Compare commits

...

75 Commits

Author SHA1 Message Date
Neale Ranns
3be13f0063 Add replicate DPO header to export list for VPPSB
Change-Id: I0b437ac5fecc81c7762d9cad0f33e977fcf3aa27
Signed-off-by: Neale Ranns <nranns@cisco.com>
(cherry picked from commit 60c1c7c0397eaeb201f0fe300285bda4ae3ef707)
(cherry picked from commit 234301f3c7f4170e78500ce112aff7951f88cf45)
2017-11-07 16:54:47 +00:00
Neale Ranns
de08cd6a1c Treat label=0 as an invalid next-hop-via-label
Change-Id: I831226111d26f5c8a795e0773e23fddcddfb1613
Signed-off-by: Neale Ranns <nranns@cisco.com>
(cherry picked from commit caac350076e386e5caf6322a3439ea0c36d77cc5)
2017-10-25 18:38:42 +00:00
Pierre Pfister
30ef35e636 fix buffer allocation for sparse jumbo frames in vhost
A bug was reported where a jumbo packet would stay in vhost
queue forever or until a large enough number of other packets
arrived in the queue too.

This is due to a bug in vhost input node buffer allocation.

The fix is to make sure that vhost always allocates at least
enough buffers for one single big packet. '40' is used to
account for 65kB frames.

Change-Id: I1d293028854165083e30cd798fab9d4140230b78
Signed-off-by: Pierre Pfister <ppfister@cisco.com>
2017-10-10 19:09:35 +00:00
Steven
aa5df48cb2 vhost: crash under heavy traffic condition due to memory corruption
With heavy traffic, tx code path may crash due to memory corruption

Thread 5 "vpp_wk_2" received signal SIGSEGV, Segmentation fault.
[Switching to Thread 0x7fff3995c700 (LWP 2505)]
0x00007ffff73675e8 in vhost_user_if_input (vm=0x7fffb5f5bf9c,
    vum=0x7ffff7882a40 <vhost_user_main>, vui=0x7fffb65570c4, qid=0,
    node=0x7fffb6577dac, mode=VNET_HW_INTERFACE_RX_MODE_POLLING)
    at /home/sluong/vpp-master/vpp/build-data/../src/vnet/devices/virtio/vhost-user.c:1610
1610		  bi_current = (vum->cpus[thread_index].rx_buffers)
	                       [vum->cpus[thread_index].rx_buffers_len];
(gdb) p vum->cpus[thread_index].rx_buffers_len
$2 = 793212607
(gdb)

Apparently, some code accidentally wrote the bad value in rx_buffers_len.
rx_buffers_len should never be greater than 1024 since that is how many buffers
we request each time.

After debugging many hours, I discovered that the memory corruption happens
in the tx code path right here on line 2176.

	  {
	    vhost_copy_t *cpy = &vum->cpus[thread_index].copy[copy_len];
	    copy_len++;
	    cpy->len = bytes_left;
	    cpy->len = (cpy->len > buffer_len) ? buffer_len : cpy->len;
	    cpy->dst = buffer_map_addr;
	    cpy->src = (uword) vlib_buffer_get_current (current_b0) +
	      current_b0->current_length - bytes_left;

(gdb) p cpy
$3 = (vhost_copy_t *) 0x7fffb554077c
(gdb) p copy_len
$4 = 1025
(gdb) p &vum->cpus[3].rx_buffers_len
$8 = (u32 *) 0x7fffb5540784

copy_len is picking up the index entry 1024 before it was incremented. copy array has only
1024 members (0 - 1023 are valid).
The assignment here in cpy surely causes memory corruption. It is only discovered later
when the memory location that it corrupted is used.

The condition for the crash is to transmit jumbo frames under heavy volume. Since ring
size is 1024, with one packet taking up one index for frame size (less 2048), it does
not cause overflow. With jumbo frames, it requires multiple indices for one packet,
it can cause the overflow under heavy traffic.

The fix is to do copy out when we have 1000 entries in the array to avoid
overflow.

Change-Id: Iefbc739b8e80470f1cf13123113f8331ffcd0eb2
Signed-off-by: Steven <sluong@cisco.com>
2017-10-10 19:09:12 +00:00
Steven
da1eadcf4e cdp/lldp: punt for no buffer (VPP-997)
When making a call to vlib_packet_template_get_packet(), it
is possible to get back a NULL if the system runs out of buffer.
This can happen when there is buffer leaks. But don't crash
just because we run out of buffers, just punt.

Change-Id: Ie90ea41f3dda6e583d48959cbd18ff124158d7f8
Signed-off-by: Steven <sluong@cisco.com>
(cherry picked from commit 0ff5c563d5048991dbd02a3892dccde8305a7e30)
(cherry picked from commit 1808f3c00a7bcdea7f0c004ef0613db2156c2065)
2017-10-07 19:10:07 +00:00
Steven
16d12cf186 tuntap: Introduce per thread structure to suport multi-threads (VPP-1012)
https://gerrit.fd.io/r/#/c/8551/ decoupled the global variable,
namely tm->iovecs from TX and RX. However, to support multi-threads,
we have to eliminate the use of this global variable with per thread
variable. I notice that rx_buffers must also be per thread variable.
So, we introduce per thread struct to contain rx_buffers and iovecs.
Each thread will find the per thread struct with thread_index.

