl_lookup_contexts, lc_index);
   u32 *old_acl_vector = acontext->acl_indices;
   acontext->acl_indices = vec_dup(acl_list);
@@ -226,8 +248,11 @@ int acl_plugin_set_acl_vec_for_context (u32 lc_index, u32 *acl_list)
   apply_acl_vec(lc_index, acontext->acl_indices);
 
   vec_free(old_acl_vector);
+
+done:
+  clib_bitmap_free (seen_acl_bitmap);
   clib_mem_set_heap (oldheap);
-  return 0;
+  return rv;
 }
 
 

src/plugins/acl/public_inlines.h

@@ -26,7 +26,13 @@
 /* check if a given ACL exists */
 
 #ifdef ACL_PLUGIN_EXTERNAL_EXPORTS
-u8 (*acl_plugin_acl_exists) (u32 acl_index);
+
+/*
+ * Define a pointer to the acl_main which will be filled during the initialization.
+ */
+static acl_main_t *p_acl_main = 0;
+
+static u8 (*acl_plugin_acl_exists) (u32 acl_index);
 #else
 u8 acl_plugin_acl_exists (u32 acl_index);
 #endif
@@ -38,7 +44,7 @@ u8 acl_plugin_acl_exists (u32 acl_index);
  */
 
 #ifdef ACL_PLUGIN_EXTERNAL_EXPORTS
-u32 (*acl_plugin_register_user_module) (char *caller_module_string, char *val1_label, char *val2_label);
+static u32 (*acl_plugin_register_user_module) (char *caller_module_string, char *val1_label, char *val2_label);
 #else
 u32 acl_plugin_register_user_module (char *caller_module_string, char *val1_label, char *val2_label);
 #endif
@@ -50,7 +56,7 @@ u32 acl_plugin_register_user_module (char *caller_module_string, char *val1_labe
  * of use within your module. They are useful for debugging.
  */
 #ifdef ACL_PLUGIN_EXTERNAL_EXPORTS
-int (*acl_plugin_get_lookup_context_index) (u32 acl_user_id, u32 val1, u32 val2);
+static int (*acl_plugin_get_lookup_context_index) (u32 acl_user_id, u32 val1, u32 val2);
 #else
 int acl_plugin_get_lookup_context_index (u32 acl_user_id, u32 val1, u32 val2);
 #endif
@@ -60,7 +66,7 @@ int acl_plugin_get_lookup_context_index (u32 acl_user_id, u32 val1, u32 val2);
  * any asssociated data structures.
  */
 #ifdef ACL_PLUGIN_EXTERNAL_EXPORTS
-void (*acl_plugin_put_lookup_context_index) (u32 lc_index);
+static void (*acl_plugin_put_lookup_context_index) (u32 lc_index);
 #else
 void acl_plugin_put_lookup_context_index (u32 lc_index);
 #endif
@@ -70,7 +76,7 @@ void acl_plugin_put_lookup_context_index (u32 lc_index);
  * Any existing list will be overwritten. acl_list is a vector.
  */
 #ifdef ACL_PLUGIN_EXTERNAL_EXPORTS
-int (*acl_plugin_set_acl_vec_for_context) (u32 lc_index, u32 *acl_list);
+static int (*acl_plugin_set_acl_vec_for_context) (u32 lc_index, u32 *acl_list);
 #else
 int acl_plugin_set_acl_vec_for_context (u32 lc_index, u32 *acl_list);
 #endif
@@ -78,7 +84,7 @@ int acl_plugin_set_acl_vec_for_context (u32 lc_index, u32 *acl_list);
 /* Fill the 5-tuple from the packet */
 
 #ifdef ACL_PLUGIN_EXTERNAL_EXPORTS
-void (*acl_plugin_fill_5tuple) (u32 lc_index, vlib_buffer_t * b0, int is_ip6, int is_input,
+static void (*acl_plugin_fill_5tuple) (u32 lc_index, vlib_buffer_t * b0, int is_ip6, int is_input,
                                 int is_l2_path, fa_5tuple_opaque_t * p5tuple_pkt);
 #else
 void acl_plugin_fill_5tuple (u32 lc_index, vlib_buffer_t * b0, int is_ip6, int is_input,
@@ -96,7 +102,7 @@ void acl_plugin_fill_5tuple_inline (u32 lc_index, vlib_buffer_t * b0, int is_ip6
 
 
 #ifdef ACL_PLUGIN_EXTERNAL_EXPORTS
-int (*acl_plugin_match_5tuple) (u32 lc_index,
+static int (*acl_plugin_match_5tuple) (u32 lc_index,
                                            fa_5tuple_opaque_t * pkt_5tuple,
                                            int is_ip6, u8 * r_action,
                                            u32 * r_acl_pos_p,
@@ -128,18 +134,19 @@ acl_plugin_match_5tuple_inline (u32 lc_index,
 
