jvpp: remove redundant libvlib.la dependency

Follows https://gerrit.fd.io/r/#/c/5681/
Should fix VPP-689.

Change-Id: I5514c3d2657f4ee0a932d14c80f55d1471f5d56f
Signed-off-by: Marek Gradzki <mgradzki@cisco.com>

.gitreview

@@ -2,3 +2,4 @@
 host=gerrit.fd.io
 port=29418
 project=vpp
+defaultbranch=stable/1704

MAINTAINERS

@@ -57,7 +57,7 @@ M:	Damjan Marion <damarion@cisco.com>
 F:	src/vnet/devices/
 
 VNET Device Drivers - DPDK Crypto
-M:	Sergio Gonzales Monroy <sergio.gonzalez.monroy@intel.com>
+M:	Sergio Gonzalez Monroy <sergio.gonzalez.monroy@intel.com>
 F:	src/devices/dpdk/ipsec/
 
 VNET Feature Arcs
@@ -81,7 +81,7 @@ M:	Pablo Camarillo <pcamaril@cisco.com>
 F:	src/vnet/sr/
 
 VNET IPSec
-M:	Sergio Gonzales Monroy <sergio.gonzalez.monroy@intel.com>
+M:	Sergio Gonzalez Monroy <sergio.gonzalez.monroy@intel.com>
 M:	Matus Fabian <matfabia@cisco.com>
 F:	src/vnet/ipsec/
 

Makefile

@@ -40,7 +40,7 @@ DEB_DEPENDS  = curl build-essential autoconf automake bison libssl-dev ccache
 DEB_DEPENDS += debhelper dkms git libtool libganglia1-dev libapr1-dev dh-systemd
 DEB_DEPENDS += libconfuse-dev git-review exuberant-ctags cscope pkg-config
 DEB_DEPENDS += lcov chrpath autoconf nasm
-DEB_DEPENDS += python-dev python-virtualenv python-pip libffi6
+DEB_DEPENDS += python-all python-dev python-virtualenv python-pip libffi6
 ifeq ($(OS_VERSION_ID),14.04)
 	DEB_DEPENDS += openjdk-8-jdk-headless
 else

build-data/platforms.mk

@@ -59,10 +59,6 @@ install-deb: $(patsubst %,%-find-source,$(ROOT_PACKAGES))
 	./scripts/find-vpp-api-java-contents $(INSTALL_PREFIX)$(ARCH)	\
 	 deb/debian/vpp-api-java.install ;				\
 									\
-	: vpp-api-python package ;					\
-	./scripts/find-vpp-api-python-contents $(INSTALL_PREFIX)$(ARCH)	\
-	 deb/debian/vpp-api-python.install ;				\
-									\
 	: bin package needs startup config ; 				\
 	echo ../../src/vpp/conf/startup.conf /etc/vpp 			\
 	   >> deb/debian/vpp.install ;					\

build-root/deb/debian/control

@@ -2,7 +2,7 @@ Source: vpp
 Section: net
 Priority: extra
 Maintainer: Cisco OpenVPP Packaging Team <bogus.address@cisco.com>
-Build-Depends: debhelper (>= 9), dh-systemd, dh-python, chrpath
+Build-Depends: debhelper (>= 9), dh-systemd, dh-python, chrpath, python-all
 Standards-Version: 3.9.4
 
 Package: vpp

build-root/deb/debian/rules

@@ -16,9 +16,15 @@ include /usr/share/dpkg/default.mk
 # package maintainers to append LDFLAGS
 #export DEB_LDFLAGS_MAINT_APPEND = -Wl,--as-needed
 
+export PYBUILD_NAME = vpp-api-python
+export PYBUILD_DIR = ../../src/vpp-api/python
+export PYBUILD_DESTDIR_python2=debian/vpp-api-python/
+export PYBUILD_DISABLE_python2=test
+export PYBUILD_SYSTEM=distutils
+
 # main packaging script based on dh7 syntax
 %:
-	dh $@ --with systemd,python2
+	dh $@ --with systemd,python2 --buildsystem=pybuild
 
 override_dh_install:
 	dh_install --exclude .git

build-root/deb/debian/vpp-api-python.postinst

@@ -1,5 +0,0 @@
-#!/bin/sh -e
-
-# after installing python-api files
-python2_sitedir=$(python -c "from distutils.sysconfig import get_python_lib; print(get_python_lib())")
-easy_install --install-dir=$python2_sitedir  -z $python2_sitedir/vpp_papi/vpp_papi-*.egg

build-root/deb/debian/vpp-api-python.prerm

@@ -1,8 +0,0 @@
-#!/bin/sh -e
-
-# before removing python-api files
-python2_sitedir=$(python -c "from distutils.sysconfig import get_python_lib; print(get_python_lib())")
-easy_install --install-dir=$python2_sitedir -mxNq vpp_papi
-
-# the egg has been copied during install
-rm $python2_sitedir/vpp_papi-*.egg

doxygen/Makefile

@@ -53,7 +53,8 @@ DOXY_SRC_DIRECTORIES = \
 	$(DOXY_SRC)/vlibsocket \
 	$(DOXY_SRC)/vnet \
 	$(DOXY_SRC)/vpp \
-	$(DOXY_SRC)/vpp-api
+	$(DOXY_SRC)/vpp-api \
+	$(DOXY_SRC)/examples
 
 # Input directories and files
 DOXY_INPUT ?= \
@@ -72,9 +73,8 @@ DOXY_INPUT := $(subst $(WS_ROOT)/,,$(DOXY_INPUT))
 # These must be left-anchored paths for the regexp below to work.
 DOXY_EXCLUDE ?= \
 	$(DOXY_SRC)/vlib/vlib/buffer.c \
-	$(DOXY_SRC)/vlib/example \
 	$(DOXY_SRC)/vpp-api/lua \
-	plugins/sample-plugin
+	$(DOXY_SRC)/examples/sample-plugin
 
 # Generate a regexp for filenames to exclude
 DOXY_EXCLUDE_REGEXP = ($(subst .,\.,$(shell echo '$(strip $(DOXY_EXCLUDE))' | sed -e 's/ /|/g')))

doxygen/user_doc.md

@@ -4,13 +4,14 @@ User Documentation    {#user_doc}
 Several modules provide operational, dataplane-user focused documentation.
 