Change-Id: I61abf2fdace8d722525a382ac72f0d04a173b9ce
Signed-off-by: Steven <sluong@cisco.com>
(cherry picked from commit 4cd257667406d0500a81323ef91f5c7c8c902b25)
2017-10-06 18:12:05 +00:00
Steven
43bb653d7f tun/tap: Bad packets sent to kernel via tun/tap interface
It was observed that under heavy traffic, VPP accidentally sent traffic
with the wrong source and destination to the tun/tap interface. Traffic
appears to be sent to the wrong direction. This problem is only
seen when worker thread is configured.

When worker thread is used, TX and RX may reside in different
core. Yet both TX and RX threads are sharing the same global variable,
namely iovecs without any mutex or memory barrier protection.
This creates a race condition when heavy traffic is blasted to VPP,
like 1000 pps.

We could create a mutex or memory barrier to ensure atomic memory access.
But why bother? It is a lot cheaper to just decouple the iovecs such
that TX and RX have their own iovecs.

Change-Id: I86a5a19bd8de54d54f32e1f0845bae6a81bbf686
Signed-off-by: Steven <sluong@cisco.com>
(cherry picked from commit 4ff586d1c6fc5c40e1548cd6f221a8a7f3ad033b)
(cherry picked from commit 3fd57e67532bd55701bef7365adc17da229a44dc)
2017-10-06 04:20:02 +00:00
Neale Ranns
348edb1c06 Set MAC address needs the HW interface index
Change-Id: I7b175d57b85e626aab00221b6dac0498aebcbeae
Signed-off-by: Neale Ranns <nranns@cisco.com>
(cherry picked from commit d867a7cf6baffcebbf1b6e408272ec22dc55dd68)
2017-10-04 17:15:16 +00:00
John Lo
c5c77ae50a Update L2FIB entry timestamp only if BD aging enabled (VPP-1002)
Change L2 learning path so it update stale timestamp in MAC entry
only if aging is enabled on the BD for the MAC entry.

Change-Id: I849154fe7ad2c6c68d6a94a66ca9345f6a98bc07
Signed-off-by: John Lo <loj@cisco.com>
2017-10-04 09:37:36 +00:00
Akshaya N
7feb35f9fe VLAN support on host(af-packet) interface.
On host interface if a VLAN tagged packet is received, linux kernel removes
the VLAN header from packet byte stream and adds metadata in tpacket2_hdr.
This patch explicitely checks for the presense of VLAN metadata and adds it
in VPP packet.

Change-Id: I0ba35c1e98dbc008ce18d032f22f2717d610c1aa
Signed-off-by: Akshaya N <akshaya@rtbrick.com>
(cherry picked from commit 535f0bfe0274e86c5d2e00dfd66dd632c6ae20a9)
2017-09-28 19:49:20 +00:00
Marco Varlese
839fa732c1 The build system still builds the DPDK plugin when the option
vpp_uses_dpdk is set to "no" in build-data/platforms/vpp.mk causing the
build to fail.

This patch addresses that issue.

Change-Id: Icc1aaa508e730c9b8715119e1259e4c82f974048
Signed-off-by: Marco Varlese <marco.varlese@suse.com>
(cherry picked from commit edfa2fddf84fe102e3c134c4df312638b3a00339)
2017-09-05 08:50:16 +00:00
John Lo
484d406a19 Improve L2FIB PDR/NDR performance (VPP-963)
1. Limit MAC entry update per l2-learn call to reduce update burst
   when wall clock advance to the the next minute so all MAC time
   stamps are behind current time.
2. Optimize l2-learn node fast path code sequence.
3. Invalidate cache_key when update MAC entry.
4. Change L2 learn hit counter to L2 learn hit-update counter.
5. Increase L2FIB table memory size to 512MB to fit 4M entries
6. Set MAC learn limit at 4M entries

Change-Id: I19572f7f8a4b42a01be025a609fb03af50af16b2
Signed-off-by: John Lo <loj@cisco.com>
2017-09-01 07:07:04 -04:00
Andrew Yourtchenko
ce9714032d acl-plugin: warning printed when acl_add_replace already applied ACLs (complete the fix for VPP-935)
The fix for VPP-935 missed the case that hash_acl_add() and hash_acl_delete() may be called
during the replacement of the existing applied ACL, as a result the "applied" logic needs
to be replicated for the hash acls separately, since it is a lower layer.

Change-Id: I7dcb2b120fcbdceb5e59acb5029f9eb77bd0f240
Signed-off-by: Andrew Yourtchenko <ayourtch@gmail.com>
2017-08-25 14:12:49 +00:00
Andrew Yourtchenko
778df28c2a vl_api_sw_interface_set_mtu_t_handler: fix assert in vnet_get_hw_interface
The handler was calling the routines with sw_if_index instead of hw_if_index,
fix that by an extra call to vnet_get_sw_interface, and check that the interface
type is VNET_SW_INTERFACE_TYPE_HARDWARE before proceeding.

