Compare commits
65 Commits
v20.05-rc1
...
v17.07.01
Author | SHA1 | Date | |
---|---|---|---|
|
839fa732c1 | ||
|
484d406a19 | ||
|
ce9714032d | ||
|
778df28c2a | ||
|
dff9314f6f | ||
|
f89ad4b9cb | ||
|
644d4671e4 | ||
|
7ec379582d | ||
|
8e0fba96e1 | ||
|
2e16dbd95c | ||
|
235049db21 | ||
|
375b62e265 | ||
|
d185427282 | ||
|
3cbfbd9e74 | ||
|
48e1668917 | ||
|
c1ff53f25d | ||
|
2e342af835 | ||
|
f2cfcf676e | ||
|
fb088f0a20 | ||
|
1de7d70444 | ||
|
e6423bef32 | ||
|
754370f1b5 | ||
|
b7cd108399 | ||
|
58013b7350 | ||
|
bd9c5ffe39 | ||
|
8e4222fc7e | ||
|
6d19bcde9c | ||
|
7f6290e02e | ||
|
6a4de2764d | ||
|
45fe739915 | ||
|
f4f635e7c0 | ||
|
f302825005 | ||
|
ed8a105ee3 | ||
|
bea5ebf205 | ||
|
e0c6670eba | ||
|
18ee167809 | ||
|
50e28107bf | ||
|
0d3b355290 | ||
|
331f66a5b4 | ||
|
02989064e4 | ||
|
d6a11c430b | ||
|
cdb8514ac0 | ||
|
e6fa2e3d5a | ||
|
24a97d6c27 | ||
|
b2a241ca40 | ||
|
262ca683be | ||
|
6922bd37be | ||
|
dc30c6d3d6 | ||
|
0786710856 | ||
|
6a98580c70 | ||
|
6c645ed01c | ||
|
01d2b4b13a | ||
|
c156dda8cb | ||
|
be055bd719 | ||
|
860af5ad2b | ||
|
204cf74aed | ||
|
bafa4d0484 | ||
|
85e5b8da28 | ||
|
f45bc738aa | ||
|
c02bd03ddf | ||
|
25ff2ea3a3 | ||
|
e2547ab574 | ||
|
272351a2d4 | ||
|
4857f00a5f | ||
|
ea89b8cf66 |
@ -2,3 +2,4 @@
|
||||
host=gerrit.fd.io
|
||||
port=29418
|
||||
project=vpp
|
||||
defaultbranch=stable/1707
|
11
MAINTAINERS
11
MAINTAINERS
@ -112,6 +112,11 @@ VNET VXLAN
|
||||
M: John Lo <loj@cisco.com>
|
||||
F: src/vnet/vxlan/
|
||||
|
||||
VNET VXLAN-GPE
|
||||
M: Keith Burns <alagalah@gmail.com>
|
||||
M: Hongjun Ni <hongjun.ni@intel.com>
|
||||
F: src/vnet/vxlan-gpe/
|
||||
|
||||
Plugin - flowprobe
|
||||
M: Ole Troan <otroan@employees.org>
|
||||
F: src/plugins/flowprobe/
|
||||
@ -123,9 +128,9 @@ F: src/plugins/sixrd/
|
||||
F: src/plugins/sixrd.am
|
||||
|
||||
Plugin - GTPU
|
||||
M: Hongjun Ni <hongjun.ni@intel.com>
|
||||
F: src/plugins/gtpu/
|
||||
F: src/plugins/gtpu.am
|
||||
M: Hongjun Ni <hongjun.ni@intel.com>
|
||||
F: src/plugins/gtpu/
|
||||
F: src/plugins/gtpu.am
|
||||
|
||||
Test Infrastructure
|
||||
M: Klement Sekera <ksekera@cisco.com>
|
||||
|
8
Makefile
8
Makefile
@ -62,7 +62,11 @@ else
|
||||
RPM_DEPENDS_GROUPS = 'Development Tools'
|
||||
endif
|
||||
RPM_DEPENDS += chrpath libffi-devel rpm-build
|
||||
RPM_DEPENDS += https://kojipkgs.fedoraproject.org//packages/nasm/2.12.02/2.fc26/x86_64/nasm-2.12.02-2.fc26.x86_64.rpm
|
||||
ifeq ($(OS_ID),fedora)
|
||||
RPM_DEPENDS += nasm
|
||||
else
|
||||
RPM_DEPENDS += https://kojipkgs.fedoraproject.org//packages/nasm/2.12.02/2.fc26/x86_64/nasm-2.12.02-2.fc26.x86_64.rpm
|
||||
endif
|
||||
EPEL_DEPENDS = libconfuse-devel ganglia-devel epel-rpm-macros
|
||||
ifeq ($(filter rhel centos,$(OS_ID)),$(OS_ID))
|
||||
EPEL_DEPENDS += lcov
|
||||
@ -72,7 +76,7 @@ endif
|
||||
|
||||
RPM_SUSE_DEPENDS = autoconf automake bison ccache chrpath distribution-release gcc6 glibc-devel-static
|
||||
RPM_SUSE_DEPENDS += java-1_8_0-openjdk-devel libopenssl-devel libtool lsb-release make openssl-devel
|
||||
RPM_SUSE_DEPENDS += python-devel python-pip python-rpm-macros shadow
|
||||
RPM_SUSE_DEPENDS += python-devel python-pip python-rpm-macros shadow nasm
|
||||
|
||||
ifneq ($(wildcard $(STARTUP_DIR)/startup.conf),)
|
||||
STARTUP_CONF ?= $(STARTUP_DIR)/startup.conf
|
||||
|
64
RELEASE.md
64
RELEASE.md
@ -1,11 +1,75 @@
|
||||
# Release Notes {#release_notes}
|
||||
|
||||
* @subpage release_notes_1707
|
||||
* @subpage release_notes_1704
|
||||
* @subpage release_notes_17011
|
||||
* @subpage release_notes_1701
|
||||
* @subpage release_notes_1609
|
||||
* @subpage release_notes_1606
|
||||
|
||||
@page release_notes_1707 Release notes for VPP 17.07
|
||||
|
||||
More than 400 commits since the 1704 release.
|
||||
|
||||
## Features
|
||||
- Infrastructure
|
||||
- make test; improved debuggability.
|
||||
- TAB auto-completion on the CLI
|
||||
- DPDK 17.05
|
||||
- python 3 support in test infra
|
||||
|
||||
- Host stack
|
||||
- Improved Linux TCP stack compatibility using IWL test suite (https://jira.fd.io/browse/VPP-720)
|
||||
- Improved loss recovery (RFC5681, RFC6582, RF6675)
|
||||
- Basic implementation of Eifel detection algorithm (RFC3522)
|
||||
- Basic support for buffer chains
|
||||
- Refactored session layer API
|
||||
- Overall performance, scale and hardening
|
||||
|
||||
- Interfaces
|
||||
- memif: IP mode, jumbo frames, multi queue
|
||||
- virtio-user support
|
||||
- vhost-usr; adaptive (poll/interupt) support.
|
||||
|
||||
- Network features
|
||||
- MPLS Multicast FIB
|
||||
|
||||
- BFD FIB integration
|
||||
|
||||
- NAT64 support
|
||||
|
||||
- GRE over IPv6
|
||||
|
||||
- Segement routing MPLS
|
||||
|
||||
- IOAM configuration for SRv6 localsid
|
||||
|
||||
- LISP
|
||||
- NSH support
|
||||
- native forward static routes
|
||||
- L2 ARP
|
||||
|
||||
- ACL multi-core suuport
|
||||
|
||||
- Flowprobe:
|
||||
- Add flowstartns, flowendns and tcpcontrolbits
|
||||
- Stateful flows and IPv6, L4 recording
|
||||
|
||||
- GTP-U support
|
||||
|
||||
- VXLAN GPE support for FIB2.0 and bypass.
|
||||
|
||||
|
||||
## Known issues
|
||||
|
||||
For the full list of issues please reffer to fd.io [JIRA](https://jira.fd.io).
|
||||
|
||||
## Issues fixed
|
||||
|
||||
For the full list of fixed issues please reffer to:
|
||||
- fd.io [JIRA](https://jira.fd.io)
|
||||
- git [commit log](https://git.fd.io/vpp/log/?h=stable/1707)
|
||||
|
||||
@page release_notes_1704 Release notes for VPP 17.04
|
||||
|
||||
More than 500 commits since the 1701 release.