 - [GUI guided user demo](https://wiki.fd.io/view/VPP_Sandbox/vpp-userdemo)
-- @subpage qos_doc
-- @subpage ipsec_gre_doc
-- @subpage dpdk_crypto_ipsec_doc
-- @subpage map_doc
-- @subpage lldp_doc
-- @subpage ioam_plugin_doc
-- @subpage lb_plugin_doc
-- @subpage flowperpkt_plugin_doc
-- @subpage span_doc
 - @subpage bfd_doc
+- @subpage ioam_plugin_doc
+- @subpage ipsec_gre_doc
+- @subpage lb_plugin_doc
+- @subpage lldp_doc
+- @subpage map_doc
+- @subpage dpdk_crypto_ipsec_doc
+- @subpage flowperpkt_plugin_doc
+- @subpage qos_doc
+- @subpage span_doc
+- @subpage srv6_doc

src/configure.ac

@@ -154,7 +154,6 @@ PLUGIN_ENABLED(lb)
 PLUGIN_ENABLED(memif)
 PLUGIN_ENABLED(sixrd)
 PLUGIN_ENABLED(snat)
-PLUGIN_DISABLED(srv6sample)
 
 ###############################################################################
 # Dependency checks

src/examples/srv6-sample-localsid/srv6_sample_localsid_doc.md

@@ -1,12 +1,4 @@
-# SRv6 Sample LocalSID documentation    {#srv6_plugin_doc}
-
-## Disclaimer
-
-This is a memo intended to contain documentation for the sample SRv6 LocalSID behavior plugin
-Everything that is not directly obvious should come here.
-For any feedback on content that should be explained please mailto:pcamaril@cisco.com
- 
-This plugin refers to Segment Routing. Please read the SR documentation first.
+# Sample SRv6 LocalSID documentation    {#srv6_plugin_doc}
 
 ## Introduction
 

src/plugins/Makefile.am

@@ -69,10 +69,6 @@ if ENABLE_SNAT_PLUGIN
 include snat.am
 endif
 
-if ENABLE_SRV6SAMPLE_PLUGIN
-include sample_srv6_localsid.am
-endif
-
 include ../suffix-rules.mk
 
 # Remove *.la files

src/plugins/acl.am

@@ -22,6 +22,7 @@ acl_plugin_la_SOURCES =				\
 	acl/l2sess.c				\
 	acl/l2sess_node.c			\
 	acl/l2sess.h				\
+	acl/manual_fns.h			\
 	acl/acl_plugin.api.h
 
 API_FILES += acl/acl.api
@@ -29,8 +30,9 @@ API_FILES += acl/acl.api
 nobase_apiinclude_HEADERS +=			\
   acl/acl_all_api_h.h				\
   acl/acl_msg_enum.h				\
+  acl/manual_fns.h				\
   acl/acl.api.h
 
-acl_test_plugin_la_SOURCES = acl/acl_test.c acl/acl_plugin.api.h
+acl_test_plugin_la_SOURCES = acl/acl_test.c acl/acl_plugin.api.h acl/acl_all_api.h
 
 # vi:syntax=automake

src/plugins/acl/acl.api

@@ -60,7 +60,7 @@ define acl_plugin_get_version_reply
     @param tcp_flags_value - if proto==6, mask to AND the TCP flags in the packet with
 */
 
-typeonly manual_print manual_endian define acl_rule
+typeonly manual_print define acl_rule
 {
   u8 is_permit;
   u8 is_ipv6;
@@ -104,7 +104,7 @@ typeonly manual_print manual_endian define acl_rule
     @param src_ip_prefix_len - Source prefix length
 */
 
-typeonly manual_print manual_endian define macip_acl_rule
+typeonly manual_print define macip_acl_rule
 {
   u8 is_permit;
   u8 is_ipv6;
@@ -161,7 +161,7 @@ define acl_add_replace_reply
     @param acl_index - ACL index to delete
 */
 
-define acl_del
+manual_print define acl_del
 {
   u32 client_index;
   u32 context;
@@ -190,7 +190,7 @@ define acl_del_reply
     @param acl_index - index of ACL for the operation
 */
 
-define acl_interface_add_del
+manual_print define acl_interface_add_del
 {
   u32 client_index;
   u32 context;
@@ -224,7 +224,7 @@ define acl_interface_add_del_reply
     @param acls - vector of ACL indices
 */
 
-manual_endian define acl_interface_set_acl_list
+manual_print define acl_interface_set_acl_list
 {
   u32 client_index;
   u32 context;
@@ -266,7 +266,7 @@ define acl_dump
     @param r - Array of rules within this ACL
 */
 
-manual_print manual_endian define acl_details
+manual_endian manual_print define acl_details
 {
   u32 context;
   u32 acl_index;
@@ -296,7 +296,7 @@ define acl_interface_list_dump
     @param acls - the vector of ACL indices
 */
 
-manual_endian define acl_interface_list_details
+define acl_interface_list_details
 {
   u32 context;
   u32 sw_if_index;
@@ -313,7 +313,7 @@ manual_endian define acl_interface_list_details
     @param r - vector of MACIP ACL rules
 */
 
-manual_print manual_endian define macip_acl_add
+manual_endian manual_print define macip_acl_add
 {
   u32 client_index;
   u32 context;
@@ -341,7 +341,7 @@ define macip_acl_add_reply
     @param acl_index - MACIP ACL index to delete
 */
 
-define macip_acl_del
+manual_print define macip_acl_del
 {
   u32 client_index;
   u32 context;
@@ -367,7 +367,7 @@ define macip_acl_del_reply
     @param acl_index - MACIP ACL index
 */
 
-define macip_acl_interface_add_del
+manual_print define macip_acl_interface_add_del
 {
   u32 client_index;
   u32 context;
@@ -409,7 +409,7 @@ define macip_acl_dump
     @param r - rules comprising this ACL
 */
 
-manual_print manual_endian define macip_acl_details
+manual_endian manual_print define macip_acl_details
 {
   u32 context;
   u32 acl_index;

src/plugins/acl/acl.c

@@ -1767,8 +1767,6 @@ vl_api_macip_acl_interface_get_t_handler (vl_api_macip_acl_interface_get_t *
   vl_msg_api_send_shmem (q, (u8 *) & rmp);
 }
 