Change-Id: I4a6f65f44e250ecdb2b72d2693c9d7db5a52b966
Signed-off-by: Andrew Yourtchenko <ayourtch@gmail.com>
2017-08-24 21:32:18 +00:00
Damjan Marion
dff9314f6f dpdk: define MACHINE before it is used
This fixes build on non-x86 platforms like arm64.

Change-Id: I7ff5df92f89e34c27889d82f35924dc28cde8c39
Signed-off-by: Damjan Marion <damarion@cisco.com>
(cherry picked from commit 5f22f4ddded8ac41487dab3069ff8d77c3916205)
2017-08-22 13:34:29 +00:00
Florin Coras
f89ad4b9cb gpe: fix sub-interface hash lookup
Change-Id: Ice6b3818ee24c7c248bf61e4d6c1ef2a85cb8fb1
Signed-off-by: Florin Coras <fcoras@cisco.com>
(cherry picked from commit af8c8e5d9596b4bb1dc6edc5c3675de5304f6456)
2017-08-21 17:21:26 +00:00
John Lo
644d4671e4 Increase L2FIB MAC learn limit from 1M to 8M entries
Change-Id: I04589d3613653c402e6628202598972c2fa59d24
Signed-off-by: John Lo <loj@cisco.com>
2017-08-19 22:46:14 +00:00
Marco Varlese
7ec379582d Previous version was still downloading, unpacking and building IPSEC / AES
libraries.

This patch addresses the misbehaviour.

Change-Id: I41f1ece3ca21c5a8f2c95533ed3d77a535233ea6
Signed-off-by: Marco Varlese <marco.varlese@suse.com>
2017-08-19 18:34:17 +00:00
Sergio Gonzalez Monroy
8e0fba96e1 dpdk: force libdir for isa-l crypto library
Depending on the OS, the default libdir might change.

RHEL/Ubuntu:
libdir={exec_prefix}/lib

OpenSUSE:
libdir={exec_prefix}/lib64

Change-Id: I5f1672e5815ad821e6ac5fff95de5232ab735b67
Signed-off-by: Sergio Gonzalez Monroy <sergio.gonzalez.monroy@intel.com>
2017-08-19 17:49:39 +00:00
Damjan Marion
2e16dbd95c dpdk: prefetch 2nd cacheline of rte_mbuf during tx
Change-Id: I0db02dd0147dbd47d4296fdb84280d0e7d321f3c
Signed-off-by: Damjan Marion <damarion@cisco.com>
2017-08-19 12:29:59 +00:00
Sergio Gonzalez Monroy
235049db21 dpdk: cleanup unused build option *_uses_dpdk_cryptodev_sw
Change-Id: I62939592bd3cb151e02c55a3f1ee6e7d1ce469cb
Signed-off-by: Sergio Gonzalez Monroy <sergio.gonzalez.monroy@intel.com>
2017-08-18 23:38:56 +00:00
Sergio Gonzalez Monroy
375b62e265 dpdk: only build SW crypto for x86_64 platforms
Change-Id: If559747ad59c82c81d15734f27e15548eca0962b
Signed-off-by: Sergio Gonzalez Monroy <sergio.gonzalez.monroy@intel.com>
2017-08-18 22:03:24 +00:00
Thomas F Herbert
d185427282 Fix nasm deps for Fedora.
Fedora 24 and 25 distro already includes nasm 2.12 but Centos does not as yet.

Change-Id: I060ea8b7b7892ac8444d850398ed1c9100631fbc
Signed-off-by: Thomas F Herbert <therbert@redhat.com>
2017-08-18 20:59:34 +00:00
Marco Varlese
3cbfbd9e74 Added NASM package to support SW crypto
Change-Id: Idd6614b80e456eb40c760024b563ffd0e5c313ec
Signed-off-by: Marco Varlese <marco.varlese@suse.com>
2017-08-18 19:51:13 +00:00
Sergio Gonzalez Monroy
48e1668917 dpdk: update build
Current optional DPDK PMDs are:
- AESNI MB PMD (SW crypto)
- AESNI GCM PMD (SW crypto)
- MLX4 PMD
- MLX5 PMD

This change will always build DPDK SW crypto PMDs and required SW crypto
libraries, while MLX PMDs are still optional and the user has to build
required libraries.

Now the configure script detects if any of the optional DPDK PMDs were
built and link against their required libraries/dependencies.

Change-Id: I1560bebd71035d6486483f22da90042ec2ce40a1
Signed-off-by: Sergio Gonzalez Monroy <sergio.gonzalez.monroy@intel.com>
2017-08-18 19:06:15 +00:00
Andrew Yourtchenko
c1ff53f25d acl-plugin: time out the sessions created by main thread too (VPP-948)
In multithread setup the main thread may send packets,
which may pass through the node with permit+reflect action.
This creates the connection in lists for thread0,
however in multithread there are no interupt handlers there.