|
||||
|
@ -10,11 +10,6 @@ DPDK_MAKE_ARGS = -C $(call find_source_fn,$(PACKAGE_SOURCE)) \
|
||||
DPDK_INSTALL_DIR=$(PACKAGE_INSTALL_DIR) \
|
||||
DPDK_DEBUG=$(DPDK_DEBUG)
|
||||
|
||||
DPDK_CRYPTO_SW_PMD=$(strip $($(PLATFORM)_uses_dpdk_cryptodev_sw))
|
||||
ifneq ($(DPDK_CRYPTO_SW_PMD),)
|
||||
DPDK_MAKE_ARGS += DPDK_CRYPTO_SW_PMD=y
|
||||
endif
|
||||
|
||||
DPDK_MLX5_PMD=$(strip $($(PLATFORM)_uses_dpdk_mlx5_pmd))
|
||||
ifneq ($(DPDK_MLX5_PMD),)
|
||||
DPDK_MAKE_ARGS += DPDK_MLX5_PMD=y
|
||||
|
@ -23,12 +23,11 @@ vpp_CPPFLAGS += $(call installed_includes_fn, dpdk)/dpdk
|
||||
vpp_LDFLAGS += $(call installed_libs_fn, dpdk)
|
||||
vpp_CPPFLAGS += -I/usr/include/dpdk
|
||||
endif
|
||||
ifeq ($($(PLATFORM)_uses_dpdk_cryptodev_sw),yes)
|
||||
vpp_configure_args += --with-dpdk-crypto-sw
|
||||
endif
|
||||
ifeq ($($(PLATFORM)_uses_dpdk_mlx5_pmd),yes)
|
||||
vpp_configure_args += --with-dpdk-mlx5-pmd
|
||||
endif
|
||||
else
|
||||
vpp_configure_args += --disable-dpdk-plugin
|
||||
endif
|
||||
|
||||
ifeq ($($(PLATFORM)_enable_tests),yes)
|
||||
|
@ -39,7 +39,6 @@ vpp_uses_dpdk = yes
|
||||
vpp_root_packages = vpp gmod
|
||||
|
||||
# DPDK configuration parameters
|
||||
# vpp_uses_dpdk_cryptodev_sw = yes
|
||||
# vpp_uses_dpdk_mlx5_pmd = yes
|
||||
# vpp_uses_external_dpdk = yes
|
||||
# vpp_dpdk_inc_dir = /usr/include/dpdk
|
||||
|
@ -1,2 +1,2 @@
|
||||
#!/bin/sh
|
||||
echo oper-170622
|
||||
echo rls1707
|
||||
|
@ -19,30 +19,37 @@ DPDK_INSTALL_DIR ?= $(CURDIR)/_install
|
||||
DPDK_PKTMBUF_HEADROOM ?= 128
|
||||
DPDK_DOWNLOAD_DIR ?= $(HOME)/Downloads
|
||||
DPDK_DEBUG ?= n
|
||||
DPDK_CRYPTO_SW_PMD ?= n
|
||||
DPDK_MLX4_PMD ?= n
|
||||
DPDK_MLX5_PMD ?= n
|
||||
|
||||
B := $(DPDK_BUILD_DIR)
|
||||
I := $(DPDK_INSTALL_DIR)
|
||||
DPDK_VERSION ?= 17.05
|
||||
PKG_SUFFIX ?= vpp5
|
||||
PKG_SUFFIX ?= vpp6
|
||||
DPDK_BASE_URL ?= http://fast.dpdk.org/rel
|
||||
DPDK_TARBALL := dpdk-$(DPDK_VERSION).tar.xz
|
||||
DPDK_TAR_URL := $(DPDK_BASE_URL)/$(DPDK_TARBALL)
|
||||
DPDK_17.02_TARBALL_MD5_CKSUM := 6b9f7387c35641f4e8dbba3e528f2376
|
||||
DPDK_17.05_TARBALL_MD5_CKSUM := 0a68c31cd6a6cabeed0a4331073e4c05
|
||||
DPDK_SOURCE := $(B)/dpdk-$(DPDK_VERSION)
|
||||
MACHINE=$(shell uname -m)
|
||||
|
||||
ifeq ($(DPDK_CRYPTO_SW_PMD),y)
|
||||
AESNIMB_LIB_TARBALL := v0.44-gcm.2.tar.gz
|
||||
AESNIMB_LIB_TARBALL_URL := http://github.com/01org/intel-ipsec-mb/archive/$(AESNIMB_LIB_TARBALL)
|
||||
AESNIMB_LIB_SOURCE := $(B)/intel-ipsec-mb-0.44-gcm.2
|
||||
ISA_L_CRYPTO_LIB_TARBALL := isa_l_crypto.tar.gz
|
||||
ISA_L_CRYPTO_LIB_TARBALL_URL := http://github.com/01org/isa-l_crypto/archive/master.tar.gz
|
||||
ISA_L_CRYPTO_LIB_SOURCE := $(B)/isa-l_crypto-master
|
||||
ifeq ($(MACHINE),$(filter $(MACHINE),x86_64))
|
||||
AESNI := y
|
||||
else
|
||||
AESNI := n
|
||||
endif
|
||||
|
||||
IPSEC_MB_VER := 0.45
|
||||
AESNIMB_LIB_TARBALL := v$(IPSEC_MB_VER).tar.gz
|
||||
AESNIMB_LIB_TARBALL_URL := http://github.com/01org/intel-ipsec-mb/archive/$(AESNIMB_LIB_TARBALL)
|
||||
AESNIMB_LIB_SOURCE := $(B)/intel-ipsec-mb-$(IPSEC_MB_VER)
|
||||
ISA_L_CRYPTO_VER := 2.18.0
|
||||
ISA_L_CRYPTO_LIB_TARBALL := v$(ISA_L_CRYPTO_VER).tar.gz
|
||||
ISA_L_CRYPTO_LIB_TARBALL_URL := http://github.com/01org/isa-l_crypto/archive/$(ISA_L_CRYPTO_LIB_TARBALL)
|
||||
ISA_L_CRYPTO_LIB_SOURCE := $(B)/isa-l_crypto-$(ISA_L_CRYPTO_VER)
|
||||
ISA_L_CRYPTO_INSTALL_DIR := $(ISA_L_CRYPTO_LIB_SOURCE)/install
|
||||
|
||||
ifneq (,$(findstring clang,$(CC)))
|
||||
DPDK_CC=clang
|
||||
else ifneq (,$(findstring icc,$(CC)))
|
||||
@ -51,8 +58,6 @@ else
|
||||
DPDK_CC=gcc
|
||||
endif
|
||||
|
||||
MACHINE=$(shell uname -m)
|
||||
|
||||
##############################################################################
|
||||
# Intel x86
|
||||
##############################################################################
|
||||
@ -60,7 +65,6 @@ ifeq ($(MACHINE),$(filter $(MACHINE),x86_64 i686))
|
||||
DPDK_TARGET ?= $(MACHINE)-native-linuxapp-$(DPDK_CC)
|
||||
DPDK_MACHINE ?= nhm
|
||||
DPDK_TUNE ?= core-avx2
|
||||
|
||||
##############################################################################
|
||||
# Cavium ThunderX
|
||||
##############################################################################
|
||||
@ -89,11 +93,9 @@ else
|
||||
DPDK_EXTRA_CFLAGS := -g -O0
|
||||
endif
|
||||
|
||||
ifeq ($(DPDK_CRYPTO_SW_PMD),y)
|
||||
DPDK_EXTRA_CFLAGS += -I$(I)/include
|
||||
DPDK_EXTRA_CFLAGS += -I$(ISA_L_CRYPTO_INSTALL_DIR)/include -Wl,-z,muldefs
|
||||
DPDK_EXTRA_LDFLAGS += -L$(I)/lib
|
||||
DPDK_MAKE_EXTRA_ARGS += AESNI_MULTI_BUFFER_LIB_PATH=$(AESNIMB_LIB_SOURCE)
|
||||
endif
|
||||
|
||||
# assemble DPDK make arguments
|
||||
DPDK_MAKE_ARGS := -C $(DPDK_SOURCE) -j $(JOBS) \
|
||||
@ -105,8 +107,6 @@ DPDK_MAKE_ARGS := -C $(DPDK_SOURCE) -j $(JOBS) \
|
||||
DESTDIR=$(I) \
|
||||
$(DPDK_MAKE_EXTRA_ARGS)
|
||||
|
||||
DPDK_SOURCE_FILES := $(shell [ -e $(DPDK_SOURCE) ] && find $(DPDK_SOURCE) -name "*.[chS]")
|
||||
|
||||
define set
|
||||
@if grep -q CONFIG_$1 $@ ; \
|
||||
then sed -i -e 's/.*\(CONFIG_$1=\).*/\1$2/' $@ ; \
|
||||
@ -137,8 +137,8 @@ $(B)/custom-config: $(B)/.patch.ok Makefile
|
||||
$(call set,RTE_LIBRTE_PMD_BOND,y)
|
||||
$(call set,RTE_LIBRTE_IP_FRAG,y)
|
||||
$(call set,RTE_LIBRTE_PMD_QAT,y)
|
||||
$(call set,RTE_LIBRTE_PMD_AESNI_MB,$(DPDK_CRYPTO_SW_PMD))
|
||||
$(call set,RTE_LIBRTE_PMD_AESNI_GCM,$(DPDK_CRYPTO_SW_PMD))
|
||||
$(call set,RTE_LIBRTE_PMD_AESNI_MB,$(AESNI))
|
||||
$(call set,RTE_LIBRTE_PMD_AESNI_GCM,$(AESNI))
|
||||
$(call set,RTE_LIBRTE_MLX4_PMD,$(DPDK_MLX4_PMD))
|
||||
$(call set,RTE_LIBRTE_MLX5_PMD,$(DPDK_MLX5_PMD))
|
||||
@# not needed
|
||||
@ -175,7 +175,7 @@ $(CURDIR)/$(ISA_L_CRYPTO_LIB_TARBALL):
|
||||
fi
|
||||
|
||||
DPDK_DOWNLOADS = $(CURDIR)/$(DPDK_TARBALL)
|
||||
ifeq ($(DPDK_CRYPTO_SW_PMD),y)
|
||||
ifeq ($(AESNI),y)
|
||||
DPDK_DOWNLOADS += $(CURDIR)/$(AESNIMB_LIB_TARBALL)
|
||||
DPDK_DOWNLOADS += $(CURDIR)/$(ISA_L_CRYPTO_LIB_TARBALL)