 #ifdef ACL_PLUGIN_EXTERNAL_EXPORTS
 
-#define LOAD_SYMBOL_FROM_PLUGIN(p, s)                                     \
+#define LOAD_SYMBOL_FROM_PLUGIN_TO(p, s, st)                              \
 ({                                                                        \
-    s = vlib_get_plugin_symbol(p, #s);                                    \
-    if (!s)                                                               \
+    st = vlib_get_plugin_symbol(p, #s);                                    \
+    if (!st)                                                               \
         return clib_error_return(0,                                       \
                 "Plugin %s and/or symbol %s not found.", p, #s);          \
 })
 
-#define LOAD_SYMBOL(s) LOAD_SYMBOL_FROM_PLUGIN("acl_plugin.so", s)
+#define LOAD_SYMBOL(s) LOAD_SYMBOL_FROM_PLUGIN_TO("acl_plugin.so", s, s)
 
 static inline clib_error_t * acl_plugin_exports_init (void)
 {
+    LOAD_SYMBOL_FROM_PLUGIN_TO("acl_plugin.so", acl_main, p_acl_main);
     LOAD_SYMBOL(acl_plugin_acl_exists);
     LOAD_SYMBOL(acl_plugin_register_user_module);
     LOAD_SYMBOL(acl_plugin_get_lookup_context_index);
@@ -196,6 +203,7 @@ acl_fill_5tuple (acl_main_t * am, vlib_buffer_t * b0, int is_ip6,
   /* Remainder of the key and per-packet non-key data */
   p5tuple_pkt->kv.key[4] = 0;
   p5tuple_pkt->kv.value = 0;
+  p5tuple_pkt->pkt.is_ip6 = is_ip6;
 
   if (is_ip6)
     {
@@ -345,7 +353,7 @@ always_inline void
 acl_plugin_fill_5tuple_inline (u32 lc_index, vlib_buffer_t * b0, int is_ip6,
 		 int is_input, int is_l2_path, fa_5tuple_opaque_t * p5tuple_pkt)
 {
-  acl_main_t *am = &acl_main;
+  acl_main_t *am = p_acl_main;
   acl_fill_5tuple(am, b0, is_ip6, is_input, is_l2_path, (fa_5tuple_t *)p5tuple_pkt);
 }
 
@@ -528,7 +536,7 @@ acl_plugin_single_acl_match_5tuple (u32 acl_index, fa_5tuple_t * pkt_5tuple,
 		  int is_ip6, u8 * r_action, u32 * r_acl_match_p,
 		  u32 * r_rule_match_p, u32 * trace_bitmap)
 {
-  acl_main_t * am = &acl_main;
+  acl_main_t * am = p_acl_main;
   return single_acl_match_5tuple(am, acl_index, pkt_5tuple, is_ip6, r_action,
                                  r_acl_match_p, r_rule_match_p, trace_bitmap);
 }
@@ -538,7 +546,7 @@ linear_multi_acl_match_5tuple (u32 lc_index, fa_5tuple_t * pkt_5tuple,
 		       int is_ip6, u8 *r_action, u32 *acl_pos_p, u32 * acl_match_p,
 		       u32 * rule_match_p, u32 * trace_bitmap)
 {
-  acl_main_t *am = &acl_main;
+  acl_main_t *am = p_acl_main;
   int i;
   u32 *acl_vector;
   u8 action = 0;
@@ -691,7 +699,7 @@ hash_multi_acl_match_5tuple (u32 lc_index, fa_5tuple_t * pkt_5tuple,
                        int is_ip6, u8 *action, u32 *acl_pos_p, u32 * acl_match_p,
                        u32 * rule_match_p, u32 * trace_bitmap)
 {
-  acl_main_t *am = &acl_main;
+  acl_main_t *am = p_acl_main;
   applied_hash_ace_entry_t **applied_hash_aces = vec_elt_at_index(am->hash_entry_vec_by_lc_index, lc_index);
   u32 match_index = multi_acl_match_get_applied_ace_index(am, pkt_5tuple);
   if (match_index < vec_len((*applied_hash_aces))) {
@@ -717,12 +725,14 @@ acl_plugin_match_5tuple_inline (u32 lc_index,
                                            u32 * r_rule_match_p,
                                            u32 * trace_bitmap)
 {
-  acl_main_t *am = &acl_main;
+  acl_main_t *am = p_acl_main;
+  fa_5tuple_t * pkt_5tuple_internal = (fa_5tuple_t *)pkt_5tuple;
+  pkt_5tuple_internal->pkt.lc_index = lc_index;
   if (am->use_hash_acl_matching) {
-    return hash_multi_acl_match_5tuple(lc_index, (fa_5tuple_t *)pkt_5tuple, is_ip6, r_action,
+    return hash_multi_acl_match_5tuple(lc_index, pkt_5tuple_internal, is_ip6, r_action,
                                  r_acl_pos_p, r_acl_match_p, r_rule_match_p, trace_bitmap);
   } else {
-    return linear_multi_acl_match_5tuple(lc_index, (fa_5tuple_t *)pkt_5tuple, is_ip6, r_action,
+    return linear_multi_acl_match_5tuple(lc_index, pkt_5tuple_internal, is_ip6, r_action,
                                  r_acl_pos_p, r_acl_match_p, r_rule_match_p, trace_bitmap);
   }
 }

src/plugins/dpdk/device/init.c

@@ -465,6 +465,10 @@ dpdk_lib_init (dpdk_main_t * dm)
 	      xd->port_type = VNET_DPDK_PORT_TYPE_VIRTIO_USER;
 	      break;
 