Ensure we are not spending too much time spinning in a
tight cycle by suspending the main cleaner thread
until the current iteration of interrupts is processed.

Change-Id: Idb7346737757ee9a67b5d3e549bc9ad9aab22e89
Signed-off-by: Andrew Yourtchenko <ayourtch@gmail.com>
2017-08-17 13:57:34 +02:00
Florin Coras
2e342af835 Fix LISP cp buffer leakage
Change-Id: Id7e0f967cc510f0b45f043f74493854083ac67ae
Signed-off-by: Florin Coras <fcoras@cisco.com>
2017-08-11 16:56:40 +00:00
Andrew Yourtchenko
f2cfcf676e acl-plugin: add the debug CLI to show macip ACLs and where they are applied (VPP-936)
When looking at resource utilisation, it is useful to understand
the interactions between the acl-plugin and the rest of VPP.
MACIP ACLs till now could only be dumped via API,
which is tricky when debugging. Add the CLIs to see
the MACIP ACLs and where they are applied.

Change-Id: I3211901589e3dcff751697831c1cd0e19dcab1da
Signed-off-by: Andrew Yourtchenko <ayourtch@gmail.com>
2017-08-10 18:09:58 +00:00
Andrew Yourtchenko
fb088f0a20 acl-plugin: match index set to first portrange element if non-first portrange matches on the same hash key (VPP-938)
Multiple portranges that land on the same hash key will always report the match
on the first portrange - even when the subsequent portranges have matched.
Test escape, so make a corresponding test case and fix the code so it passes.

Change-Id: Idbeb8a122252ead2468f5f9dbaf72cf0e8bb78f1
Signed-off-by: Andrew Yourtchenko <ayourtch@gmail.com>
2017-08-10 17:58:32 +00:00
Andrew Yourtchenko
1de7d70444 acl-plugin: hash lookup bitmask not cleared when ACL is unapplied from interface (VPP-935)
The logic in hash ACL bitmask update was using the vector
of ACLs applied to the interface to rebuild the hash lookup mask.
However, in transient cases (like doing group manipulation with
hash ACLs), that will not hold true. Thus, make
a local copy of for which ACL indices the hash_acl_apply
was called previously, and maintain that one local
to the hash_lookup.c file logic.

Change-Id: I30187d68febce8bba2ab6ffbb1eee13b5c96a44b
Signed-off-by: Andrew Yourtchenko <ayourtch@gmail.com>
2017-08-10 16:21:52 +00:00
Andrew Yourtchenko
e6423bef32 acl-plugin: avoid crash in multithreaded setup adding/deleting ACLs with traffic (VPP-910/VPP-929)
The commit fixing the VPP-910 and separating the memory operations
into separate heaps has missed setting the MHEAP_FLAG_THREAD_SAFE,
which quite obviously caused the issues in the multithread setup.
Fix that.

Also, add the debug CLIs
"set acl-plugin heap {main|hash} {validate|trace} {1|0}"
to toggle the memory instrumentation, in case we ever need it
in the future.

Change-Id: I8bd4f7978613f5ea75a030cfb90674dac34ae7bf
Signed-off-by: Andrew Yourtchenko <ayourtch@gmail.com>
2017-08-10 11:09:50 +02:00
Andrew Yourtchenko
754370f1b5 acl-plugin: all TCP sessions treated as transient (VPP-932)
The packet that was creating the session was not tracked,
consequently the TCP flags seen within the session record
never got the value for the session to get treated as
being in the established state.

Test-escape, so add the TCP tests which test the
three phases of the TCP session life and make them all pass.

Change-Id: Ib048bc30c809a7f03be2de7e8361c2c281270348
Signed-off-by: Andrew Yourtchenko <ayourtch@gmail.com>
2017-08-09 14:05:50 +02:00
Mohammed Hawari
b7cd108399 ping: fixing wrong value when there are worker threads
- the echo_reply_node is now notifying the cli process on the main thread/vlib_main
- the timestamp for the icmp reply is now acquired in the echo_reply_node and not in the cli process to avoid an off by 10ms error (see 【vpp-dev】delay is error in ping with multi worker thread)

Change-Id: I21d37002b0376b4f2ccab08d8f04c2f2944b9b39
Signed-off-by: Mohammed Hawari <mhawari@cisco.com>
(cherry picked from commit 03a6213fb5022d37ea92f974a1814db1c70bcbdf)
2017-08-08 18:30:55 +00:00
Andrew Yourtchenko
58013b7350 acl-plugin: fix a misplaced return (VPP-910)
It was uncaught by make test because the corresponding tests are not there yet - part of 17.10 deliverables

Change-Id: I55456f1874ce5665a06ee411c7abf37cd19ed814
Signed-off-by: Andrew Yourtchenko <ayourtch@gmail.com>
2017-08-08 13:27:30 +02:00
Andrew Yourtchenko
bd9c5ffe39 acl-plugin: rework the optimization 7383, fortify acl-plugin memory behavior (VPP-910)
The further prolonged testing from testbed that reported VPP-910
has uncovered a couple of deeper issues with optimization from
7384, and the usage of subscripts rather than vec_elt_at_index()
allowed to hide a couple of further errors in the code.
Also, the current acl-plugin behavior of using the global
heap for its dynamic data is problematic - it makes
the troubleshooting much harder by potentially spreading
the problem around.