|
||||
endif
|
||||
@ -194,13 +194,13 @@ download: $(B)/.download.ok
|
||||
$(B)/.extract.ok: $(B)/.download.ok
|
||||
@echo --- extracting $(DPDK_TARBALL) ---
|
||||
@tar --directory $(B) --extract --file $(CURDIR)/$(DPDK_TARBALL)
|
||||
ifeq ($(DPDK_CRYPTO_SW_PMD),y)
|
||||
ifeq ($(AESNI),y)
|
||||
@echo --- extracting $(AESNIMB_LIB_TARBALL) ---
|
||||
@tar --directory $(B) --extract --file $(CURDIR)/$(AESNIMB_LIB_TARBALL)
|
||||
@echo --- extracting $(ISA_L_CRYPTO_LIB_TARBALL) ---
|
||||
@tar --directory $(B) --extract --file $(CURDIR)/$(ISA_L_CRYPTO_LIB_TARBALL)
|
||||
endif
|
||||
@touch $@
|
||||
endif
|
||||
|
||||
.PHONY: extract
|
||||
extract: $(B)/.extract.ok
|
||||
@ -225,18 +225,34 @@ $(B)/.config.ok: $(B)/.patch.ok $(B)/custom-config
|
||||
.PHONY: config
|
||||
config: $(B)/.config.ok
|
||||
|
||||
$(B)/.build.ok: $(DPDK_SOURCE_FILES)
|
||||
@if [ ! -e $(B)/.config.ok ] ; then echo 'Please run "make config" first' && false ; fi
|
||||
ifeq ($(DPDK_CRYPTO_SW_PMD),y)
|
||||
# Build IPsec_MB library
|
||||
# Order matters
|
||||
ifeq ($(AESNI),y)
|
||||
BUILD_TARGETS += build-ipsec-mb build-isal-crypto build-dpdk
|
||||
else
|
||||
BUILD_TARGETS += build-dpdk
|
||||
endif
|
||||
|
||||
.PHONY: build-ipsec-mb
|
||||
build-ipsec-mb:
|
||||
mkdir -p $(I)/lib/
|
||||
make -C $(AESNIMB_LIB_SOURCE) -j NO_GCM=y
|
||||
cp $(AESNIMB_LIB_SOURCE)/libIPSec_MB.a $(I)/lib/
|
||||
# Build ISA-L Crypto library
|
||||
cd $(ISA_L_CRYPTO_LIB_SOURCE) && ./autogen.sh && ./configure --prefix=$(I)
|
||||
|
||||
.PHONY: build-isal-crypto
|
||||
build-isal-crypto:
|
||||
mkdir -p $(I)/lib/
|
||||
cd $(ISA_L_CRYPTO_LIB_SOURCE) && ./autogen.sh && \
|
||||
./configure --prefix=$(ISA_L_CRYPTO_INSTALL_DIR) \
|
||||
--libdir=$(ISA_L_CRYPTO_INSTALL_DIR)/lib CFLAGS='-fPIC -DPIC -O2'
|
||||
make -C $(ISA_L_CRYPTO_LIB_SOURCE) -j install
|
||||
endif
|
||||
cp $(ISA_L_CRYPTO_INSTALL_DIR)/lib/libisal_crypto.a $(I)/lib/
|
||||
|
||||
.PHONY: build-dpdk
|
||||
build-dpdk:
|
||||
@if [ ! -e $(B)/.config.ok ] ; then echo 'Please run "make config" first' && false ; fi
|
||||
@make $(DPDK_MAKE_ARGS) install
|
||||
|
||||
$(B)/.build.ok: $(BUILD_TARGETS)
|
||||
@touch $@
|
||||
|
||||
.PHONY: build
|
||||
@ -317,7 +333,7 @@ build-rpm: $(DEV_RPM)
|
||||
|
||||
install-rpm:
|
||||
ifneq ($(INSTALLED_RPM_VER),$(DPDK_VERSION)-$(PKG_SUFFIX))
|
||||
@make $(DEV_RPM)
|
||||
@$(MAKE) $(DEV_RPM)
|
||||
sudo rpm -Uih $(DEV_RPM)
|
||||
else
|
||||
@echo "=========================================================="
|
||||
|
@ -24,7 +24,7 @@
|
||||
|
||||
Name: vpp
|
||||
Summary: Vector Packet Processing
|
||||
License: MIT
|
||||
License: ASL 2.0
|
||||
Version: %{_version}
|
||||
Release: %{_release}
|
||||
Requires: vpp-lib = %{_version}-%{_release}, net-tools, pciutils, python
|
||||
|
@ -80,6 +80,23 @@ AC_DEFUN([PLUGIN_DISABLED],
|
||||
|
||||
AC_DEFUN([PRINT_VAL], [ AC_MSG_RESULT(AC_HELP_STRING($1,$2)) ])
|
||||
|
||||
AC_DEFUN([DPDK_IS_PMD_ENABLED],
|
||||
[
|
||||
AC_MSG_CHECKING([for $1 in rte_config.h])
|
||||
AC_COMPILE_IFELSE(
|
||||
[AC_LANG_PROGRAM(
|
||||
[[#include <rte_config.h>]],
|
||||
[[return RTE_$1;]],
|
||||
)],
|
||||
[with_$2=yes]
|
||||
[AC_MSG_RESULT([yes])],
|
||||
[with_$2=no]
|
||||
[AC_MSG_RESULT([no])]
|
||||
)
|
||||
AM_CONDITIONAL(m4_toupper(WITH_$2), test "$with_$2" = "yes")
|
||||
m4_append_uniq([list_of_with], [$2], [, ])
|
||||
])
|
||||
|
||||
###############################################################################
|
||||
# configure arguments
|
||||
###############################################################################
|
||||
@ -97,8 +114,6 @@ DISABLE_ARG(papi, [Disable Python API bindings])
|
||||
DISABLE_ARG(japi, [Disable Java API bindings])
|
||||
|
||||
# --with-X
|
||||
WITH_ARG(dpdk_crypto_sw,[Use DPDK cryptodev SW PMDs])
|
||||
WITH_ARG(dpdk_mlx5_pmd, [Use DPDK with mlx5 PMD])
|
||||
|
||||
# --without-X
|
||||
WITHOUT_ARG(libssl, [Disable libssl])
|
||||
@ -130,7 +145,6 @@ AC_SUBST(PRE_DATA_SIZE, [$with_pre_data])
|
||||
AC_SUBST(APICLI, [-DVPP_API_TEST_BUILTIN=${n_with_apicli}])
|
||||
|
||||
AC_DEFINE_UNQUOTED(DPDK_SHARED_LIB, [${n_enable_dpdk_shared}])
|
||||
AC_DEFINE_UNQUOTED(DPDK_CRYPTO_SW, [${n_with_dpdk_crypto_sw}])
|
||||
AC_DEFINE_UNQUOTED(WITH_LIBSSL, [${n_with_libssl}])
|
||||
|
||||
|
||||
@ -170,6 +184,34 @@ AM_COND_IF([ENABLE_DPDK_SHARED],
|
||||
[AC_MSG_ERROR([DPDK shared library not found])],)
|
||||
])
|
||||
|
||||
DPDK_IS_PMD_ENABLED(LIBRTE_PMD_AESNI_MB, dpdk_aesni_mb_pmd)
|
||||
AM_COND_IF([WITH_DPDK_AESNI_MB_PMD],
|
||||
[
|
||||
AC_CHECK_LIB([IPSec_MB], [submit_job_sse], [],
|
||||
[AC_MSG_ERROR([IPSec_MB library not found])])
|
||||
])
|
||||
|
||||
DPDK_IS_PMD_ENABLED(LIBRTE_PMD_AESNI_GCM, dpdk_aesni_gcm_pmd)
|
||||
AM_COND_IF([WITH_DPDK_AESNI_GCM_PMD],
|
||||
[
|
||||
AC_CHECK_LIB([isal_crypto], [aesni_gcm128_init], [],
|
||||
[AC_MSG_ERROR([isal_crypto library not found])])
|
||||
])
|
||||
|
||||
DPDK_IS_PMD_ENABLED(LIBRTE_MLX5_PMD, dpdk_mlx5_pmd)
|
||||
AM_COND_IF([WITH_DPDK_MLX5_PMD],
|
||||
[
|
||||
AC_CHECK_LIB([ibverbs], [ibv_fork_init], [],
|
||||
[AC_MSG_ERROR([ibverbs library not found])])
|
||||
])
|
||||
|
||||
DPDK_IS_PMD_ENABLED(LIBRTE_MLX4_PMD, dpdk_mlx4_pmd)
|
||||
AM_COND_IF([WITH_DPDK_MLX4_PMD],
|
||||
[
|
||||
AC_CHECK_LIB([ibverbs], [ibv_fork_init], [],
|
||||
[AC_MSG_ERROR([ibverbs library not found])])
|
||||
])
|
||||
|
||||
AM_COND_IF([ENABLE_G2],
|
||||
[
|
||||
PKG_CHECK_MODULES(g2, gtk+-2.0)
|
||||
|
File diff suppressed because it is too large
Load Diff
@ -122,12 +122,18 @@ typedef struct
|
||||
} ace_mask_type_entry_t;
|
||||
|
||||
typedef struct {
|
||||
/* mheap to hold all the ACL module related allocations, other than hash */
|
||||
void *acl_mheap;
|
||||
|
||||
/* API message ID base */
|
||||
u16 msg_id_base;
|
||||
|
||||
acl_list_t *acls; /* Pool of ACLs */
|
||||