+	    case VNET_DPDK_PMD_VHOST_ETHER:
+	      xd->port_type = VNET_DPDK_PORT_TYPE_VHOST_ETHER;
+	      break;
+
 	    default:
 	      xd->port_type = VNET_DPDK_PORT_TYPE_UNKNOWN;
 	    }

src/plugins/dpdk/ipsec/ipsec.c

@@ -330,12 +330,11 @@ create_sym_session (struct rte_cryptodev_sym_session **session,
   struct rte_crypto_sym_xform *xfs;
   struct rte_cryptodev_sym_session **s;
   crypto_session_key_t key = { 0 };
+  clib_error_t *erorr = 0;
 
   key.drv_id = res->drv_id;
   key.sa_idx = sa_idx;
 
-  data = vec_elt_at_index (dcm->data, res->numa);
-
   sa = pool_elt_at_index (im->sad, sa_idx);
 
   if ((sa->crypto_alg == IPSEC_CRYPTO_ALG_AES_GCM_128) |
@@ -362,6 +361,9 @@ create_sym_session (struct rte_cryptodev_sym_session **session,
 	}
     }
 
+  data = vec_elt_at_index (dcm->data, res->numa);
+  clib_spinlock_lock_if_init (&data->lockp);
+
   /*
    * DPDK_VER >= 1708:
    *   Multiple worker/threads share the session for an SA
@@ -375,7 +377,8 @@ create_sym_session (struct rte_cryptodev_sym_session **session,
       if (!session[0])
 	{
 	  data->session_h_failed += 1;
-	  return clib_error_return (0, "failed to create session header");
+	  erorr = clib_error_return (0, "failed to create session header");
+	  goto done;
 	}
       hash_set (data->session_by_sa_index, sa_idx, session[0]);
     }
@@ -391,13 +394,16 @@ create_sym_session (struct rte_cryptodev_sym_session **session,
   if (ret)
     {
       data->session_drv_failed[res->drv_id] += 1;
-      return clib_error_return (0, "failed to init session for drv %u",
-				res->drv_id);
+      erorr = clib_error_return (0, "failed to init session for drv %u",
+				 res->drv_id);
+      goto done;
     }
 
   hash_set (data->session_by_drv_id_and_sa_index, key.val, session[0]);
 
-  return 0;
+done:
+  clib_spinlock_unlock_if_init (&data->lockp);
+  return erorr;
 }
 
 static void __attribute__ ((unused)) clear_and_free_obj (void *obj)
@@ -509,34 +515,32 @@ add_del_sa_session (u32 sa_index, u8 is_add)
   /* *INDENT-OFF* */
   vec_foreach (data, dcm->data)
     {
+      clib_spinlock_lock_if_init (&data->lockp);
       val = hash_get (data->session_by_sa_index, sa_index);
+      s = (struct rte_cryptodev_sym_session *) val;
+      if (s)
+        {
+          vec_foreach_index (drv_id, dcm->drv)
+            {
+              key.drv_id = drv_id;
+              val = hash_get (data->session_by_drv_id_and_sa_index, key.val);
+              s = (struct rte_cryptodev_sym_session *) val;
+              if (s)
+                hash_unset (data->session_by_drv_id_and_sa_index, key.val);
+            }
 
-      if (!val)
-	continue;
+          hash_unset (data->session_by_sa_index, sa_index);
 
-      s = (struct rte_cryptodev_sym_session *) val[0];
+          u64 ts = unix_time_now_nsec ();
+          dpdk_crypto_session_disposal (data->session_disposal, ts);
 
-      vec_foreach_index (drv_id, dcm->drv)
-	{
-	  key.drv_id = drv_id;
-	  val = hash_get (data->session_by_drv_id_and_sa_index, key.val);
+          crypto_session_disposal_t sd;
+          sd.ts = ts;
+          sd.session = s;
 
-	  if (!val)
-	    continue;
-
-	  hash_unset (data->session_by_drv_id_and_sa_index, key.val);
-	}
-
-      hash_unset (data->session_by_sa_index, sa_index);
-
-      u64 ts = unix_time_now_nsec ();
-      dpdk_crypto_session_disposal (data->session_disposal, ts);
-
-      crypto_session_disposal_t sd;
-      sd.ts = ts;
-      sd.session = s;
-
-      vec_add1 (data->session_disposal, sd);
+          vec_add1 (data->session_disposal, sd);
+        }
+      clib_spinlock_unlock_if_init (&data->lockp);
     }
   /* *INDENT-ON* */
 