Based on this experience, this commits makes a few changes to fix
the issues seen, also improving the serviceability of the acl-plugin
code for the future:

- Use separate mheaps for any ACL-related control plane
operations and separate for the hash lookup datastructures,
to compartmentalize any memory-related issues for the ACL plugin.

- Ensure vec_elt_at_index() usage throughout the hash_lookup.c file.

- Use vectors rather than raw memory for storing the "ordinary" ACL rules.

- Rework the optimization from 7384 to use a separate tail pointer
rather than overloading the "prev" field.

- Make get_session_ptr() more conservative and adjust is_valid_session_ptr
accordingly

Change-Id: Ifda85193f361de5ed3782a4acd39622bd33c5830
Signed-off-by: Andrew Yourtchenko <ayourtch@gmail.com>
2017-08-08 10:42:19 +02:00
Andrew Yourtchenko
8e4222fc7e acl-plugin: multicore: CSIT c100k 2-core stateful ACL test does not pass (VPP-912)
Fix several threading-related issues uncovered by the CSIT scale/performance test:

- make the per-interface add/del counters per-thread

- preallocate the per-worker session pools rather than
  attempting to resize them within the datapath

- move the bihash initialization to the moment of ACL
  being applied rather than later during the connection creation

- adjust the connection cleaning logic to not require
  the signaling from workers to main thread

- make the connection lists check in the main thread robust against workers
  updating the list heads at the same time

- add more information to "show acl-plugin sessions" to aid in debugging

Change-Id: If82ef715e4993614df11db5e9afa7fa6b522d9bc
Signed-off-by: Andrew Yourtchenko <ayourtch@gmail.com>
2017-08-02 06:36:07 -04:00
Damjan Marion
6d19bcde9c Fix interface reuse when running multithreaded
Node function pointer was not set on all node runtimes causing crash if
new interface is different type.

Change-Id: I4661fe883befc6cd3fc6dfc14fd44f6fa5faf27c
Signed-off-by: Damjan Marion <damarion@cisco.com>
(cherry picked from commit c418e4ac7cf36bd64f3130c258d5f1897c245f2b)
2017-07-31 17:07:56 +00:00
Jan Gelety
7f6290e02e Use CSIT release branch for verify job
Change-Id: If68d9cda27941305fe5186c034028684b6079380
Signed-off-by: Jan Gelety <jgelety@cisco.com>
2017-07-28 09:02:20 +02:00
Steven
6a4de2764d vhost: debug vhost-user command needs better error checking on the syntax (VPP-916)
The syntax for debug vhost-user is
debug vhost-user <on | off>

However, currently the code does not reject the invalid command such as below
debug vhost-user
debug vhost-user on blah
debug vhost-user off blah

The fix is to enforece the correct syntax and reject the command when invalid
option is entered.

Change-Id: I1a04ae8ddb6dd299aa6d15b043362964e685ddde
Signed-off-by: Steven <sluong@cisco.com>
2017-07-21 16:38:41 -07:00
Andrew Yourtchenko
45fe739915 acl-plugin: assertion failed at hash_lookup.c:226 when modifying ACLs applied as part of many (VPP-910)
change 7385 has added the code which has the first ACE's "prev" entry within the linked list of
shadowed ACEs pointing to the last ACE, in order to avoid the frequent linear list traversal.
That change was not complete and did not update this "prev" entry whenever the last ACE was deleted.
As a result the changes within the applied ACLs which caused the calls to hash_acl_unapply/hash_acl_apply
may result in hitting assert which does the sanity check. The solution is to add the missing update logic.

Change-Id: I9cbe9a7c68b92fa3a22a8efd11b679667d38f186
Signed-off-by: Andrew Yourtchenko <ayourtch@gmail.com>
2017-07-20 12:05:36 +00:00
Neale Ranns
f4f635e7c0 17.07 Release Note
Change-Id: Iffbfffac1c508b000451e9f0e0b688d80785f7f5
Signed-off-by: Neale Ranns <nranns@cisco.com>
2017-07-19 08:58:13 -07:00
Neale Ranns
f302825005 DHCP complete event sends mask length
Change-Id: I4a529dfab5d0ce6b0bbc0ccbbd89c6b109dbf917
Signed-off-by: Neale Ranns <nranns@cisco.com>
2017-07-15 15:52:01 +00:00
Eyal Bari
ed8a105ee3 L2INPUT:fix features mask cailculation
Change-Id: I84cea7530b01302a0adeef95b4924f54dc2e41ec
Signed-off-by: Eyal Bari <ebari@cisco.com>
(cherry picked from commit 8af1b2fdecc883eadfec6b91434adc6044e24cb2)
2017-07-13 12:11:44 +00:00
John Lo
bea5ebf205 Fix crash with worker threads on 4K VXLAN/BD setup (VPP-907)
Cleanup mapping of interface output node for the l2-output node
when interface is configured to L2 or L3 modes. The mapping is
now always done in the main thread as part of API/CLI processing,
instead of initiate mapping in the forwarding path which can be
in the worker threads.