hash_acl_info_t *hash_acl_infos; /* corresponding hash matching housekeeping info */
|
||||
clib_bihash_48_8_t acl_lookup_hash; /* ACL lookup hash table. */
|
||||
|
||||
/* mheap to hold all the miscellaneous allocations related to hash-based lookups */
|
||||
void *hash_lookup_mheap;
|
||||
int acl_lookup_hash_initialized;
|
||||
applied_hash_ace_entry_t **input_hash_entry_vec_by_sw_if_index;
|
||||
applied_hash_ace_entry_t **output_hash_entry_vec_by_sw_if_index;
|
||||
@ -144,6 +150,9 @@ typedef struct {
|
||||
u32 **input_sw_if_index_vec_by_acl;
|
||||
u32 **output_sw_if_index_vec_by_acl;
|
||||
|
||||
/* Total count of interface+direction pairs enabled */
|
||||
u32 fa_total_enabled_count;
|
||||
|
||||
/* Do we use hash-based ACL matching or linear */
|
||||
int use_hash_acl_matching;
|
||||
|
||||
@ -172,9 +181,6 @@ typedef struct {
|
||||
u32 fa_cleaner_node_index;
|
||||
/* FA session timeouts, in seconds */
|
||||
u32 session_timeout_sec[ACL_N_TIMEOUTS];
|
||||
/* session add/delete counters */
|
||||
u64 *fa_session_adds_by_sw_if_index;
|
||||
u64 *fa_session_dels_by_sw_if_index;
|
||||
/* total session adds/dels */
|
||||
u64 fa_session_total_adds;
|
||||
u64 fa_session_total_dels;
|
||||
@ -224,6 +230,8 @@ typedef struct {
|
||||
|
||||
u64 fa_current_cleaner_timer_wait_interval;
|
||||
|
||||
int fa_interrupt_generation;
|
||||
|
||||
/* per-worker data related t conn management */
|
||||
acl_fa_per_worker_data_t *per_worker_data;
|
||||
|
||||
|
@ -599,29 +599,38 @@ fa_session_get_timeout (acl_main_t * am, fa_session_t * sess)
|
||||
}
|
||||
|
||||
static void
|
||||
acl_fa_ifc_init_sessions (acl_main_t * am, int sw_if_index0)
|
||||
acl_fa_verify_init_sessions (acl_main_t * am)
|
||||
{
|
||||
/// FIXME-MULTICORE: lock around this function
|
||||
#ifdef FA_NODE_VERBOSE_DEBUG
|
||||
clib_warning
|
||||
("Initializing bihash for sw_if_index %d num buckets %lu memory size %llu",
|
||||
sw_if_index0, am->fa_conn_table_hash_num_buckets,
|
||||
am->fa_conn_table_hash_memory_size);
|
||||
#endif
|
||||
BV (clib_bihash_init) (&am->fa_sessions_hash,
|
||||
if (!am->fa_sessions_hash_is_initialized) {
|
||||
u16 wk;
|
||||
/* Allocate the per-worker sessions pools */
|
||||
for (wk = 0; wk < vec_len (am->per_worker_data); wk++) {
|
||||
acl_fa_per_worker_data_t *pw = &am->per_worker_data[wk];
|
||||
pool_alloc_aligned(pw->fa_sessions_pool, am->fa_conn_table_max_entries, CLIB_CACHE_LINE_BYTES);
|
||||
}
|
||||
|
||||
/* ... and the interface session hash table */
|
||||
BV (clib_bihash_init) (&am->fa_sessions_hash,
|
||||
"ACL plugin FA session bihash",
|
||||
am->fa_conn_table_hash_num_buckets,
|
||||
am->fa_conn_table_hash_memory_size);
|
||||
am->fa_sessions_hash_is_initialized = 1;
|
||||
am->fa_sessions_hash_is_initialized = 1;
|
||||
}
|
||||
}
|
||||
|
||||
static inline fa_session_t *get_session_ptr(acl_main_t *am, u16 thread_index, u32 session_index)
|
||||
{
|
||||
acl_fa_per_worker_data_t *pw = &am->per_worker_data[thread_index];
|
||||
fa_session_t *sess = pw->fa_sessions_pool + session_index;
|
||||
fa_session_t *sess = pool_is_free_index (pw->fa_sessions_pool, session_index) ? 0 : pool_elt_at_index(pw->fa_sessions_pool, session_index);
|
||||
return sess;
|
||||
}
|
||||
|
||||
static inline int is_valid_session_ptr(acl_main_t *am, u16 thread_index, fa_session_t *sess)
|
||||
{
|
||||
acl_fa_per_worker_data_t *pw = &am->per_worker_data[thread_index];
|
||||
return ((sess != 0) && ((sess - pw->fa_sessions_pool) < pool_len(pw->fa_sessions_pool)));
|
||||
}
|
||||
|
||||
static void
|
||||
acl_fa_conn_list_add_session (acl_main_t * am, fa_full_session_id_t sess_id, u64 now)
|
||||
{
|
||||
@ -648,9 +657,6 @@ acl_fa_conn_list_add_session (acl_main_t * am, fa_full_session_id_t sess_id, u64
|
||||
|
||||
if (~0 == pw->fa_conn_list_head[list_id]) {
|
||||
pw->fa_conn_list_head[list_id] = sess_id.session_index;
|
||||
/* If it is a first conn in any list, kick the cleaner */
|
||||
vlib_process_signal_event (am->vlib_main, am->fa_cleaner_node_index,
|
||||
ACL_FA_CLEANER_RESCHEDULE, 0);
|
||||
}
|
||||
}
|
||||
|
||||
@ -725,6 +731,7 @@ acl_fa_track_session (acl_main_t * am, int is_input, u32 sw_if_index, u64 now,
|
||||
static void
|
||||
acl_fa_delete_session (acl_main_t * am, u32 sw_if_index, fa_full_session_id_t sess_id)
|
||||
{
|
||||
void *oldheap = clib_mem_set_heap(am->acl_mheap);
|
||||
fa_session_t *sess = get_session_ptr(am, sess_id.thread_index, sess_id.session_index);
|
||||
ASSERT(sess->thread_index == os_get_thread_index ());
|
||||
BV (clib_bihash_add_del) (&am->fa_sessions_hash,
|
||||
@ -733,8 +740,9 @@ acl_fa_delete_session (acl_main_t * am, u32 sw_if_index, fa_full_session_id_t se
|
||||
pool_put_index (pw->fa_sessions_pool, sess_id.session_index);
|
||||
/* Deleting from timer structures not needed,
|
||||
as the caller must have dealt with the timers. */
|
||||
vec_validate (am->fa_session_dels_by_sw_if_index, sw_if_index);
|
||||
am->fa_session_dels_by_sw_if_index[sw_if_index]++;
|
||||
vec_validate (pw->fa_session_dels_by_sw_if_index, sw_if_index);
|
||||
clib_mem_set_heap (oldheap);
|
||||
pw->fa_session_dels_by_sw_if_index[sw_if_index]++;
|
||||
clib_smp_atomic_add(&am->fa_session_total_dels, 1);
|
||||
}
|
||||
|
||||
@ -749,10 +757,14 @@ acl_fa_can_add_session (acl_main_t * am, int is_input, u32 sw_if_index)
|
||||
static u64
|
||||
acl_fa_get_list_head_expiry_time(acl_main_t *am, acl_fa_per_worker_data_t *pw, u64 now, u16 thread_index, int timeout_type)
|
||||
{
|
||||
if (~0 == pw->fa_conn_list_head[timeout_type]) {
|
||||
fa_session_t *sess = get_session_ptr(am, thread_index, pw->fa_conn_list_head[timeout_type]);
|
||||
/*
|
||||
* We can not check just the index here because inbetween the worker thread might
|
||||
* dequeue the connection from the head just as we are about to check it.
|
||||
*/
|
||||
if (!is_valid_session_ptr(am, thread_index, sess)) {
|
||||
return ~0LL; // infinity.