-
-
 /* Set up the API message handling tables */
 static clib_error_t *
 acl_plugin_api_hookup (vlib_main_t * vm)
@@ -2010,6 +2008,11 @@ acl_set_aclplugin_fn (vlib_main_t * vm,
     }
     goto done;
   }
+  if (unformat (input, "l4-match-nonfirst-fragment %u", &val))
+    {
+      am->l4_match_nonfirst_fragment = (val != 0);
+      goto done;
+    }
   if (unformat (input, "session")) {
     if (unformat (input, "clear")) {
       acl_main_t *am = &acl_main;
@@ -2120,10 +2123,15 @@ acl_show_aclplugin_fn (vlib_main_t * vm,
         u64 n_dels = sw_if_index < vec_len(am->fa_session_dels_by_sw_if_index) ? am->fa_session_dels_by_sw_if_index[sw_if_index] : 0;
         out0 = format(out0, "sw_if_index %d: add %lu - del %lu = %lu\n", sw_if_index, n_adds, n_dels, n_adds - n_dels);
       }));
+      out0 = format(out0, "\n\nConn cleaner thread counters:\n");
+#define _(cnt, desc) out0 = format(out0, "             %20lu: %s\n", am->cnt, desc);
+      foreach_fa_cleaner_counter;
+#undef _
       vlib_cli_output(vm, "\n\n%s\n\n", out0);
       vlib_cli_output(vm, "Sessions per interval: min %lu max %lu increment: %f ms current: %f ms",
               am->fa_min_deleted_sessions_per_interval, am->fa_max_deleted_sessions_per_interval,
               am->fa_cleaner_wait_time_increment * 1000.0, ((f64)am->fa_current_cleaner_timer_wait_interval) * 1000.0/(f64)vm->clib_time.clocks_per_second);
+
       vec_free(out0);
     }
   return error;
@@ -2190,10 +2198,20 @@ acl_init (vlib_main_t * vm)
   am->fa_max_deleted_sessions_per_interval = ACL_FA_DEFAULT_MAX_DELETED_SESSIONS_PER_INTERVAL;
   am->fa_cleaner_wait_time_increment = ACL_FA_DEFAULT_CLEANER_WAIT_TIME_INCREMENT;
 
+  am->fa_cleaner_cnt_delete_by_sw_index = 0;
+  am->fa_cleaner_cnt_delete_by_sw_index_ok = 0;
+  am->fa_cleaner_cnt_unknown_event = 0;
+  am->fa_cleaner_cnt_deleted_sessions = 0;
+  am->fa_cleaner_cnt_timer_restarted = 0;
+  am->fa_cleaner_cnt_wait_with_timeout = 0;
+
+
 #define _(N, v, s) am->fa_ipv6_known_eh_bitmap = clib_bitmap_set(am->fa_ipv6_known_eh_bitmap, v, 1);
   foreach_acl_eh
 #undef _
 
+  am->l4_match_nonfirst_fragment = 1;
+
   return error;
 }
 

src/plugins/acl/acl.h

@@ -181,6 +181,9 @@ typedef struct {
   /* EH values that we can skip over */
   uword *fa_ipv6_known_eh_bitmap;
 
+  /* whether to match L4 ACEs with ports on the non-initial fragment */
+  int l4_match_nonfirst_fragment;
+
   /* conn table per-interface conn table parameters */
   u32 fa_conn_table_hash_num_buckets;
   uword fa_conn_table_hash_memory_size;
@@ -209,6 +212,22 @@ typedef struct {
   u32 fa_conn_list_head[ACL_N_TIMEOUTS];
   u32 fa_conn_list_tail[ACL_N_TIMEOUTS];
 
+  /* Counters for the cleaner thread */
+
+#define foreach_fa_cleaner_counter                                         \
+  _(fa_cleaner_cnt_delete_by_sw_index, "delete_by_sw_index events")        \
+  _(fa_cleaner_cnt_delete_by_sw_index_ok, "delete_by_sw_index handled ok") \
+  _(fa_cleaner_cnt_unknown_event, "unknown events received")               \
+  _(fa_cleaner_cnt_deleted_sessions, "sessions deleted")                   \
+  _(fa_cleaner_cnt_timer_restarted, "session idle timers restarted")       \
+  _(fa_cleaner_cnt_wait_with_timeout, "event wait with timeout called")    \
+  _(fa_cleaner_cnt_wait_without_timeout, "event wait w/o timeout called")  \
+  _(fa_cleaner_cnt_event_cycles, "total event cycles")                     \
+  _(fa_cleaner_cnt_already_deleted, "try to delete already deleted conn")  \
+/* end of counters */
+#define _(id, desc) u32 id;
+  foreach_fa_cleaner_counter
+#undef _
 
   /* convenience */
   vlib_main_t * vlib_main;
@@ -219,6 +238,7 @@ typedef struct {
    _(HOPBYHOP , 0  , "IPv6ExtHdrHopByHop")                      \
    _(ROUTING  , 43 , "IPv6ExtHdrRouting")                       \
    _(DESTOPT  , 60 , "IPv6ExtHdrDestOpt")                       \
+   _(FRAGMENT , 44 , "IPv6ExtHdrFragment")                      \
    _(MOBILITY , 135, "Mobility Header")                         \
    _(HIP      , 139, "Experimental use Host Identity Protocol") \
    _(SHIM6    , 140, "Shim6 Protocol")                          \
@@ -231,7 +251,6 @@ typedef struct {
  Also, Fragment header needs special processing.
 
    _(NONEXT   , 59 , "NoNextHdr")                               \
-   _(FRAGMENT , 44 , "IPv6ExtHdrFragment")                      \
 
 
 ESP is hiding its internal format, so no point in trying to go past it.

src/plugins/acl/acl_test.c

@@ -164,14 +164,14 @@ vl_api_acl_rule_t_pretty_format (u8 *out, vl_api_acl_rule_t * a)
   inet_ntop(af, a->src_ip_addr, (void *)src, sizeof(src));
   inet_ntop(af, a->dst_ip_addr, (void *)dst, sizeof(dst));
 
-  out = format(out, "%s action %d src %s/%d dst %s/%d proto %d sport %d-%d dport %d-%d tcpflags %d %d",
+  out = format(out, "%s action %d src %s/%d dst %s/%d proto %d sport %d-%d dport %d-%d tcpflags %d mask %d",
                      a->is_ipv6 ? "ipv6" : "ipv4", a->is_permit,
                      src, a->src_ip_prefix_len,
                      dst, a->dst_ip_prefix_len,
                      a->proto,
                      a->srcport_or_icmptype_first, a->srcport_or_icmptype_last,
 	             a->dstport_or_icmpcode_first, a->dstport_or_icmpcode_last,
-                     a->tcp_flags_mask, a->tcp_flags_value);
+                     a->tcp_flags_value, a->tcp_flags_mask);
   return(out);
 }
 