Change-Id: Ia789493e7d9f5c76d68edfaf34db43f3e3f53506
Signed-off-by: John Lo <loj@cisco.com>
2017-07-13 11:42:29 +00:00
Damjan Marion
e0c6670eba memif: avoid double buffer free
Change-Id: I902f54618c4e1f649af11497c1cb10922e43755a
Signed-off-by: Damjan Marion <damarion@cisco.com>
2017-07-12 21:00:53 +00:00
Damjan Marion
18ee167809 memif: mask interrupts on startup if we are in the polling mode
Change-Id: Ief02eb1109a1bc463665d9747e9fa4e0c0e3d7e0
Signed-off-by: Damjan Marion <damarion@cisco.com>
2017-07-12 21:00:42 +00:00
Damjan Marion
50e28107bf vlib: fix issues with PCI handling code
- PCI devices not properly discovered
- vlib_pci_bus_master_enable () not working

Change-Id: I7433ab1b19b890b8900635b43037b9a2017a1921
Signed-off-by: Damjan Marion <damarion@cisco.com>
2017-07-12 21:00:31 +00:00
Damjan Marion
0d3b355290 dpdk: add FiftyGigabitEtherenet interface support
Change-Id: Ied8b26179cdf4add34440a9c396cb821716cfb8e
Signed-off-by: Damjan Marion <damarion@cisco.com>
2017-07-12 21:00:20 +00:00
Damjan Marion
331f66a5b4 vppinfra: revert clib_memcpy optimization
Looks like some compiler versions are producing wrong code when we are
copying 9-16 bytes so reverting back to the original code.

Change-Id: I74b5fa54a3b01f6288648f1cb0926030edd3b26f
Signed-off-by: Damjan Marion <damarion@cisco.com>
2017-07-12 21:20:11 +02:00
Igor Mikhailov (imichail)
02989064e4 VPP-895 multi-thread: fix vpp crash on show runtime
In multi-threaded model (e.g. 1 main and 1 worker threads),
after an ethernet interface is deleted (e.g. vhost-user interface),
'show runtime' command produces garbled output and sometimes
leads to vpp crash.

The reason is because vlib_node_rename() frees and reallocates node's
'n->name' vector, however the change is not propagated into copies
of the node on worker threads.

Change-Id: Ibf22422913b7f2df22f70f3b2fe8dafd34c1dd06
Signed-off-by: Igor Mikhailov (imichail) <imichail@cisco.com>
2017-07-11 15:35:57 +00:00
Ed Warnicke
d6a11c430b Fix vppctl error messages to handle lack off permissions
Change-Id: Ia35edcb14eb8d786065ee4ab394f4f1aa52e1625
Signed-off-by: Ed Warnicke <hagbard@gmail.com>
2017-07-11 08:03:16 +00:00
Steve Shin
cdb8514ac0 lldp packet transmission on a bonded interface
LLDP packets are dropped at interface output node if each slave's link
is configured as the LLDP interface. The admin state is configured and
managed by the bonded interface, so slave link's state is down by default.
The checking for the admin state UP should be ignored for the slave link.

Change-Id: I06ca250f42fcb8cc50e0ea3a3817a2c5b56865df
Signed-off-by: Steve Shin <jonshin@cisco.com>
(cherry picked from commit 042a621b90c9f521b546cbbf724bb908e36f3b25)
2017-07-10 21:45:54 +00:00
Alexander Kotov
e6fa2e3d5a VPP-904: fixes zero length CLI parameters parse
Change-Id: I21fbc9aff2b97a8b3f4cbed202c00b6d84557a6e
Signed-off-by: Alexander Kotov <kot@yandex.ru>
(cherry picked from commit 28160f38488743b8cee0a7bd62b432a9dd8f4bfd)
2017-07-10 17:04:35 +00:00
Chris Luke
24a97d6c27 format: Check for NaN when rendering doubles
- The result of 0.0/0.0 was being rendered as a lot of
  zeroes in the integer portion, as in this example:

  DBGvpp# show physmem
  0: 16 objects, 576k of 582k used, 3k free, 0 reclaimed, 2k overhead,
  16380k capacity
       alloc. from small object cache: 0 hits 0 attempts (0.00%) replacements 0
       alloc. from free-list: 0 attempts, 0 hits (0.00%), 0 considered (per-attempt 0.00)
       alloc. from vector-expand: 16
       allocs: 16 73643.06 clocks/call
       frees: 0 000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000.00 clocks/call

- Add two macros to vppinfra/math.h that use compiler builtins to check
  for NaN and Infinity and then use them in format_float().