@@ -925,6 +929,7 @@ crypto_create_session_drv_pool (vlib_main_t * vm, crypto_dev_t * dev)
     return error;
 
   data->session_drv[dev->drv_id] = mp;
+  clib_spinlock_init (&data->lockp);
 
   return NULL;
 }
@@ -977,6 +982,7 @@ crypto_disable (void)
 	rte_mempool_free (data->session_drv[i]);
 
       vec_free (data->session_drv);
+      clib_spinlock_free (&data->lockp);
     }
   /* *INDENT-ON* */
 

src/plugins/dpdk/ipsec/ipsec.h

@@ -135,6 +135,7 @@ typedef struct
   u64 crypto_op_get_failed;
   u64 session_h_failed;
   u64 *session_drv_failed;
+  clib_spinlock_t lockp;
 } crypto_data_t;
 
 typedef struct

src/plugins/ioam/analyse/ip6/node.c

@@ -424,7 +424,7 @@ ip6_ioam_analyse_register_hbh_handler (u8 option,
 {
   ip6_ioam_analyser_main_t *am = &ioam_analyser_main;
 
-  ASSERT (option < ARRAY_LEN (am->analyse_hbh_handler));
+  ASSERT ((u32) option < ARRAY_LEN (am->analyse_hbh_handler));
 
   /* Already registered */
   if (am->analyse_hbh_handler[option])
@@ -440,7 +440,7 @@ ip6_ioam_analyse_unregister_hbh_handler (u8 option)
 {
   ip6_ioam_analyser_main_t *am = &ioam_analyser_main;
 
-  ASSERT (option < ARRAY_LEN (am->analyse_hbh_handler));
+  ASSERT ((u32) option < ARRAY_LEN (am->analyse_hbh_handler));
 
   /* Not registered */
   if (!am->analyse_hbh_handler[option])

src/plugins/ioam/lib-vxlan-gpe/vxlan_gpe_ioam_trace.c

@@ -89,7 +89,7 @@ vxlan_gpe_ioam_add_register_option (u8 option,
 {
   vxlan_gpe_ioam_main_t *hm = &vxlan_gpe_ioam_main;
 
-  ASSERT (option < ARRAY_LEN (hm->add_options));
+  ASSERT ((u32) option < ARRAY_LEN (hm->add_options));
 
   /* Already registered */
   if (hm->add_options[option])
@@ -106,7 +106,7 @@ vxlan_gpe_add_unregister_option (u8 option)
 {
   vxlan_gpe_ioam_main_t *hm = &vxlan_gpe_ioam_main;
 
-  ASSERT (option < ARRAY_LEN (hm->add_options));
+  ASSERT ((u32) option < ARRAY_LEN (hm->add_options));
 
   /* Not registered */
   if (!hm->add_options[option])
@@ -128,7 +128,7 @@ vxlan_gpe_ioam_register_option (u8 option,
 {
   vxlan_gpe_ioam_main_t *im = &vxlan_gpe_ioam_main;
 
-  ASSERT (option < ARRAY_LEN (im->options));
+  ASSERT ((u32) option < ARRAY_LEN (im->options));
 
   /* Already registered */
   if (im->options[option])
@@ -145,7 +145,7 @@ vxlan_gpe_ioam_unregister_option (u8 option)
 {
   vxlan_gpe_ioam_main_t *hm = &vxlan_gpe_ioam_main;
 
-  ASSERT (option < ARRAY_LEN (hm->options));
+  ASSERT ((u32) option < ARRAY_LEN (hm->options));
 
   /* Not registered */
   if (!hm->options[option])

src/plugins/lacp/cli.c

@@ -242,17 +242,14 @@ show_lacp_fn (vlib_main_t * vm, unformat_input_t * input,
   slave_if_t *sif;
   clib_error_t *error = 0;
   u8 details = 0;
-  u32 hw_if_index, *sw_if_indices = 0;
-  vnet_interface_main_t *im = &vnm->interface_main;
-  vnet_sw_interface_t *sw;
+  u32 sw_if_index, *sw_if_indices = 0;
 
   while (unformat_check_input (input) != UNFORMAT_END_OF_INPUT)
     {
       if (unformat
-	  (input, "%U", unformat_vnet_hw_interface, vnm, &hw_if_index))
+	  (input, "%U", unformat_vnet_sw_interface, vnm, &sw_if_index))
 	{
-	  sw = pool_elt_at_index (im->sw_interfaces, hw_if_index);
-	  sif = bond_get_slave_by_sw_if_index (sw->sw_if_index);
+	  sif = bond_get_slave_by_sw_if_index (sw_if_index);
 	  if (!sif)
 	    {
 	      error = clib_error_return (0, "interface is not enslaved");
@@ -304,11 +301,9 @@ debug_lacp_command_fn (vlib_main_t * vm, unformat_input_t * input,
   lacp_main_t *lm = &lacp_main;
   u8 onoff = 0;
   u8 input_found = 0;
-  u32 hw_if_index = ~0;
+  u32 sw_if_index = ~0;
   slave_if_t *sif;
   vnet_main_t *vnm = vnet_get_main ();
-  vnet_interface_main_t *im = &vnm->interface_main;
-  vnet_sw_interface_t *sw;
 