@@ -326,6 +326,7 @@ static int api_acl_add_replace (vat_main_t * vam)
     vl_api_acl_rule_t *rules = 0;
     int rule_idx = 0;
     int n_rules = 0;
+    int n_rules_override = -1;
     u32 proto = 0;
     u32 port1 = 0;
     u32 port2 = 0;
@@ -363,6 +364,10 @@ static int api_acl_add_replace (vat_main_t * vam)
             vec_validate_acl_rules(rules, rule_idx);
             rules[rule_idx].is_permit = 1;
           }
+        else if (unformat (i, "count %d", &n_rules_override))
+          {
+            /* we will use this later */
+          }
         else if (unformat (i, "action %d", &action))
           {
             vec_validate_acl_rules(rules, rule_idx);
@@ -430,6 +435,12 @@ static int api_acl_add_replace (vat_main_t * vam)
             rules[rule_idx].tcp_flags_value = tcpflags;
             rules[rule_idx].tcp_flags_mask = tcpmask;
           }
+        else if (unformat (i, "tcpflags %d mask %d", &tcpflags, &tcpmask))
+          {
+            vec_validate_acl_rules(rules, rule_idx);
+            rules[rule_idx].tcp_flags_value = tcpflags;
+            rules[rule_idx].tcp_flags_mask = tcpmask;
+          }
         else if (unformat (i, "proto %d", &proto))
           {
             vec_validate_acl_rules(rules, rule_idx);
@@ -455,6 +466,9 @@ static int api_acl_add_replace (vat_main_t * vam)
     else
       n_rules = 0;
 
+    if (n_rules_override >= 0)
+      n_rules = n_rules_override;
+
     msg_size += n_rules*sizeof(rules[0]);
 
     mp = vl_msg_api_alloc_as_if_client(msg_size);
@@ -812,6 +826,7 @@ static int api_macip_acl_add (vat_main_t * vam)
     vl_api_macip_acl_rule_t *rules = 0;
     int rule_idx = 0;
     int n_rules = 0;
+    int n_rules_override = -1;
     u32 src_prefix_length = 0;
     u32 action = 0;
     ip4_address_t src_v4address;
@@ -843,6 +858,10 @@ static int api_macip_acl_add (vat_main_t * vam)
             vec_validate_macip_acl_rules(rules, rule_idx);
             rules[rule_idx].is_permit = 0;
           }
+        else if (unformat (i, "count %d", &n_rules_override))
+          {
+            /* we will use this later */
+          }
         else if (unformat (i, "action %d", &action))
           {
             vec_validate_macip_acl_rules(rules, rule_idx);
@@ -856,6 +875,10 @@ static int api_macip_acl_add (vat_main_t * vam)
             rules[rule_idx].src_ip_prefix_len = src_prefix_length;
             rules[rule_idx].is_ipv6 = 0;
           }
+        else if (unformat (i, "src"))
+          {
+            /* Everything in MACIP is "source" but allow this verbosity */
+          }
         else if (unformat (i, "ip %U/%d",
          unformat_ip6_address, &src_v6address, &src_prefix_length))
           {
@@ -897,6 +920,9 @@ static int api_macip_acl_add (vat_main_t * vam)
     else
       n_rules = 0;
 
+    if (n_rules_override >= 0)
+      n_rules = n_rules_override;
+
     msg_size += n_rules*sizeof(rules[0]);
 
     mp = vl_msg_api_alloc_as_if_client(msg_size);

src/plugins/acl/fa_node.c

@@ -191,7 +191,21 @@ acl_match_5tuple (acl_main_t * am, u32 acl_index, fa_5tuple_t * pkt_5tuple,
 	{
 	  if (pkt_5tuple->l4.proto != r->proto)
 	    continue;
-	  /* A sanity check just to ensure what we jave just matched was a valid L4 extracted from the packet */
+
+          if (PREDICT_FALSE (pkt_5tuple->pkt.is_nonfirst_fragment &&
+                     am->l4_match_nonfirst_fragment))
+          {
+            /* non-initial fragment with frag match configured - match this rule */
+            *trace_bitmap |= 0x80000000;
+            *r_action = r->is_permit;
+            if (r_acl_match_p)
+	      *r_acl_match_p = acl_index;
+            if (r_rule_match_p)
+	      *r_rule_match_p = i;
+            return 1;
+          }
+
+	  /* A sanity check just to ensure we are about to match the ports extracted from the packet */
 	  if (PREDICT_FALSE (!pkt_5tuple->pkt.l4_valid))
 	    continue;
 
@@ -312,6 +326,10 @@ acl_fill_5tuple (acl_main_t * am, vlib_buffer_t * b0, int is_ip6,
       l3_offset = 0;
     }
 
+  /* key[0..3] contains src/dst address and is cleared/set below */
+  /* Remainder of the key and per-packet non-key data */
+  p5tuple_pkt->kv.key[4] = 0;
+  p5tuple_pkt->kv.value = 0;
 
   if (is_ip6)
     {
@@ -333,12 +351,33 @@ acl_fill_5tuple (acl_main_t * am, vlib_buffer_t * b0, int is_ip6,
       int need_skip_eh = clib_bitmap_get (am->fa_ipv6_known_eh_bitmap, proto);
       if (PREDICT_FALSE (need_skip_eh))
 	{
-	  /* FIXME: add fragment header special handling. Currently causes treated as unknown header. */
 	  while (need_skip_eh && offset_within_packet (b0, l4_offset))
 	    {
-	      u8 nwords = *(u8 *) get_ptr_to_offset (b0, 1 + l4_offset);
-	      proto = *(u8 *) get_ptr_to_offset (b0, l4_offset);
-	      l4_offset += 8 * (1 + (u16) nwords);
+	      /* Fragment header needs special handling */
+	      if (PREDICT_FALSE(ACL_EH_FRAGMENT == proto))
+	        {
+	          proto = *(u8 *) get_ptr_to_offset (b0, l4_offset);
+		  u16 frag_offset;
+		  clib_memcpy (&frag_offset, get_ptr_to_offset (b0, 2 + l4_offset), sizeof(frag_offset));
+		  frag_offset = ntohs(frag_offset) >> 3;
+		  if (frag_offset)
+		    {
+                      p5tuple_pkt->pkt.is_nonfirst_fragment = 1;
+                      /* invalidate L4 offset so we don't try to find L4 info */
+                      l4_offset += b0->current_length;
+		    }
+		  else
+		    {
+		      /* First fragment: skip the frag header and move on. */
+		      l4_offset += 8;
+		    }
+		}
+              else
+                {
+	          u8 nwords = *(u8 *) get_ptr_to_offset (b0, 1 + l4_offset);
+	          proto = *(u8 *) get_ptr_to_offset (b0, l4_offset);
+	          l4_offset += 8 * (1 + (u16) nwords);
+                }
 #ifdef FA_NODE_VERBOSE_DEBUG
 	      clib_warning ("ACL_FA_NODE_DBG: new proto: %d, new offset: %d",
 			    proto, l4_offset);
@@ -369,13 +408,26 @@ acl_fill_5tuple (acl_main_t * am, vlib_buffer_t * b0, int is_ip6,
 				   offsetof (ip4_header_t,
 					     protocol) + l3_offset);
       l4_offset = l3_offset + sizeof (ip4_header_t);
+      u16 flags_and_fragment_offset;
+      clib_memcpy (&flags_and_fragment_offset,
+                   get_ptr_to_offset (b0,
+                                      offsetof (ip4_header_t,
+                                                flags_and_fragment_offset)) + l3_offset,
+                                                sizeof(flags_and_fragment_offset));
+      flags_and_fragment_offset = ntohs (flags_and_fragment_offset);
+
+      /* non-initial fragments have non-zero offset */
+      if ((PREDICT_FALSE(0xfff & flags_and_fragment_offset)))
+        {
+          p5tuple_pkt->pkt.is_nonfirst_fragment = 1;
+          /* invalidate L4 offset so we don't try to find L4 info */
+          l4_offset += b0->current_length;
+        }
+
     }
-  /* Remainder of the key and per-packet non-key data */
-  p5tuple_pkt->kv.key[4] = 0;
-  p5tuple_pkt->kv.value = 0;
+  p5tuple_pkt->l4.proto = proto;
   if (PREDICT_TRUE (offset_within_packet (b0, l4_offset)))
     {
-      p5tuple_pkt->l4.proto = proto;
       p5tuple_pkt->pkt.l4_valid = 1;
       if (icmp_protos[is_ip6] == proto)
 	{
@@ -533,6 +585,10 @@ acl_fa_conn_list_add_session (acl_main_t * am, u32 sess_id)
 