|
||||
} else {
|
||||
fa_session_t *sess = get_session_ptr(am, thread_index, pw->fa_conn_list_head[timeout_type]);
|
||||
u64 timeout_time =
|
||||
sess->link_enqueue_time + fa_session_get_list_timeout (am, sess);
|
||||
return timeout_time;
|
||||
@ -859,7 +871,7 @@ acl_fa_try_recycle_session (acl_main_t * am, int is_input, u16 thread_index, u32
|
||||
}
|
||||
}
|
||||
|
||||
static void
|
||||
static fa_session_t *
|
||||
acl_fa_add_session (acl_main_t * am, int is_input, u32 sw_if_index, u64 now,
|
||||
fa_5tuple_t * p5tuple)
|
||||
{
|
||||
@ -867,6 +879,7 @@ acl_fa_add_session (acl_main_t * am, int is_input, u32 sw_if_index, u64 now,
|
||||
clib_bihash_kv_40_8_t kv;
|
||||
fa_full_session_id_t f_sess_id;
|
||||
uword thread_index = os_get_thread_index();
|
||||
void *oldheap = clib_mem_set_heap(am->acl_mheap);
|
||||
acl_fa_per_worker_data_t *pw = &am->per_worker_data[thread_index];
|
||||
|
||||
f_sess_id.thread_index = thread_index;
|
||||
@ -893,18 +906,16 @@ acl_fa_add_session (acl_main_t * am, int is_input, u32 sw_if_index, u64 now,
|
||||
|
||||
|
||||
|
||||
if (!acl_fa_ifc_has_sessions (am, sw_if_index))
|
||||
{
|
||||
acl_fa_ifc_init_sessions (am, sw_if_index);
|
||||
}
|
||||
|
||||
ASSERT(am->fa_sessions_hash_is_initialized == 1);
|
||||
BV (clib_bihash_add_del) (&am->fa_sessions_hash,
|
||||
&kv, 1);
|
||||
acl_fa_conn_list_add_session(am, f_sess_id, now);
|
||||
|
||||
vec_validate (am->fa_session_adds_by_sw_if_index, sw_if_index);
|
||||
am->fa_session_adds_by_sw_if_index[sw_if_index]++;
|
||||
vec_validate (pw->fa_session_adds_by_sw_if_index, sw_if_index);
|
||||
clib_mem_set_heap (oldheap);
|
||||
pw->fa_session_adds_by_sw_if_index[sw_if_index]++;
|
||||
clib_smp_atomic_add(&am->fa_session_total_adds, 1);
|
||||
return sess;
|
||||
}
|
||||
|
||||
static int
|
||||
@ -1072,8 +1083,10 @@ acl_fa_node_fn (vlib_main_t * vm,
|
||||
|
||||
if (acl_fa_can_add_session (am, is_input, sw_if_index0))
|
||||
{
|
||||
acl_fa_add_session (am, is_input, sw_if_index0, now,
|
||||
&kv_sess);
|
||||
fa_session_t *sess = acl_fa_add_session (am, is_input, sw_if_index0, now,
|
||||
&kv_sess);
|
||||
acl_fa_track_session (am, is_input, sw_if_index0, now,
|
||||
sess, &fa_5tuple);
|
||||
pkts_new_session += 1;
|
||||
}
|
||||
else
|
||||
@ -1342,8 +1355,10 @@ acl_fa_worker_conn_cleaner_process(vlib_main_t * vm,
|
||||
if (num_expired >= am->fa_max_deleted_sessions_per_interval) {
|
||||
/* there was too much work, we should get an interrupt ASAP */
|
||||
pw->interrupt_is_needed = 1;
|
||||
pw->interrupt_is_unwanted = 0;
|
||||
} else if (num_expired <= am->fa_min_deleted_sessions_per_interval) {
|
||||
/* signal that they should trigger us less */
|
||||
pw->interrupt_is_needed = 0;
|
||||
pw->interrupt_is_unwanted = 1;
|
||||
} else {
|
||||
/* the current rate of interrupts is ok */
|
||||
@ -1351,6 +1366,7 @@ acl_fa_worker_conn_cleaner_process(vlib_main_t * vm,
|
||||
pw->interrupt_is_unwanted = 0;
|
||||
}
|
||||
}
|
||||
pw->interrupt_generation = am->fa_interrupt_generation;
|
||||
return 0;
|
||||
}
|
||||
|
||||
@ -1359,11 +1375,11 @@ send_one_worker_interrupt (vlib_main_t * vm, acl_main_t *am, int thread_index)
|
||||
{
|
||||
acl_fa_per_worker_data_t *pw = &am->per_worker_data[thread_index];
|
||||
if (!pw->interrupt_is_pending) {
|
||||
pw->interrupt_is_pending = 1;
|
||||
vlib_node_set_interrupt_pending (vlib_mains[thread_index],
|
||||
acl_fa_worker_session_cleaner_process_node.index);
|
||||
pw->interrupt_is_pending = 1;
|
||||
/* if the interrupt was requested, mark that done. */
|
||||
pw->interrupt_is_needed = 0;
|
||||
/* pw->interrupt_is_needed = 0; */
|
||||
}
|
||||
}
|
||||
|
||||
@ -1394,7 +1410,7 @@ acl_fa_session_cleaner_process (vlib_main_t * vm, vlib_node_runtime_t * rt,
|
||||
|
||||
am->fa_current_cleaner_timer_wait_interval = max_timer_wait_interval;
|
||||
am->fa_cleaner_node_index = acl_fa_session_cleaner_process_node.index;
|
||||
|
||||
am->fa_interrupt_generation = 1;
|
||||
while (1)
|
||||
{
|
||||
now = clib_cpu_time_now ();
|
||||
@ -1430,8 +1446,8 @@ acl_fa_session_cleaner_process (vlib_main_t * vm, vlib_node_runtime_t * rt,
|
||||
}
|
||||
}
|
||||
|
||||
/* If no pending connections then no point in timing out */
|
||||
if (!has_pending_conns)
|
||||
/* If no pending connections and no ACL applied then no point in timing out */
|
||||
if (!has_pending_conns && (0 == am->fa_total_enabled_count))
|
||||
{
|
||||
am->fa_cleaner_cnt_wait_without_timeout++;
|
||||
(void) vlib_process_wait_for_event (vm);
|
||||
@ -1563,6 +1579,23 @@ acl_fa_session_cleaner_process (vlib_main_t * vm, vlib_node_runtime_t * rt,
|
||||
if (event_data)
|
||||
_vec_len (event_data) = 0;
|
||||
|
||||
/*
|
||||
* If the interrupts were not processed yet, ensure we wait a bit,
|
||||
* but up to a point.