   /* Get a line of input. */
   if (!unformat_user (input, unformat_line_input, line_input))
@@ -317,7 +312,7 @@ debug_lacp_command_fn (vlib_main_t * vm, unformat_input_t * input,
   while (unformat_check_input (line_input) != UNFORMAT_END_OF_INPUT)
     {
       if (unformat (line_input, "%U",
-		    unformat_vnet_hw_interface, vnm, &hw_if_index))
+		    unformat_vnet_sw_interface, vnm, &sw_if_index))
 	;
       if (input_found)
 	{
@@ -346,10 +341,9 @@ debug_lacp_command_fn (vlib_main_t * vm, unformat_input_t * input,
   if (!input_found)
     return clib_error_return (0, "must specify on or off");
 
-  if (hw_if_index != ~0)
+  if (sw_if_index != ~0)
     {
-      sw = pool_elt_at_index (im->sw_interfaces, hw_if_index);
-      sif = bond_get_slave_by_sw_if_index (sw->sw_if_index);
+      sif = bond_get_slave_by_sw_if_index (sw_if_index);
       if (!sif)
 	return (clib_error_return (0, "Please enslave the interface first"));
       sif->debug = onoff;

src/plugins/lacp/input.c

@@ -249,6 +249,8 @@ lacp_input_format_trace (u8 * s, va_list * args)
   u8 *p;
   lacp_state_struct *state_entry;
 
+  s = format (s, "%U:\n", format_vnet_sw_if_index_name, vnet_get_main (),
+	      t->sw_if_index);
   s = format (s, "Length: %d\n", t->len);
   if (t->len >= sizeof (lacp_pdu_t))
     {

src/plugins/lacp/lacp.c

@@ -383,9 +383,8 @@ lacp_hw_interface_up_down (vnet_main_t * vnm, u32 hw_if_index, u32 flags)
   slave_if_t *sif;
   vnet_sw_interface_t *sw;
   vlib_main_t *vm = lm->vlib_main;
-  vnet_interface_main_t *im = &vnm->interface_main;
 
-  sw = pool_elt_at_index (im->sw_interfaces, hw_if_index);
+  sw = vnet_get_hw_sw_interface (vnm, hw_if_index);
   sif = bond_get_slave_by_sw_if_index (sw->sw_if_index);
   if (sif)
     {

src/plugins/lacp/node.c

@@ -101,6 +101,7 @@ lacp_node_fn (vlib_main_t * vm,
 	  len = (b0->current_length < sizeof (t0->pkt))
 	    ? b0->current_length : sizeof (t0->pkt);
 	  t0->len = len;
+	  t0->sw_if_index = vnet_buffer (b0)->sw_if_index[VLIB_RX];
 	  clib_memcpy (&t0->pkt, vlib_buffer_get_current (b0), len);
 	}
       /* push this pkt to the next graph node, always error-drop */

src/plugins/lacp/node.h

@@ -77,6 +77,7 @@ typedef enum
 /* lacp packet trace capture */
 typedef struct
 {
+  u32 sw_if_index;
   u32 len;
   union
   {

src/plugins/lacp/protocol.h

@@ -69,7 +69,7 @@ typedef enum
 } lacp_state_t;
 
 #define foreach_lacp_state_flag	     	                \
-  _(0, LACP_STATE_LACP_ACTIViTY, "activity")	        \
+  _(0, LACP_STATE_LACP_ACTIVITY, "activity")	        \
   _(1, LACP_STATE_LACP_TIMEOUT, "lacp timeout")         \
   _(2, LACP_STATE_AGGREGATION, "aggregation")           \
   _(3, LACP_STATE_SYNCHRONIZATION, "synchronization")   \

src/plugins/lacp/ptx_machine.h

@@ -72,13 +72,15 @@ lacp_start_periodic_timer (vlib_main_t * vm, slave_if_t * sif, u8 expiration)
 static inline void
 lacp_schedule_periodic_timer (vlib_main_t * vm, slave_if_t * sif)
 {
-  // do fast rate if we are not yet synchronized
-  if (((sif->actor.state & (LACP_STATE_SYNCHRONIZATION |
-			    LACP_STATE_COLLECTING |
-			    LACP_STATE_DISTRIBUTING)) !=
-       (LACP_STATE_SYNCHRONIZATION | LACP_STATE_COLLECTING |
-	LACP_STATE_DISTRIBUTING))
-      && (sif->partner.state & LACP_STATE_AGGREGATION))
+  // do fast rate if partner is in short timeout or
+  // we are not yet synchronized
+  if ((sif->partner.state & LACP_STATE_LACP_TIMEOUT) ||
+      (((sif->actor.state & (LACP_STATE_SYNCHRONIZATION |
+			     LACP_STATE_COLLECTING |
+			     LACP_STATE_DISTRIBUTING)) !=
+	(LACP_STATE_SYNCHRONIZATION | LACP_STATE_COLLECTING |
+	 LACP_STATE_DISTRIBUTING))
+       && (sif->partner.state & LACP_STATE_AGGREGATION)))
     lacp_start_periodic_timer (vm, sif, LACP_FAST_PERIODIC_TIMER);
   else
     lacp_start_periodic_timer (vm, sif, LACP_SLOW_PERIODIC_TIMER);

src/plugins/lb/lb.c

@@ -625,7 +625,7 @@ static void lb_vip_add_adjacency(lb_main_t *lbm, lb_vip_t *vip)
       proto = DPO_PROTO_IP6;
   }
 