   if (~0 == am->fa_conn_list_head[list_id]) {
     am->fa_conn_list_head[list_id] = sess_id;
+    /* If it is a first conn in any list, kick off the cleaner */
+    vlib_process_signal_event (am->vlib_main, am->fa_cleaner_node_index,
+                                 ACL_FA_CLEANER_RESCHEDULE, 0);
+
   }
 }
 
@@ -556,7 +612,7 @@ acl_fa_conn_list_delete_session (acl_main_t *am, u32 sess_id)
     am->fa_conn_list_head[sess->link_list_id] = sess->link_next_idx;
   }
   if (am->fa_conn_list_tail[sess->link_list_id] == sess_id) {
-    am->fa_conn_list_tail[sess->link_list_id] = sess->link_next_idx;
+    am->fa_conn_list_tail[sess->link_list_id] = sess->link_prev_idx;
   }
 }
 
@@ -982,14 +1038,6 @@ acl_out_ip4_fa_node_fn (vlib_main_t * vm,
 
 /* *INDENT-OFF* */
 #define foreach_acl_fa_cleaner_error \
-_(EVENT_CYCLE, "event processing cycle")  \
-_(TIMER_RESTARTED, "restarted session timers")  \
-_(DELETED_SESSIONS, "deleted sessions")  \
-_(ALREADY_DELETED, "timer event for already deleted session")  \
-_(DELETE_BY_SW_IF_INDEX, "delete by sw_if_index event")  \
-_(DELETE_BY_SW_IF_INDEX_OK, "delete by sw_if_index completed ok")  \
-_(WAIT_WITHOUT_TIMEOUT, "process waits without timeout")  \
-_(WAIT_WITH_TIMEOUT, "process waits with timeout")  \
 _(UNKNOWN_EVENT, "unknown event received")  \
 /* end  of errors */
 
@@ -1067,7 +1115,7 @@ acl_fa_session_cleaner_process (vlib_main_t * vm, vlib_node_runtime_t * rt,
   f64 cpu_cps = vm->clib_time.clocks_per_second;
   u64 next_expire;
   /* We should call timer wheel at least twice a second */
-  u64 max_timer_wait_interval = cpu_cps / 2; 
+  u64 max_timer_wait_interval = cpu_cps / 2;
   am->fa_current_cleaner_timer_wait_interval = max_timer_wait_interval;
 
   u32 *expired = NULL;
@@ -1079,10 +1127,24 @@ acl_fa_session_cleaner_process (vlib_main_t * vm, vlib_node_runtime_t * rt,
     {
       u32 count_deleted_sessions = 0;
       u32 count_already_deleted = 0;
-      u32 count_timer_restarted = 0;
       now = clib_cpu_time_now ();
       next_expire = now + am->fa_current_cleaner_timer_wait_interval;
+      int has_pending_conns = 0;
+      u8 tt;
+      for(tt = 0; tt < ACL_N_TIMEOUTS; tt++)
+        {
+          if (~0 != am->fa_conn_list_head[tt])
+            has_pending_conns = 1;
+        }
 