|
||||
*/
|
||||
int need_more_wait = 0;
|
||||
int max_wait_cycles = 100;
|
||||
do {
|
||||
need_more_wait = 0;
|
||||
vec_foreach(pw0, am->per_worker_data) {
|
||||
if (pw0->interrupt_generation != am->fa_interrupt_generation) {
|
||||
need_more_wait = 1;
|
||||
}
|
||||
}
|
||||
if (need_more_wait) {
|
||||
vlib_process_suspend(vm, 0.0001);
|
||||
}
|
||||
} while (need_more_wait && (--max_wait_cycles > 0));
|
||||
|
||||
int interrupts_needed = 0;
|
||||
int interrupts_unwanted = 0;
|
||||
@ -1580,12 +1613,15 @@ acl_fa_session_cleaner_process (vlib_main_t * vm, vlib_node_runtime_t * rt,
|
||||
if (interrupts_needed) {
|
||||
/* they need more interrupts, do less waiting around next time */
|
||||
am->fa_current_cleaner_timer_wait_interval /= 2;
|
||||
/* never go into zero-wait either though - we need to give the space to others */
|
||||
am->fa_current_cleaner_timer_wait_interval += 1;
|
||||
} else if (interrupts_unwanted) {
|
||||
/* slowly increase the amount of sleep up to a limit */
|
||||
if (am->fa_current_cleaner_timer_wait_interval < max_timer_wait_interval)
|
||||
am->fa_current_cleaner_timer_wait_interval += cpu_cps * am->fa_cleaner_wait_time_increment;
|
||||
}
|
||||
am->fa_cleaner_cnt_event_cycles++;
|
||||
am->fa_interrupt_generation++;
|
||||
}
|
||||
/* NOT REACHED */
|
||||
return 0;
|
||||
@ -1596,13 +1632,26 @@ void
|
||||
acl_fa_enable_disable (u32 sw_if_index, int is_input, int enable_disable)
|
||||
{
|
||||
acl_main_t *am = &acl_main;
|
||||
if (enable_disable) {
|
||||
acl_fa_verify_init_sessions(am);
|
||||
am->fa_total_enabled_count++;
|
||||
void *oldheap = clib_mem_set_heap (am->vlib_main->heap_base);
|
||||
vlib_process_signal_event (am->vlib_main, am->fa_cleaner_node_index,
|
||||
ACL_FA_CLEANER_RESCHEDULE, 0);
|
||||
clib_mem_set_heap (oldheap);
|
||||
} else {
|
||||
am->fa_total_enabled_count--;
|
||||
}
|
||||
|
||||
if (is_input)
|
||||
{
|
||||
ASSERT(clib_bitmap_get(am->fa_in_acl_on_sw_if_index, sw_if_index) != enable_disable);
|
||||
void *oldheap = clib_mem_set_heap (am->vlib_main->heap_base);
|
||||
vnet_feature_enable_disable ("ip4-unicast", "acl-plugin-in-ip4-fa",
|
||||
sw_if_index, enable_disable, 0, 0);
|
||||
vnet_feature_enable_disable ("ip6-unicast", "acl-plugin-in-ip6-fa",
|
||||
sw_if_index, enable_disable, 0, 0);
|
||||
clib_mem_set_heap (oldheap);
|
||||
am->fa_in_acl_on_sw_if_index =
|
||||
clib_bitmap_set (am->fa_in_acl_on_sw_if_index, sw_if_index,
|
||||
enable_disable);
|
||||
@ -1610,10 +1659,12 @@ acl_fa_enable_disable (u32 sw_if_index, int is_input, int enable_disable)
|
||||
else
|
||||
{
|
||||
ASSERT(clib_bitmap_get(am->fa_out_acl_on_sw_if_index, sw_if_index) != enable_disable);
|
||||
void *oldheap = clib_mem_set_heap (am->vlib_main->heap_base);
|
||||
vnet_feature_enable_disable ("ip4-output", "acl-plugin-out-ip4-fa",
|
||||
sw_if_index, enable_disable, 0, 0);
|
||||
vnet_feature_enable_disable ("ip6-output", "acl-plugin-out-ip6-fa",
|
||||
sw_if_index, enable_disable, 0, 0);
|
||||
clib_mem_set_heap (oldheap);
|
||||
am->fa_out_acl_on_sw_if_index =
|
||||
clib_bitmap_set (am->fa_out_acl_on_sw_if_index, sw_if_index,
|
||||
enable_disable);
|
||||
@ -1624,9 +1675,11 @@ acl_fa_enable_disable (u32 sw_if_index, int is_input, int enable_disable)
|
||||
#ifdef FA_NODE_VERBOSE_DEBUG
|
||||
clib_warning("ENABLE-DISABLE: clean the connections on interface %d", sw_if_index);
|
||||
#endif
|
||||
void *oldheap = clib_mem_set_heap (am->vlib_main->heap_base);
|
||||
vlib_process_signal_event (am->vlib_main, am->fa_cleaner_node_index,
|
||||
ACL_FA_CLEANER_DELETE_BY_SW_IF_INDEX,
|
||||
sw_if_index);
|
||||
clib_mem_set_heap (oldheap);
|
||||
}
|
||||
}
|
||||
|
||||
|
@ -109,6 +109,9 @@ typedef struct {
|
||||
/* per-worker ACL_N_TIMEOUTS of conn lists */
|
||||
u32 *fa_conn_list_head;
|
||||
u32 *fa_conn_list_tail;
|
||||
/* adds and deletes per-worker-per-interface */
|
||||
u64 *fa_session_dels_by_sw_if_index;
|
||||
u64 *fa_session_adds_by_sw_if_index;
|
||||
/* Vector of expired connections retrieved from lists */
|
||||
u32 *expired;
|
||||
/* the earliest next expiry time */
|
||||
@ -144,6 +147,10 @@ typedef struct {
|
||||
* because there is not enough work for the current rate.
|
||||
*/
|
||||
int interrupt_is_unwanted;
|
||||
/*
|
||||
* Set to copy of a "generation" counter in main thread so we can sync the interrupts.
|
||||
*/
|
||||
int interrupt_generation;
|
||||
} acl_fa_per_worker_data_t;
|
||||
|
||||
|
||||
|
File diff suppressed because it is too large
Load Diff
@ -57,4 +57,8 @@ hash_multi_acl_match_5tuple (u32 sw_if_index, fa_5tuple_t * pkt_5tuple, int is_l
|
||||
*/
|
||||
void show_hash_acl_hash(vlib_main_t * vm, acl_main_t *am, u32 verbose);
|
||||
|
||||
/* Debug functions to turn validate/trace on and off */
|
||||
void acl_plugin_hash_acl_set_validate_heap(acl_main_t *am, int on);
|
||||
void acl_plugin_hash_acl_set_trace_heap(acl_main_t *am, int on);
|
||||
|
||||
#endif
|
||||
|
@ -18,9 +18,15 @@
|
||||
#define ACL_HASH_LOOKUP_DEBUG 0
|
||||
|
||||
#if ACL_HASH_LOOKUP_DEBUG == 1
|
||||
#define DBG0(...) clib_warning(__VA_ARGS__)
|
||||
#define DBG(...)
|
||||
#define DBG_UNIX_LOG(...)
|
||||
#elif ACL_HASH_LOOKUP_DEBUG == 2
|
||||
#define DBG0(...) clib_warning(__VA_ARGS__)
|
||||
#define DBG(...) clib_warning(__VA_ARGS__)
|
||||
#define DBG_UNIX_LOG(...) clib_unix_warning(__VA_ARGS__)
|
||||
#else
|
||||
#define DBG0(...)
|
||||
#define DBG(...)
|
||||
#define DBG_UNIX_LOG(...)
|
||||
#endif
|
||||
|
@ -38,6 +38,9 @@ typedef struct {
|
||||
typedef struct {
|
||||
/* The mask types present in this ACL */
|
||||
uword *mask_type_index_bitmap;
|
||||
/* hash ACL applied on these interfaces */
|
||||
u32 *inbound_sw_if_index_list;
|
||||
u32 *outbound_sw_if_index_list;
|
||||
hash_ace_info_t *rules;
|
||||
} hash_acl_info_t;
|
||||
|
||||
@ -57,6 +60,10 @@ typedef struct {
|
||||
* if ~0 then this is entry in the hash.
|
||||
*/
|
||||
u32 prev_applied_entry_index;
|
||||
/*
|
||||
* chain tail, if this is the first entry
|
||||
*/
|
||||
u32 tail_applied_entry_index;
|
||||
/*
|
||||
* Action of this applied ACE
|
||||
*/
|
||||
@ -69,6 +76,8 @@ typedef struct {
|
||||
* hash_ace_info_t=>mask_type_index bits set
|
||||
*/
|
||||
uword *mask_type_index_bitmap;
|
||||
/* applied ACLs so we can track them independently from main ACL module */
|
||||
u32 *applied_acls;
|
||||
} applied_hash_acl_info_t;
|
||||
|
||||
|
||||
|
@ -19,14 +19,19 @@ dpdk_plugin_la_LDFLAGS = $(AM_LDFLAGS) -ldpdk
|
||||
else
|
||||
dpdk_plugin_la_LDFLAGS = $(AM_LDFLAGS) -Wl,--whole-archive,-l:libdpdk.a,--no-whole-archive
|
||||
endif
|
||||
if WITH_DPDK_CRYPTO_SW
|
||||
if WITH_DPDK_AESNI_MB_PMD
|
||||
dpdk_plugin_la_LDFLAGS += -Wl,--exclude-libs,libIPSec_MB.a,-l:libIPSec_MB.a
|
||||
endif
|
||||
if WITH_DPDK_AESNI_GCM_PMD
|
||||
dpdk_plugin_la_LDFLAGS += -Wl,--exclude-libs,libisal_crypto.a,-l:libisal_crypto.a
|
||||
endif
|
||||
dpdk_plugin_la_LDFLAGS += -Wl,-lm,-ldl
|
||||
if WITH_DPDK_MLX5_PMD
|
||||
dpdk_plugin_la_LDFLAGS += -Wl,-libverbs
|
||||
endif
|
||||
if WITH_DPDK_MLX4_PMD
|
||||
dpdk_plugin_la_LDFLAGS += -Wl,-libverbs
|
||||
endif
|
||||
|
||||
dpdk_plugin_la_SOURCES = \
|
||||
dpdk/main.c \
|
||||
|
@ -12,13 +12,16 @@
|
||||
* See the License for the specific language governing permissions and
|
||||
* limitations under the License.