-  if(lb_vip_is_gre4(vip))
+  if (lb_vip_is_gre4(vip))
     dpo_type = lbm->dpo_gre4_type;
   else if (lb_vip_is_gre6(vip))
     dpo_type = lbm->dpo_gre6_type;
@@ -813,7 +813,7 @@ lb_as_stack (lb_as_t *as)
   lb_vip_t *vip = &lbm->vips[as->vip_index];
   dpo_type_t dpo_type = 0;
 
-  if(lb_vip_is_gre4(vip))
+  if (lb_vip_is_gre4(vip))
     dpo_type = lbm->dpo_gre4_type;
   else if (lb_vip_is_gre6(vip))
     dpo_type = lbm->dpo_gre6_type;

src/plugins/lb/lb.h

@@ -235,7 +235,7 @@ typedef struct {
                              || (vip)->type == LB_VIP_TYPE_IP4_GRE4)
 #define lb_vip_is_gre6(vip) ((vip)->type == LB_VIP_TYPE_IP6_GRE6 \
                              || (vip)->type == LB_VIP_TYPE_IP4_GRE6)
-#define lb_vip_is_l3dsr(vip) ((vip)->type == LB_VIP_TYPE_IP4_L3DSR)
+#define lb_vip_is_l3dsr(vip) (vip)->type == LB_VIP_TYPE_IP4_L3DSR
 
 #define lb_encap_is_ip4(vip) ((vip)->type == LB_VIP_TYPE_IP6_GRE4 \
                              || (vip)->type == LB_VIP_TYPE_IP4_GRE4 \

src/plugins/memif/device.c

@@ -311,7 +311,8 @@ retry:
   n_free = ring->tail - mq->last_tail;
   if (n_free >= 16)
     {
-      vlib_buffer_free_from_ring_no_next (vm, mq->buffers, mq->last_tail,
+      vlib_buffer_free_from_ring_no_next (vm, mq->buffers,
+					  mq->last_tail & mask,
 					  ring_size, n_free);
       mq->last_tail += n_free;
     }

src/plugins/memif/node.c

@@ -383,9 +383,13 @@ memif_device_input_inline (vlib_main_t * vm, vlib_node_runtime_t * node,
 	  clib_memcpy64_x4 (b0, b1, b2, b3, bt);
 
 	  b0->current_length = po[0].packet_len;
+	  n_rx_bytes += b0->current_length;
 	  b1->current_length = po[1].packet_len;
+	  n_rx_bytes += b1->current_length;
 	  b2->current_length = po[2].packet_len;
+	  n_rx_bytes += b2->current_length;
 	  b3->current_length = po[3].packet_len;
+	  n_rx_bytes += b3->current_length;
 
 	  memif_add_to_chain (vm, b0, ptd->buffers + fbvi0 + 1, buffer_size);
 	  memif_add_to_chain (vm, b1, ptd->buffers + fbvi1 + 1, buffer_size);
@@ -455,6 +459,7 @@ memif_device_input_inline (vlib_main_t * vm, vlib_node_runtime_t * node,
 	  b0 = vlib_get_buffer (vm, bi0);
 	  clib_memcpy (b0, bt, 64);
 	  b0->current_length = po->packet_len;
+	  n_rx_bytes += b0->current_length;
 
 	  memif_add_to_chain (vm, b0, ptd->buffers + fbvi0 + 1, buffer_size);
 
@@ -534,15 +539,16 @@ memif_device_input_zc_inline (vlib_main_t * vm, vlib_node_runtime_t * node,
   u32 n_rx_packets = 0, n_rx_bytes = 0;
   u32 *to_next = 0, *buffers;
   u32 bi0, bi1, bi2, bi3;
+  u16 s0, s1, s2, s3;
+  memif_desc_t *d0, *d1, *d2, *d3;
   vlib_buffer_t *b0, *b1, *b2, *b3;
   u32 thread_index = vlib_get_thread_index ();
   memif_per_thread_data_t *ptd = vec_elt_at_index (mm->per_thread_data,
 						   thread_index);
-  vlib_buffer_t *bt = &ptd->buffer_template;
   u16 cur_slot, last_slot, ring_size, n_slots, mask, head;
   i16 start_offset;
   u32 buffer_length;
-  u16 n_alloc;
+  u16 n_alloc, n_from;
 
   mq = vec_elt_at_index (mif->rx_queues, qid);
   ring = mq->ring;
@@ -568,8 +574,6 @@ memif_device_input_zc_inline (vlib_main_t * vm, vlib_node_runtime_t * node,
 			CLIB_CACHE_LINE_BYTES);
   while (n_slots && n_rx_packets < MEMIF_RX_VECTOR_SZ)
     {
-      u16 s0;
-      memif_desc_t *d0;
       vlib_buffer_t *hb;
 
       s0 = cur_slot & mask;
@@ -582,7 +586,7 @@ memif_device_input_zc_inline (vlib_main_t * vm, vlib_node_runtime_t * node,
       hb = b0 = vlib_get_buffer (vm, bi0);
       b0->current_data = start_offset;
       b0->current_length = start_offset + d0->length;
-
+      n_rx_bytes += d0->length;
 
       if (0 && memif_desc_is_invalid (mif, d0, buffer_length))
 	return 0;
@@ -597,7 +601,7 @@ memif_device_input_zc_inline (vlib_main_t * vm, vlib_node_runtime_t * node,
 	  d0 = &ring->desc[s0];
 	  bi0 = mq->buffers[s0];
 