Change-Id: Iccc03997e6e33d6b888d1e7e20cd78df0cfd02e8
Signed-off-by: Chris Luke <chrisy@flirble.org>
(cherry picked from commit bb18ee6f1c7c172d30cb0c98153499af571777ee)
2017-07-09 19:43:54 +00:00
Klement Sekera
b2a241ca40 LLDP: properly parse lldp cmds from startup config
Change-Id: I0e6c86bd923fcf7cf16f948b9869a5927e6d3745
Signed-off-by: Klement Sekera <ksekera@cisco.com>
(cherry picked from commit 3d62a7f0b9a4b967ad53f5990729acca932f90b4)
2017-07-08 20:10:23 +00:00
Steve Shin
262ca683be Add API support for LLDP config/interface set
Add API methods to configure LLDP and set interface to enable/disable.
Also add port description TLV for LLDP.

Change-Id: Ib959d488c2ab8a0069f143558871f41fcc43a5d3
Signed-off-by: Steve Shin <jonshin@cisco.com>
(cherry picked from commit 99a0e60eb6f6acd7eabd5a4cb7ded1e0419ccd54)
2017-07-08 12:34:04 +00:00
Jan Gelety
6922bd37be Update CSIT tests 170622 -> 170706
- update of CSIT operational branch to be used for VPP-patch test

Change-Id: I6bd86ea60f323b524f2de1a2236f1af48184a99f
Signed-off-by: Jan Gelety <jgelety@cisco.com>
2017-07-07 10:25:03 +02:00
John Lo
dc30c6d3d6 Send GARP/NA on bonded intf slave up/down if in active-backup mode
If a bonded interface is in active-backup mode and configured with
IPv4 and/or IPv6 addresses, on slave interface link up/down, send
a GARP packet if configured with an IPv4 address and an unsolcited
NA if configured with an IPv6 address. These packets can help with
faster route convergence in the next hop router/switch.

Change-Id: I68ccb11a4a40cda414704fa08ee0171c952befa2
Signed-off-by: John Lo <loj@cisco.com>
(cherry picked from commit 8b81cb43359380e50d3fc216d93ff05894149939)
2017-07-06 18:06:06 +00:00
Ole Troan
0786710856 VPP-902: LISP-CP: Wrong size in one_l2_arp_entries_get message.
Change-Id: I56bf6b46527f9465d78ed7c08b6e216e50c135ec
Signed-off-by: Ole Troan <ot@cisco.com>
2017-07-06 17:01:09 +00:00
Ed Warnicke
6a98580c70 Remove autosudo from pythonic vppctl
Change-Id: Iaea91a95d58678b8b3c56f3fceab76817e0f63ff
Signed-off-by: Ed Warnicke <eaw@cisco.com>
2017-07-06 07:43:17 -07:00
Chris Luke
6c645ed01c Buffer name inconsistently used a cstring/vec (VPP-901)
Spotted in the output of CLI command "show buffers", the name field
sometimes had trailing garbage, the hall sign of a string not being
terminated. In this case it was being inconsistently used as a cstring
or a vec.

- CLI printf needs %v to print the vec srring
- vlib_buffer_create_free_list_helper tried to use
  clib_mem_is_heap_object() to detect a vec object, wheras it should
  use clib_mem_is_vec()

Change-Id: Ib8b242a0c5a18924b8af7e8e1432784eebcf572c
Signed-off-by: Chris Luke <chrisy@flirble.org>
2017-07-05 13:15:03 -04:00
Billy McFall
01d2b4b13a VPP-900: VPP is released under the Apache 2.0 License (ASL 2.0). Update RPM specfile to reflect the proper license.
Change-Id: I9e8d1643ea65afd91a0cd5ad9545248575e32617
Signed-off-by: Billy McFall <bmcfall@redhat.com>
2017-07-05 09:49:59 -04:00
Klement Sekera
c156dda8cb Refactor API message handling code
This is preparation for new C API. Moving common stuff to separate
headers reduces dependency issues.

Change-Id: Ie7adb23398de72448e5eba6c1c1da4e1bc678725
Signed-off-by: Klement Sekera <ksekera@cisco.com>
(cherry picked from commit 58eb866b15a45514dc356170f28640d6c9db8034)
2017-07-04 07:31:48 +00:00
Andrew Yourtchenko
be055bd719 acl-plugin: fix acl plugin test failing sporadically (VPP-898)
The "acl_plugin" tests has one of the tests sporadically fail with the following traceback:

r.reply.decode().rstrip('\x00') UnicodeDecodeError: 'ascii' codec can't decode byte
0xd8 in position 20666: ordinal not in range(128)

This occurs in the newly added "show acl-plugin table" debug CLI.
This CLI has only the numeric outputs, so the conclusion is that it is
the incorrect termination (trailing zero) that might be most probably
causing it. The other acl-plugins show commands also
lack the zero-termination termination, so fix all of them.
The particularity of this command vs. the other acl-plugin debug CLIs
is that the accumulator is freed and allocated multiple times,
this might explain the issue is not seen with them.