+      /* If no pending connections then no point in timing out */
+      if (!has_pending_conns)
+        {
+          am->fa_cleaner_cnt_wait_without_timeout++;
+          (void) vlib_process_wait_for_event (vm);
+          event_type = vlib_process_get_events (vm, &event_data);
+        }
+      else
 	{
 	  f64 timeout = ((i64) next_expire - (i64) now) / cpu_cps;
 	  if (timeout <= 0)
@@ -1095,11 +1157,7 @@ acl_fa_session_cleaner_process (vlib_main_t * vm, vlib_node_runtime_t * rt,
 	      /* Timing wheel code is happier if it is called regularly */
 	      if (timeout > 0.5)
 		timeout = 0.5;
-	      vlib_node_increment_counter (vm,
-					   acl_fa_session_cleaner_process_node.
-					   index,
-					   ACL_FA_CLEANER_ERROR_WAIT_WITH_TIMEOUT,
-					   1);
+              am->fa_cleaner_cnt_wait_with_timeout++;
 	      (void) vlib_process_wait_for_event_or_clock (vm, timeout);
 	      event_type = vlib_process_get_events (vm, &event_data);
 	    }
@@ -1119,11 +1177,7 @@ acl_fa_session_cleaner_process (vlib_main_t * vm, vlib_node_runtime_t * rt,
 	    uword *sw_if_index0;
 	    vec_foreach (sw_if_index0, event_data)
 	    {
-	      vlib_node_increment_counter (vm,
-					   acl_fa_session_cleaner_process_node.
-					   index,
-					   ACL_FA_CLEANER_ERROR_DELETE_BY_SW_IF_INDEX,
-					   1);
+              am->fa_cleaner_cnt_delete_by_sw_index++;
 #ifdef FA_NODE_VERBOSE_DEBUG
 	      clib_warning
 		("ACL_FA_NODE_CLEAN: ACL_FA_CLEANER_DELETE_BY_SW_IF_INDEX: %d",
@@ -1134,11 +1188,7 @@ acl_fa_session_cleaner_process (vlib_main_t * vm, vlib_node_runtime_t * rt,
 		acl_fa_clean_sessions_by_sw_if_index (am, *sw_if_index0,
 						      &count);
 	      count_deleted_sessions += count;
-	      vlib_node_increment_counter (vm,
-					   acl_fa_session_cleaner_process_node.
-					   index,
-					   ACL_FA_CLEANER_ERROR_DELETE_BY_SW_IF_INDEX_OK,
-					   result);
+              am->fa_cleaner_cnt_delete_by_sw_index_ok += result;
 	    }
 	  }
 	  break;
@@ -1147,17 +1197,21 @@ acl_fa_session_cleaner_process (vlib_main_t * vm, vlib_node_runtime_t * rt,
 	  clib_warning ("ACL plugin connection cleaner: unknown event %u",
 			event_type);
 #endif
-	  vlib_node_increment_counter (vm,
-				       acl_fa_session_cleaner_process_node.
-				       index,
-				       ACL_FA_CLEANER_ERROR_UNKNOWN_EVENT, 1);
+          vlib_node_increment_counter (vm,
+                                       acl_fa_session_cleaner_process_node.
+                                       index,
+                                       ACL_FA_CLEANER_ERROR_UNKNOWN_EVENT, 1);
+          am->fa_cleaner_cnt_unknown_event++;
 	  break;
 	}
 
       {
         u8 tt = 0;
         for(tt = 0; tt < ACL_N_TIMEOUTS; tt++) {
-          while((vec_len(expired) < 2*am->fa_max_deleted_sessions_per_interval) && (~0 != am->fa_conn_list_head[tt]) && (acl_fa_conn_has_timed_out(am, now, am->fa_conn_list_head[tt]))) {
+          while((vec_len(expired) < 2*am->fa_max_deleted_sessions_per_interval)
+                && (~0 != am->fa_conn_list_head[tt])
+                && (acl_fa_conn_has_timed_out(am, now,
+                                              am->fa_conn_list_head[tt]))) {
             u32 sess_id = am->fa_conn_list_head[tt];
             vec_add1(expired, sess_id);
             acl_fa_conn_list_delete_session(am, sess_id);
@@ -1165,7 +1219,6 @@ acl_fa_session_cleaner_process (vlib_main_t * vm, vlib_node_runtime_t * rt,
         }
       }
 
-
       u32 *psid = NULL;
       vec_foreach (psid, expired)
       {
@@ -1181,15 +1234,22 @@ acl_fa_session_cleaner_process (vlib_main_t * vm, vlib_node_runtime_t * rt,
 		/* clib_warning ("ACL_FA_NODE_CLEAN: Restarting timer for session %d",
 		   (int) session_index); */
 
-		/* Pretend we did this in the past, at last_active moment */
-		count_timer_restarted++;
+                /* There was activity on the session, so the idle timeout
+                   has not passed. Enqueue for another time period. */
+
+                acl_fa_conn_list_add_session(am, session_index);
+
+		/* FIXME: When/if moving to timer wheel,
+                   pretend we did this in the past,
+                   at last_active moment, so the timer is accurate */
+                am->fa_cleaner_cnt_timer_restarted++;
 	      }
 	    else
 	      {
 		/* clib_warning ("ACL_FA_NODE_CLEAN: Deleting session %d",
 		   (int) session_index); */
 		acl_fa_delete_session (am, sw_if_index, session_index);
-		count_deleted_sessions++;
+                count_deleted_sessions++;
 	      }
 	  }
 	else
@@ -1210,22 +1270,9 @@ acl_fa_session_cleaner_process (vlib_main_t * vm, vlib_node_runtime_t * rt,
         if (am->fa_current_cleaner_timer_wait_interval < max_timer_wait_interval)
           am->fa_current_cleaner_timer_wait_interval += cpu_cps * am->fa_cleaner_wait_time_increment;
       }
-
-      vlib_node_increment_counter (vm,
-				   acl_fa_session_cleaner_process_node.index,
-				   ACL_FA_CLEANER_ERROR_EVENT_CYCLE, 1);
-      vlib_node_increment_counter (vm,
-				   acl_fa_session_cleaner_process_node.index,
-				   ACL_FA_CLEANER_ERROR_TIMER_RESTARTED,
-				   count_timer_restarted);
-      vlib_node_increment_counter (vm,
-				   acl_fa_session_cleaner_process_node.index,
-				   ACL_FA_CLEANER_ERROR_DELETED_SESSIONS,
-				   count_deleted_sessions);
-      vlib_node_increment_counter (vm,
-				   acl_fa_session_cleaner_process_node.index,
-				   ACL_FA_CLEANER_ERROR_ALREADY_DELETED,
-				   count_already_deleted);
+      am->fa_cleaner_cnt_event_cycles++;
+      am->fa_cleaner_cnt_deleted_sessions += count_deleted_sessions;
+      am->fa_cleaner_cnt_already_deleted += count_already_deleted;
     }
   /* NOT REACHED */
   return 0;

src/plugins/acl/fa_node.h

@@ -22,10 +22,12 @@
 typedef union {
   u64 as_u64;
   struct {
-    u8 tcp_flags_valid;
     u8 tcp_flags;
-    u8 is_input;
-    u8 l4_valid;
+    u8 tcp_flags_valid:1;
+    u8 is_input:1;
+    u8 l4_valid:1;
+    u8 is_nonfirst_fragment:1;
+    u8 flags_reserved:4;
   };
 } fa_packet_info_t;
 