-	  /*previous buffer */
+	  /* previous buffer */
 	  b0->next_buffer = bi0;
 	  b0->flags |= VLIB_BUFFER_NEXT_PRESENT;
 
@@ -606,6 +610,7 @@ memif_device_input_zc_inline (vlib_main_t * vm, vlib_node_runtime_t * node,
 	  b0->current_data = start_offset;
 	  b0->current_length = start_offset + d0->length;
 	  hb->total_length_not_including_first_buffer += d0->length;
+	  n_rx_bytes += d0->length;
 
 	  cur_slot++;
 	  n_slots--;
@@ -617,10 +622,7 @@ memif_device_input_zc_inline (vlib_main_t * vm, vlib_node_runtime_t * node,
   /* release slots from the ring */
   mq->last_tail = cur_slot;
 
-  u32 n_from = n_rx_packets;
-
-  vnet_buffer (bt)->sw_if_index[VLIB_RX] = mif->sw_if_index;
-
+  n_from = n_rx_packets;
   buffers = ptd->buffers;
 
   while (n_from)
@@ -769,12 +771,12 @@ refill:
   head = ring->head;
   n_slots = ring_size - head + mq->last_tail;
 
-  if (n_slots < 8)
+  if (n_slots < 32)
     goto done;
 
   memif_desc_t *dt = &ptd->desc_template;
   memset (dt, 0, sizeof (memif_desc_t));
-  dt->length = VLIB_BUFFER_DEFAULT_FREE_LIST_BYTES - start_offset;
+  dt->length = buffer_length;
 
   n_alloc = vlib_buffer_alloc_to_ring (vm, mq->buffers, head & mask,
 				       ring_size, n_slots);
@@ -785,15 +787,64 @@ refill:
 			MEMIF_INPUT_ERROR_BUFFER_ALLOC_FAIL, 1);
     }
 
-  while (n_alloc--)
+  while (n_alloc >= 32)
     {
-      u16 s = head++ & mask;
-      memif_desc_t *d = &ring->desc[s];
-      clib_memcpy (d, dt, sizeof (memif_desc_t));
-      b0 = vlib_get_buffer (vm, mq->buffers[s]);
-      d->region = b0->buffer_pool_index + 1;
-      d->offset =
-	(void *) b0->data - mif->regions[d->region].shm + start_offset;
+      bi0 = mq->buffers[(head + 4) & mask];
+      vlib_prefetch_buffer_with_index (vm, bi0, LOAD);
+      bi1 = mq->buffers[(head + 5) & mask];
+      vlib_prefetch_buffer_with_index (vm, bi1, LOAD);
+      bi2 = mq->buffers[(head + 6) & mask];
+      vlib_prefetch_buffer_with_index (vm, bi2, LOAD);
+      bi3 = mq->buffers[(head + 7) & mask];
+      vlib_prefetch_buffer_with_index (vm, bi3, LOAD);
+
+      s0 = head++ & mask;
+      s1 = head++ & mask;
+      s2 = head++ & mask;
+      s3 = head++ & mask;
+
+      d0 = &ring->desc[s0];
+      d1 = &ring->desc[s1];
+      d2 = &ring->desc[s2];
+      d3 = &ring->desc[s3];
+
+      clib_memcpy (d0, dt, sizeof (memif_desc_t));
+      clib_memcpy (d1, dt, sizeof (memif_desc_t));
+      clib_memcpy (d2, dt, sizeof (memif_desc_t));
+      clib_memcpy (d3, dt, sizeof (memif_desc_t));
+
+      b0 = vlib_get_buffer (vm, mq->buffers[s0]);
+      b1 = vlib_get_buffer (vm, mq->buffers[s1]);
+      b2 = vlib_get_buffer (vm, mq->buffers[s2]);
+      b3 = vlib_get_buffer (vm, mq->buffers[s3]);
+
+      d0->region = b0->buffer_pool_index + 1;
+      d1->region = b1->buffer_pool_index + 1;
+      d2->region = b2->buffer_pool_index + 1;
+      d3->region = b3->buffer_pool_index + 1;
+
+      d0->offset =
+	(void *) b0->data - mif->regions[d0->region].shm + start_offset;
+      d1->offset =
+	(void *) b1->data - mif->regions[d1->region].shm + start_offset;
+      d2->offset =
+	(void *) b2->data - mif->regions[d2->region].shm + start_offset;
+      d3->offset =
+	(void *) b3->data - mif->regions[d3->region].shm + start_offset;
+
+      n_alloc -= 4;
+    }
+  while (n_alloc)
+    {
+      s0 = head++ & mask;
+      d0 = &ring->desc[s0];
+      clib_memcpy (d0, dt, sizeof (memif_desc_t));
+      b0 = vlib_get_buffer (vm, mq->buffers[s0]);
+      d0->region = b0->buffer_pool_index + 1;
+      d0->offset =
+	(void *) b0->data - mif->regions[d0->region].shm + start_offset;
+
+      n_alloc -= 1;
     }
 