|
||||
*/
|
||||
|
||||
#include <vnet/vnet.h>
|
||||
#include <vppinfra/vec.h>
|
||||
#include <vppinfra/format.h>
|
||||
#include <vlib/unix/cj.h>
|
||||
#include <assert.h>
|
||||
|
||||
#include <vnet/ip/ip.h>
|
||||
#include <vnet/ethernet/ethernet.h>
|
||||
#include <vnet/ethernet/arp_packet.h>
|
||||
#include <dpdk/device/dpdk.h>
|
||||
|
||||
#include <dpdk/device/dpdk_priv.h>
|
||||
@ -178,6 +181,65 @@ dpdk_device_stop (dpdk_device_t * xd)
|
||||
}
|
||||
}
|
||||
|
||||
void
|
||||
dpdk_port_state_callback (uint8_t port_id,
|
||||
enum rte_eth_event_type type, void *param)
|
||||
{
|
||||
struct rte_eth_link link;
|
||||
vlib_main_t *vm = vlib_get_main ();
|
||||
dpdk_device_t *xd = &dpdk_main.devices[port_id];
|
||||
|
||||
RTE_SET_USED (param);
|
||||
if (type != RTE_ETH_EVENT_INTR_LSC)
|
||||
{
|
||||
clib_warning ("Unknown event %d received for port %d", type, port_id);
|
||||
return;
|
||||
}
|
||||
|
||||
rte_eth_link_get_nowait (port_id, &link);
|
||||
u8 link_up = link.link_status;
|
||||
|
||||
if (xd->flags & DPDK_DEVICE_FLAG_BOND_SLAVE)
|
||||
{
|
||||
u8 bd_port = xd->bond_port;
|
||||
int bd_mode = rte_eth_bond_mode_get (bd_port);
|
||||
|
||||
if ((link_up && !(xd->flags & DPDK_DEVICE_FLAG_BOND_SLAVE_UP)) ||
|
||||
(!link_up && (xd->flags & DPDK_DEVICE_FLAG_BOND_SLAVE_UP)))
|
||||
{
|
||||
clib_warning ("Port %d state to %s, "
|
||||
"slave of port %d BondEthernet%d in mode %d",
|
||||
port_id, (link_up) ? "UP" : "DOWN",
|
||||
bd_port, xd->port_id, bd_mode);
|
||||
if (bd_mode == BONDING_MODE_ACTIVE_BACKUP)
|
||||
{
|
||||
rte_eth_link_get_nowait (bd_port, &link);
|
||||
if (link.link_status) /* bonded interface up */
|
||||
{
|
||||
u32 hw_if_index = dpdk_main.devices[bd_port].hw_if_index;
|
||||
vlib_process_signal_event
|
||||
(vm, send_garp_na_process_node_index, SEND_GARP_NA,
|
||||
hw_if_index);
|
||||
}
|
||||
}
|
||||
}
|
||||
if (link_up) /* Update slave link status */
|
||||
xd->flags |= DPDK_DEVICE_FLAG_BOND_SLAVE_UP;
|
||||
else
|
||||
xd->flags &= ~DPDK_DEVICE_FLAG_BOND_SLAVE_UP;
|
||||
}
|
||||
else /* Should not happen as callback not setup for "normal" links */
|
||||
{
|
||||
if (link_up)
|
||||
clib_warning ("Port %d Link Up - speed %u Mbps - %s",
|
||||
port_id, (unsigned) link.link_speed,
|
||||
(link.link_duplex == ETH_LINK_FULL_DUPLEX) ?
|
||||
"full-duplex" : "half-duplex");
|
||||
else
|
||||
clib_warning ("Port %d Link Down\n\n", port_id);
|
||||
}
|
||||
}
|
||||
|
||||
/*
|
||||
* fd.io coding-style-patch-verification: ON
|
||||
*
|
||||
|
@ -307,7 +307,7 @@ dpdk_prefetch_buffer_by_index (vlib_main_t * vm, u32 bi)
|
||||
struct rte_mbuf *mb;
|
||||
b = vlib_get_buffer (vm, bi);
|
||||
mb = rte_mbuf_from_vlib_buffer (b);
|
||||
CLIB_PREFETCH (mb, CLIB_CACHE_LINE_BYTES, LOAD);
|
||||
CLIB_PREFETCH (mb, 2 * CLIB_CACHE_LINE_BYTES, STORE);
|
||||
CLIB_PREFETCH (b, CLIB_CACHE_LINE_BYTES, LOAD);
|
||||
}
|
||||
|
||||
|
@ -92,6 +92,7 @@ typedef enum
|
||||
VNET_DPDK_PORT_TYPE_ETH_10G,
|
||||
VNET_DPDK_PORT_TYPE_ETH_25G,
|
||||
VNET_DPDK_PORT_TYPE_ETH_40G,
|
||||
VNET_DPDK_PORT_TYPE_ETH_50G,
|
||||
VNET_DPDK_PORT_TYPE_ETH_100G,
|
||||
VNET_DPDK_PORT_TYPE_ETH_BOND,
|
||||
VNET_DPDK_PORT_TYPE_ETH_SWITCH,
|
||||
@ -173,6 +174,8 @@ typedef struct
|
||||
#define DPDK_DEVICE_FLAG_MAYBE_MULTISEG (1 << 4)
|
||||
#define DPDK_DEVICE_FLAG_HAVE_SUBIF (1 << 5)
|
||||
#define DPDK_DEVICE_FLAG_HQOS (1 << 6)
|
||||
#define DPDK_DEVICE_FLAG_BOND_SLAVE (1 << 7)
|
||||
#define DPDK_DEVICE_FLAG_BOND_SLAVE_UP (1 << 8)
|
||||
|
||||
u16 nb_tx_desc;
|
||||
CLIB_CACHE_LINE_ALIGN_MARK (cacheline1);
|
||||
@ -197,6 +200,10 @@ typedef struct
|
||||
/* af_packet or BondEthernet instance number */
|
||||
u8 port_id;
|
||||
|
||||
/* Bonded interface port# of a slave -
|
||||
only valid if DPDK_DEVICE_FLAG_BOND_SLAVE bit is set */
|
||||
u8 bond_port;
|
||||
|
||||
struct rte_eth_link link;
|
||||
f64 time_last_link_update;
|
||||
|
||||
@ -408,6 +415,8 @@ typedef struct
|
||||
void dpdk_device_setup (dpdk_device_t * xd);
|
||||
void dpdk_device_start (dpdk_device_t * xd);
|
||||
void dpdk_device_stop (dpdk_device_t * xd);
|
||||
void dpdk_port_state_callback (uint8_t port_id,
|
||||
enum rte_eth_event_type type, void *param);
|
||||
|
||||
#define foreach_dpdk_error \
|
||||
_(NONE, "no error") \
|
||||
|
@ -186,6 +186,10 @@ format_dpdk_device_name (u8 * s, va_list * args)
|
||||
device_name = "FortyGigabitEthernet";
|
||||
break;
|
||||
|
||||
case VNET_DPDK_PORT_TYPE_ETH_50G:
|
||||
device_name = "FiftyGigabitEthernet";
|
||||
break;
|
||||
|
||||
case VNET_DPDK_PORT_TYPE_ETH_100G:
|
||||
device_name = "HundredGigabitEthernet";
|
||||
break;
|
||||
|
@ -61,6 +61,8 @@ port_type_from_speed_capa (struct rte_eth_dev_info *dev_info)
|
||||
|
||||
if (dev_info->speed_capa & ETH_LINK_SPEED_100G)
|
||||
return VNET_DPDK_PORT_TYPE_ETH_100G;
|
||||
else if (dev_info->speed_capa & ETH_LINK_SPEED_50G)
|
||||
return VNET_DPDK_PORT_TYPE_ETH_50G;
|
||||
else if (dev_info->speed_capa & ETH_LINK_SPEED_40G)
|
||||
return VNET_DPDK_PORT_TYPE_ETH_40G;
|
||||
else if (dev_info->speed_capa & ETH_LINK_SPEED_25G)
|
||||
@ -1270,9 +1272,9 @@ dpdk_update_link_state (dpdk_device_t * xd, f64 now)
|
||||
ed->new_link_state = (u8) xd->link.link_status;
|
||||
}
|
||||
|
||||
if ((xd->flags & DPDK_DEVICE_FLAG_ADMIN_UP) &&
|
||||
((xd->link.link_status != 0) ^
|
||||
vnet_hw_interface_is_link_up (vnm, xd->hw_if_index)))
|
||||
if ((xd->flags & (DPDK_DEVICE_FLAG_ADMIN_UP | DPDK_DEVICE_FLAG_BOND_SLAVE))
|
||||
&& ((xd->link.link_status != 0) ^
|
||||
vnet_hw_interface_is_link_up (vnm, xd->hw_if_index)))
|
||||
{
|
||||
hw_flags_chg = 1;
|
||||
hw_flags |= (xd->link.link_status ? VNET_HW_INTERFACE_FLAG_LINK_UP : 0);
|
||||
@ -1373,8 +1375,10 @@ dpdk_process (vlib_main_t * vm, vlib_node_runtime_t * rt, vlib_frame_t * f)
|
||||
/*
|
||||
* Extra set up for bond interfaces:
|
||||
* 1. Setup MACs for bond interfaces and their slave links which was set
|
||||
* in dpdk_device_setup() but needs to be done again here to take effect.
|
||||
* 2. Set up info for bond interface related CLI support.
|
||||
* in dpdk_device_setup() but needs to be done again here to take
|
||||
* effect.
|
||||
* 2. Set up info and register slave link state change callback handling.
|
||||
* 3. Set up info for bond interface related CLI support.