src/plugins/dpdk/device/init.c

@@ -419,56 +419,35 @@ dpdk_flag_change (vnet_main_t * vnm, vnet_hw_interface_t * hi, u32 flags)
     }
   else if (ETHERNET_INTERFACE_FLAG_CONFIG_MTU (flags))
     {
-      /*
-       * DAW-FIXME: The Cisco VIC firmware does not provide an api for a
-       *            driver to dynamically change the mtu.  If/when the
-       *            VIC firmware gets fixed, then this should be removed.
-       */
-      if (xd->pmd == VNET_DPDK_PMD_ENIC)
+      int rv;
+
+      xd->port_conf.rxmode.max_rx_pkt_len = hi->max_packet_bytes;
+
+      if (xd->flags & DPDK_DEVICE_FLAG_ADMIN_UP)
+	rte_eth_dev_stop (xd->device_index);
+
+      rv = rte_eth_dev_configure
+	(xd->device_index, xd->rx_q_used, xd->tx_q_used, &xd->port_conf);
+
+      if (rv < 0)
+	vlib_cli_output (vlib_get_main (),
+			 "rte_eth_dev_configure[%d]: err %d",
+			 xd->device_index, rv);
+
+      rte_eth_dev_set_mtu (xd->device_index, hi->max_packet_bytes);
+
+      if (xd->flags & DPDK_DEVICE_FLAG_ADMIN_UP)
 	{
-	  struct rte_eth_dev_info dev_info;
-
-	  /*
-	   * Restore mtu to what has been set by CIMC in the firmware cfg.
-	   */
-	  rte_eth_dev_info_get (xd->device_index, &dev_info);
-	  hi->max_packet_bytes = dev_info.max_rx_pktlen;
-
-	  vlib_cli_output (vlib_get_main (),
-			   "Cisco VIC mtu can only be changed "
-			   "using CIMC then rebooting the server!");
-	}
-      else
-	{
-	  int rv;
-
-	  xd->port_conf.rxmode.max_rx_pkt_len = hi->max_packet_bytes;
-
-	  if (xd->flags & DPDK_DEVICE_FLAG_ADMIN_UP)
-	    rte_eth_dev_stop (xd->device_index);
-
-	  rv = rte_eth_dev_configure
-	    (xd->device_index, xd->rx_q_used, xd->tx_q_used, &xd->port_conf);
-
+	  int rv = rte_eth_dev_start (xd->device_index);
+	  if (!rv && xd->default_mac_address)
+	    rv = rte_eth_dev_default_mac_addr_set (xd->device_index,
+						   (struct ether_addr *)
+						   xd->default_mac_address);
 	  if (rv < 0)
-	    vlib_cli_output (vlib_get_main (),
-			     "rte_eth_dev_configure[%d]: err %d",
-			     xd->device_index, rv);
-
-	  rte_eth_dev_set_mtu (xd->device_index, hi->max_packet_bytes);
-
-	  if (xd->flags & DPDK_DEVICE_FLAG_ADMIN_UP)
-	    {
-	      int rv = rte_eth_dev_start (xd->device_index);
-	      if (!rv && xd->default_mac_address)
-		rv = rte_eth_dev_default_mac_addr_set (xd->device_index,
-						       (struct ether_addr *)
-						       xd->default_mac_address);
-	      if (rv < 0)
-		clib_warning ("rte_eth_dev_start %d returned %d",
-			      xd->device_index, rv);
-	    }
+	    clib_warning ("rte_eth_dev_start %d returned %d",
+			  xd->device_index, rv);
 	}
+
     }
   return old;
 }
@@ -655,11 +634,13 @@ dpdk_lib_init (dpdk_main_t * dm)
 	{
 	  xd->tx_conf.txq_flags |= ETH_TXQ_FLAGS_NOMULTSEGS;
 	  port_conf_template.rxmode.jumbo_frame = 0;
+	  port_conf_template.rxmode.enable_scatter = 0;
 	}
       else
 	{
 	  xd->tx_conf.txq_flags &= ~ETH_TXQ_FLAGS_NOMULTSEGS;
 	  port_conf_template.rxmode.jumbo_frame = 1;
+	  port_conf_template.rxmode.enable_scatter = 1;
 	  xd->flags |= DPDK_DEVICE_FLAG_MAYBE_MULTISEG;
 	}
 
@@ -1065,16 +1046,13 @@ dpdk_lib_init (dpdk_main_t * dm)
       hi = vnet_get_hw_interface (dm->vnet_main, xd->vlib_hw_if_index);
 
       /*
-       * DAW-FIXME: The Cisco VIC firmware does not provide an api for a
-       *            driver to dynamically change the mtu.  If/when the
-       *            VIC firmware gets fixed, then this should be removed.
+       * For cisco VIC vNIC, set default to VLAN strip enabled, unless
+       * specified otherwise in the startup config.
+       * For other NICs default to VLAN strip disabled, unless specified
+       * otherwis in the startup config.
        */
       if (xd->pmd == VNET_DPDK_PMD_ENIC)
 	{
-	  /*
-	   * Initialize mtu to what has been set by CIMC in the firmware cfg.
-	   */
-	  hi->max_packet_bytes = dev_info.max_rx_pktlen;
 	  if (devconf->vlan_strip_offload != DPDK_DEVICE_VLAN_STRIP_OFF)
 	    vlan_strip = 1;	/* remove vlan tag from VIC port by default */
 	  else

src/plugins/memif/device.c

@@ -272,9 +272,11 @@ static clib_error_t *
 memif_interface_admin_up_down (vnet_main_t * vnm, u32 hw_if_index, u32 flags)
 {
   memif_main_t *apm = &memif_main;
-  memif_msg_t msg;
+  vlib_main_t *vm = vlib_get_main ();
+  memif_msg_t msg = { 0 };
   vnet_hw_interface_t *hw = vnet_get_hw_interface (vnm, hw_if_index);
   memif_if_t *mif = pool_elt_at_index (apm->interfaces, hw->dev_instance);
+  static clib_error_t *error = 0;
 
   if (flags & VNET_SW_INTERFACE_FLAG_ADMIN_UP)
     mif->flags |= MEMIF_IF_FLAG_ADMIN_UP;
@@ -286,11 +288,17 @@ memif_interface_admin_up_down (vnet_main_t * vnm, u32 hw_if_index, u32 flags)
 	{
 	  msg.version = MEMIF_VERSION;
 	  msg.type = MEMIF_MSG_TYPE_DISCONNECT;
-	  send (mif->connection.fd, &msg, sizeof (msg), 0);
+	  if (send (mif->connection.fd, &msg, sizeof (msg), 0) < 0)
+	    {
+	      clib_unix_warning ("Failed to send disconnect request");
+	      error = clib_error_return_unix (0, "send fd %d",
+					      mif->connection.fd);
+	      memif_disconnect (vm, mif);
+	    }
 	}
     }
 
-  return 0;
+  return error;
 }
 
 static clib_error_t *

src/plugins/memif/memif.c

@@ -85,7 +85,7 @@ memif_connect (vlib_main_t * vm, memif_if_t * mif)
 			       VNET_HW_INTERFACE_FLAG_LINK_UP);
 }
 