   CLIB_MEMORY_STORE_BARRIER ();
@@ -831,7 +882,7 @@ CLIB_MULTIARCH_FN (memif_input_fn) (vlib_main_t * vm,
 	      n_rx += memif_device_input_zc_inline (vm, node, frame, mif,
 						    dq->queue_id, mode_eth);
 	  }
-	if (mif->flags & MEMIF_IF_FLAG_IS_SLAVE)
+	else if (mif->flags & MEMIF_IF_FLAG_IS_SLAVE)
 	  {
 	    if (mif->mode == MEMIF_INTERFACE_MODE_IP)
 	      n_rx += memif_device_input_inline (vm, node, frame, mif,

src/plugins/nat/nat.c

@@ -682,12 +682,12 @@ int snat_add_static_mapping(ip4_address_t l_addr, ip4_address_t e_addr,
   u32 ses_index;
   u64 user_index;
   snat_session_t * s;
+  snat_static_map_resolve_t *rp, *rp_match = 0;
 
   /* If the external address is a specific interface address */
   if (sw_if_index != ~0)
     {
       ip4_address_t * first_int_addr;
-      snat_static_map_resolve_t *rp, *rp_match = 0;
 
       for (i = 0; i < vec_len (sm->to_resolve); i++)
         {
@@ -830,7 +830,26 @@ int snat_add_static_mapping(ip4_address_t l_addr, ip4_address_t e_addr,
             }
           /* External address must be allocated */
           if (!a && (l_addr.as_u32 != e_addr.as_u32))
-            return VNET_API_ERROR_NO_SUCH_ENTRY;
+            {
+              if (sw_if_index != ~0)
+                {
+                  for (i = 0; i < vec_len (sm->to_resolve); i++)
+                    {
+                      rp = sm->to_resolve + i;
+                      if (rp->addr_only)
+                         continue;
+                      if (rp->sw_if_index != sw_if_index &&
+                          rp->l_addr.as_u32 != l_addr.as_u32 &&
+                          rp->vrf_id != vrf_id && rp->l_port != l_port &&
+                          rp->e_port != e_port && rp->proto != proto)
+                        continue;
+
+                      vec_del1 (sm->to_resolve, i);
+                      break;
+                    }
+                }
+              return VNET_API_ERROR_NO_SUCH_ENTRY;
+            }
         }
 
       pool_get (sm->static_mappings, m);
@@ -942,7 +961,12 @@ int snat_add_static_mapping(ip4_address_t l_addr, ip4_address_t e_addr,
   else
     {
       if (!m)
-        return VNET_API_ERROR_NO_SUCH_ENTRY;
+        {
+          if (sw_if_index != ~0)
+            return 0;
+          else
+            return VNET_API_ERROR_NO_SUCH_ENTRY;
+        }
 
       /* Free external address port */
       if (!(addr_only || sm->static_mapping_only || out2in_only))
@@ -2406,12 +2430,14 @@ static clib_error_t *
 snat_config (vlib_main_t * vm, unformat_input_t * input)
 {
   snat_main_t * sm = &snat_main;
+  nat66_main_t * nm = &nat66_main;
   u32 translation_buckets = 1024;
   u32 translation_memory_size = 128<<20;
   u32 user_buckets = 128;
   u32 user_memory_size = 64<<20;
   u32 max_translations_per_user = 100;
   u32 outside_vrf_id = 0;
+  u32 outside_ip6_vrf_id = 0;
   u32 inside_vrf_id = 0;
   u32 static_mapping_buckets = 1024;
   u32 static_mapping_memory_size = 64<<20;
@@ -2444,6 +2470,9 @@ snat_config (vlib_main_t * vm, unformat_input_t * input)
       else if (unformat (input, "outside VRF id %d",
                          &outside_vrf_id))
         ;
+      else if (unformat (input, "outside ip6 VRF id %d",
+                         &outside_ip6_vrf_id))
+        ;
       else if (unformat (input, "inside VRF id %d",
                          &inside_vrf_id))
         ;
@@ -2487,6 +2516,10 @@ snat_config (vlib_main_t * vm, unformat_input_t * input)
   sm->outside_fib_index = fib_table_find_or_create_and_lock (FIB_PROTOCOL_IP4,
                                                              outside_vrf_id,
                                                              FIB_SOURCE_PLUGIN_HI);
+  nm->outside_vrf_id = outside_ip6_vrf_id;
+  nm->outside_fib_index = fib_table_find_or_create_and_lock (FIB_PROTOCOL_IP6,
+                                                             outside_ip6_vrf_id,
+                                                             FIB_SOURCE_PLUGIN_HI);
   sm->inside_vrf_id = inside_vrf_id;
   sm->inside_fib_index = fib_table_find_or_create_and_lock (FIB_PROTOCOL_IP4,
                                                             inside_vrf_id,