|
||||
*/
|
||||
int nports = rte_eth_dev_count ();
|
||||
if (nports > 0)
|
||||
@ -1399,7 +1403,8 @@ dpdk_process (vlib_main_t * vm, vlib_node_runtime_t * rt, vlib_frame_t * f)
|
||||
(slink[0], (struct ether_addr *) addr);
|
||||
|
||||
/* Set MAC of bounded interface to that of 1st slave link */
|
||||
clib_warning ("Set MAC for bond dev# %d", i);
|
||||
clib_warning ("Set MAC for bond port %d BondEthernet%d",
|
||||
i, xd->port_id);
|
||||
rv = rte_eth_bond_mac_address_set
|
||||
(i, (struct ether_addr *) addr);
|
||||
if (rv)
|
||||
@ -1428,34 +1433,38 @@ dpdk_process (vlib_main_t * vm, vlib_node_runtime_t * rt, vlib_frame_t * f)
|
||||
/* Add MAC to all slave links except the first one */
|
||||
if (nlink)
|
||||
{
|
||||
clib_warning ("Add MAC for slave dev# %d", slave);
|
||||
clib_warning ("Add MAC for slave port %d", slave);
|
||||
rv = rte_eth_dev_mac_addr_add
|
||||
(slave, (struct ether_addr *) addr, 0);
|
||||
if (rv)
|
||||
clib_warning ("Add MAC addr failure rv=%d", rv);
|
||||
}
|
||||
/* Setup slave link state change callback handling */
|
||||
rte_eth_dev_callback_register
|
||||
(slave, RTE_ETH_EVENT_INTR_LSC,
|
||||
dpdk_port_state_callback, NULL);
|
||||
dpdk_device_t *sxd = &dm->devices[slave];
|
||||
sxd->flags |= DPDK_DEVICE_FLAG_BOND_SLAVE;
|
||||
sxd->bond_port = i;
|
||||
/* Set slaves bitmap for bonded interface */
|
||||
bhi->bond_info = clib_bitmap_set
|
||||
(bhi->bond_info, sdev->hw_if_index, 1);
|
||||
/* Set slave link flags on slave interface */
|
||||
/* Set MACs and slave link flags on slave interface */
|
||||
shi = vnet_get_hw_interface (vnm, sdev->hw_if_index);
|
||||
ssi = vnet_get_sw_interface
|
||||
(vnm, sdev->vlib_sw_if_index);
|
||||
sei = pool_elt_at_index
|
||||
(em->interfaces, shi->hw_instance);
|
||||
|
||||
shi->bond_info = VNET_HW_INTERFACE_BOND_INFO_SLAVE;
|
||||
ssi->flags |= VNET_SW_INTERFACE_FLAG_BOND_SLAVE;
|
||||
clib_memcpy (shi->hw_address, addr, 6);
|
||||
clib_memcpy (sei->address, addr, 6);
|
||||
|
||||
/* Set l3 packet size allowed as the lowest of slave */
|
||||
if (bhi->max_l3_packet_bytes[VLIB_RX] >
|
||||
shi->max_l3_packet_bytes[VLIB_RX])
|
||||
bhi->max_l3_packet_bytes[VLIB_RX] =
|
||||
bhi->max_l3_packet_bytes[VLIB_TX] =
|
||||
shi->max_l3_packet_bytes[VLIB_RX];
|
||||
|
||||
/* Set max packet size allowed as the lowest of slave */
|
||||
if (bhi->max_packet_bytes > shi->max_packet_bytes)
|
||||
bhi->max_packet_bytes = shi->max_packet_bytes;
|
||||
|
@ -7,10 +7,10 @@ This document is meant to contain all related information about implementation a
|
||||
|
||||
DPDK Cryptodev is an asynchronous crypto API that supports both Hardware and Software implementations (for more details refer to [DPDK Cryptography Device Library documentation](http://dpdk.org/doc/guides/prog_guide/cryptodev_lib.html)).
|
||||
|
||||
When DPDK support is enabled and there are enough Cryptodev resources for all workers, the node graph is reconfigured by adding and changing default next nodes.
|
||||
When there are enough Cryptodev resources for all workers, the node graph is reconfigured by adding and changing the default next nodes.
|
||||
|
||||
The following nodes are added:
|
||||
* dpdk-crypto-input : polling input node, basically dequeuing from crypto devices.
|
||||
* dpdk-crypto-input : polling input node, dequeuing from crypto devices.
|
||||
* dpdk-esp-encrypt : internal node.
|
||||
* dpdk-esp-decrypt : internal node.
|
||||
* dpdk-esp-encrypt-post : internal node.
|
||||
@ -23,16 +23,9 @@ Set new default next nodes:
|
||||
|
||||
### How to enable VPP IPSec with DPDK Cryptodev support
|
||||
|
||||
DPDK Cryptodev is supported in DPDK enabled VPP and by default only HW Cryptodev is supported.
|
||||
To enable SW Cryptodev support (AESNI-MB-PMD and GCM-PMD), we need the following env option:
|
||||
When building DPDK with VPP, Cryptodev support is always enabled.
|
||||
|
||||
vpp_uses_dpdk_cryptodev_sw=yes
|
||||
|
||||
A couple of ways to achive this:
|
||||
* uncomment/add it in the platforms config (ie. build-data/platforms/vpp.mk)
|
||||
* set the option when building vpp (ie. make vpp_uses_dpdk_cryptodev_sw=yes build-release)
|
||||
|
||||
When enabling SW Cryptodev support, it means that you need to pre-build the required crypto libraries needed by those SW Cryptodev PMDs. This requires nasm, see nasm section below.
|
||||
Additionally, on x86_64 platforms, DPDK is built with SW crypto support.
|
||||
|
||||
|
||||
### Crypto Resources allocation
|
||||
|
@ -245,7 +245,6 @@ memif_interface_tx_inline (vlib_main_t * vm, vlib_node_runtime_t * node,
|
||||
{
|
||||
vlib_error_count (vm, node->node_index, MEMIF_TX_ERROR_NO_FREE_SLOTS,
|
||||
n_left);
|
||||
vlib_buffer_free (vm, buffers, n_left);
|
||||
}
|
||||
|
||||
vlib_buffer_free (vm, vlib_frame_args (frame), frame->n_vectors);
|
||||
|
@ -227,6 +227,14 @@ memif_connect (memif_if_t * mif)
|
||||
clib_warning
|
||||
("Warning: unable to set rx mode for interface %d queue %d: "
|
||||
"rc=%d", mif->hw_if_index, i, rv);
|
||||
else
|
||||
{
|
||||
vnet_hw_interface_rx_mode rxmode;
|
||||
vnet_hw_interface_get_rx_mode (vnm, mif->hw_if_index, i, &rxmode);
|
||||
|
||||
if (rxmode == VNET_HW_INTERFACE_RX_MODE_POLLING)
|
||||
mq->ring->flags |= MEMIF_RING_FLAG_MASK_INT;
|
||||
}
|
||||
}
|
||||
|
||||
mif->flags &= ~MEMIF_IF_FLAG_CONNECTING;
|
||||
|
@ -21,6 +21,8 @@ import subprocess
|
||||
import re
|
||||
import sys
|
||||
from optparse import OptionParser
|
||||
from errno import EACCES, EPERM, ENOENT
|
||||
|
||||
|
||||
try:
|
||||
import readline
|
||||
@ -43,6 +45,30 @@ class Vppctl(Cmd):
|
||||
readline.set_history_length(persishist_size)
|
||||
readline.write_history_file(persishist)
|
||||
|
||||
def print_file_error_message(self,e, file_name):
|
||||
#PermissionError
|
||||
if e.errno==EPERM or e.errno==EACCES:
|
||||
print("PermissionError error({0}): {1} for:\n{2}".format(e.errno, e.strerror, file_name))
|
||||
#FileNotFoundError
|
||||
elif e.errno==ENOENT:
|
||||
print("FileNotFoundError error({0}): {1} as:\n{2}".format(e.errno, e.strerror, file_name))
|
||||
elif IOError:
|
||||
print("I/O error({0}): {1} as:\n{2}".format(e.errno, e.strerror, file_name))
|
||||
elif OSError:
|
||||
print("OS error({0}): {1} as:\n{2}".format(e.errno, e.strerror, file_name))
|
||||
|
||||
def testPermissions(self):
|
||||
if(self.api_prefix is None):
|
||||
filename = "/dev/shm/vpe-api"
|
||||
else:
|
||||
filename = "/dev/shm/%s-vpe-api" % self.api_prefix
|
||||
try:
|
||||
file = open(filename)
|
||||
file.close()
|
||||
except (IOError, OSError) as e:
|
||||
self.print_file_error_message(e,filename)
|
||||
sys.exit()
|
||||
|
||||
def runVat(self, line):
|
||||
input_prefix = "exec "
|
||||
input_command = input_prefix + line
|
||||
@ -53,9 +79,7 @@ class Vppctl(Cmd):
|
||||
else:
|
||||
command = ['vpp_api_test',"chroot prefix %s " % self.api_prefix]
|
||||
|
||||
if os.geteuid() != 0:
|
||||
command = ['sudo'] + command
|
||||
|
||||
self.testPermissions()
|
||||
vpp_process = subprocess.Popen(command,
|
||||
stderr=subprocess.PIPE,
|
||||
stdin=subprocess.PIPE,
|
||||
|
@ -13,7 +13,7 @@
|
||||
|
||||
bin_PROGRAMS += svmtool svmdbtool
|
||||
|
||||
nobase_include_HEADERS += svm/svm.h svm/ssvm.h svm/svmdb.h \
|
||||
nobase_include_HEADERS += svm/svm.h svm/svm_common.h svm/ssvm.h svm/svmdb.h \
|
||||
svm/svm_fifo.h svm/svm_fifo_segment.h
|
||||
|
||||
lib_LTLIBRARIES += libsvm.la libsvmdb.la
|
||||
|
Some files were not shown because too many files have changed in this diff Show More
Reference in New Issue
Block a user