-static void
+void
 memif_disconnect (vlib_main_t * vm, memif_if_t * mif)
 {
   vnet_main_t *vnm = vnet_get_main ();
@@ -241,6 +241,7 @@ memif_process_connect_req (memif_pending_conn_t * pending_conn,
   uf->private_data = mif->if_index << 1;
   mif->connection = pending_conn->connection;
   pool_put (mm->pending_conns, pending_conn);
+  pending_conn = 0;
 
   memif_connect (vm, mif);
 
@@ -248,7 +249,22 @@ response:
   resp.version = MEMIF_VERSION;
   resp.type = MEMIF_MSG_TYPE_CONNECT_RESP;
   resp.retval = retval;
-  send (fd, &resp, sizeof (resp), 0);
+  if (send (fd, &resp, sizeof (resp), 0) < 0)
+    {
+      DEBUG_UNIX_LOG ("Failed to send connection response");
+      error = clib_error_return_unix (0, "send fd %d", fd);
+      if (pending_conn)
+	memif_remove_pending_conn (pending_conn);
+      else
+	memif_disconnect (vm, mif);
+    }
+  if (retval > 0)
+    {
+      if (shm_fd >= 0)
+	close (shm_fd);
+      if (int_fd >= 0)
+	close (int_fd);
+    }
   return error;
 }
 
@@ -511,7 +527,8 @@ memif_connect_master (vlib_main_t * vm, memif_if_t * mif)
 	{
 	  u16 slot = i * (1 << mif->log2_ring_size) + j;
 	  ring->desc[j].region = 0;
-	  ring->desc[j].offset = buffer_offset + (slot * mif->buffer_size);
+	  ring->desc[j].offset =
+	    buffer_offset + (u32) (slot * mif->buffer_size);
 	  ring->desc[j].buffer_length = mif->buffer_size;
 	}
     }
@@ -524,7 +541,8 @@ memif_connect_master (vlib_main_t * vm, memif_if_t * mif)
 	  u16 slot =
 	    (i + mif->num_s2m_rings) * (1 << mif->log2_ring_size) + j;
 	  ring->desc[j].region = 0;
-	  ring->desc[j].offset = buffer_offset + (slot * mif->buffer_size);
+	  ring->desc[j].offset =
+	    buffer_offset + (u32) (slot * mif->buffer_size);
 	  ring->desc[j].buffer_length = mif->buffer_size;
 	}
     }
@@ -595,6 +613,11 @@ memif_process (vlib_main_t * vm, vlib_node_runtime_t * rt, vlib_frame_t * f)
   f64 start_time, last_run_duration = 0, now;
 
   sockfd = socket (AF_UNIX, SOCK_STREAM, 0);
+  if (sockfd < 0)
+    {
+      DEBUG_UNIX_LOG ("socket AF_UNIX");
+      return 0;
+    }
   sun.sun_family = AF_UNIX;
   template.read_function = memif_conn_fd_read_ready;
 
@@ -734,26 +757,28 @@ int
 memif_worker_thread_enable ()
 {
   /* if worker threads are enabled, switch to polling mode */
+  /* *INDENT-OFF* */
   foreach_vlib_main ((
 		       {
 		       vlib_node_set_state (this_vlib_main,
 					    memif_input_node.index,
 					    VLIB_NODE_STATE_POLLING);
 		       }));
-
+  /* *INDENT-ON* */
   return 0;
 }
 
 int
 memif_worker_thread_disable ()
 {
+  /* *INDENT-OFF* */
   foreach_vlib_main ((
 		       {
 		       vlib_node_set_state (this_vlib_main,
 					    memif_input_node.index,
 					    VLIB_NODE_STATE_INTERRUPT);
 		       }));
-
+  /* *INDENT-ON* */
   return 0;
 }
 

src/plugins/memif/memif.h

@@ -194,6 +194,7 @@ typedef struct
 
 int memif_create_if (vlib_main_t * vm, memif_create_if_args_t * args);
 int memif_delete_if (vlib_main_t * vm, u64 key);
+void memif_disconnect (vlib_main_t * vm, memif_if_t * mif);
 clib_error_t *memif_plugin_api_hookup (vlib_main_t * vm);
 
 #ifndef __NR_memfd_create

src/plugins/memif/node.c

@@ -214,20 +214,19 @@ memif_device_input_inline (vlib_main_t * vm, vlib_node_runtime_t * node,
 
 	  if (PREDICT_FALSE (n_trace > 0))
 	    {
-	      if (b0)
-		{
-		  memif_input_trace_t *tr;
-		  vlib_trace_buffer (vm, node, next0, b0,
-				     /* follow_chain */ 0);
-		  vlib_set_trace_count (vm, node, --n_trace);
-		  tr = vlib_add_trace (vm, node, b0, sizeof (*tr));
-		  tr->next_index = next0;
-		  tr->hw_if_index = mif->hw_if_index;
-		  tr->ring = rid;
-		}
+	      /* b0 */
+	      memif_input_trace_t *tr;
+	      vlib_trace_buffer (vm, node, next0, b0,
+				 /* follow_chain */ 0);
+	      vlib_set_trace_count (vm, node, --n_trace);
+	      tr = vlib_add_trace (vm, node, b0, sizeof (*tr));
+	      tr->next_index = next0;
+	      tr->hw_if_index = mif->hw_if_index;
+	      tr->ring = rid;
 
-	      if (n_trace && b1)
+	      if (n_trace)
 		{
+		  /* b1 */
 		  memif_input_trace_t *tr;
 		  vlib_trace_buffer (vm, node, next1, b1,
 				     /* follow_chain */ 0);
@@ -286,17 +285,14 @@ memif_device_input_inline (vlib_main_t * vm, vlib_node_runtime_t * node,
 
 	  if (PREDICT_FALSE (n_trace > 0))
 	    {
-	      if (b0)
-		{
-		  memif_input_trace_t *tr;
-		  vlib_trace_buffer (vm, node, next0, b0,
-				     /* follow_chain */ 0);
-		  vlib_set_trace_count (vm, node, --n_trace);
-		  tr = vlib_add_trace (vm, node, b0, sizeof (*tr));
-		  tr->next_index = next0;
-		  tr->hw_if_index = mif->hw_if_index;
-		  tr->ring = rid;
-		}
+	      memif_input_trace_t *tr;
+	      vlib_trace_buffer (vm, node, next0, b0,
+				 /* follow_chain */ 0);
+	      vlib_set_trace_count (vm, node, --n_trace);
+	      tr = vlib_add_trace (vm, node, b0, sizeof (*tr));
+	      tr->next_index = next0;
+	      tr->hw_if_index = mif->hw_if_index;
+	      tr->ring = rid;
 	    }