Change-Id: I87b5c0d6152fbebcae9c7d0ce97155c1ae6666db
Signed-off-by: Andrew Yourtchenko <ayourtch@gmail.com>
2017-07-04 07:30:26 +00:00
Matus Fabian
860af5ad2b SNAT: fix failing test_session_limit_per_user (VPP-896)
Change-Id: Idf46a03803125babd9bb880363686359fbcca27d
Signed-off-by: Matus Fabian <matfabia@cisco.com>
2017-07-03 17:23:41 +00:00
Andrew Yourtchenko
204cf74aed acl-plugin: VPP-897: applying of large number of ACEs is slow
When applying ACEs, in the new hash-based scheme, for each ACE
the lookup in the hash table is done, and either that ACE is added
to the end of the existing list if there is a match,
or a new list is created if there is no match.

Usually ACEs do not overlap, so this operation is fast, however,
the fragment-permit entries in case of a large number of ACLs
create a huge list which needs to be traversed for every other
ACE being added, slowing down the process dramatically.

The solution is to add an explicit flag to denote the first
element of the chain, and use the "prev" index of that
element to point to the tail element. The "next" field
of the last element is still ~0 and if we touch that
one, we do the linear search to find the first one,
but that is a relatively infrequent operation.

Change-Id: I352a3becd7854cf39aae65f0950afad7d18a70aa
Signed-off-by: Andrew Yourtchenko <ayourtch@gmail.com>
2017-07-03 12:52:04 +02:00
Steven
bafa4d0484 devices: show interface rx-placement displays the wrong information (VPP-894)
show interface rx-placement somtimes displays the wrong interface names.
This happens when there exists subinterfaces in VPP.

The problem is due to the function show_interface_rx_placement_fn is calling
format_vnet_sw_if_index_name with hw_if_index instead of sw_if_index.

VPP has the concept of sw_if_index and hw_if_index. Each serves a different
purpose. When there is no subinterfaces, both hw_if_index and sw_if_index
may happen to have the same value.But don't count on it. When the API calls
for sw_if_index, we must pass the sw_if_index although the hw_if_index has
the same type which the compiler does not catch. Passing hw_if_index for an
API which requires sw_if_index may have an unpredictable result such as
described in the VPP-894 and sometimes it may even crash if the particular
index does not exist.

Change-Id: I76c4834f79b88a1c20684fcba64f14b2da142d77
Signed-off-by: Steven <sluong@cisco.com>
2017-07-01 07:02:08 +00:00
Dave Barach
85e5b8da28 VPP-893: handle multiple simultaneous event registrations
Change-Id: I8cd90820624987dbef848935e2de86fa66a86c17
Signed-off-by: Dave Barach <dave@barachs.net>
2017-06-30 09:12:43 -04:00
Pavel Kotucek
f45bc738aa IP4/IP6 FIB: fix crash during interface delete
after deleting a sub interface with IP4/IP6 address vpp crash

Change-Id: Ie768ca845b9e2394f61e2a8e9722a80a788746e7
Signed-off-by: Pavel Kotucek <pkotucek@cisco.com>
(cherry picked from commit 9f5a2b6310ce5c8e59c32ca6f27d8a187b0e4346)
2017-06-30 11:29:44 +00:00
Neale Ranns
c02bd03ddf VPP debug image with worker threads hit assert on adding IP route with traffic (VPP-892)
When stacking DPOs the VLIB graph is also updated to add the edge between the nodes, if this edge does not yet exist. This addition should be done with the workers stopped.

Change-Id: I327e4d7d26f0b23eb280f17e4619ff2093ff7940
Signed-off-by: Neale Ranns <nranns@cisco.com>
2017-06-29 00:19:13 -07:00
Eyal Bari
25ff2ea3a3 L2-LEARN:fix l2fib entry seq num not updated on hit (VPP-888)
fixed instability in l2bd_multi_instnce test - sometimes failing with extra
packets captured

it appears l2-learn was not updating hit entries but rather a copy of them.

if the ager did not have a chance to run before the test was running the
learning cycle - entries were not updated with the packet's seq num - causing
packets to flood when hitting the stale seq_num in l2-fwd - hence the extra
packets

fixed handling of filter entries

revert workaround for instability in test

Change-Id: I16d918e6310a5bf40bad5b7335b2140c2867cb71
Signed-off-by: Eyal Bari <ebari@cisco.com>
2017-06-27 12:41:56 +00:00
Ole Troan
e2547ab574 VPP-889: MAP Stats API/CLI crashes when no domains.
Change-Id: Ib7824bfc08cb3c8f20258379e1a1f2c159c4f687
Signed-off-by: Ole Troan <ot@cisco.com>
2017-06-26 17:53:10 +00:00
Hongjun Ni
272351a2d4 Add Maintainers for Vxlan-gpe feature
Change-Id: I3f42e9bbd816a6e2192cc65eeb10a4681cf9e29a
Signed-off-by: Hongjun Ni <hongjun.ni@intel.com>
(cherry picked from commit fcfa38d68007418d9460533d248adf34aca88ec1)
2017-06-25 17:40:10 +00:00
Hongjun Ni
4857f00a5f VPP crash on creating vxlan gpe interface. VPP-875
Change-Id: I6b19634ecb03860a7624d9408e09b52e95f47aef
Signed-off-by: Hongjun Ni <hongjun.ni@intel.com>
(cherry picked from commit 04ffd0ad83b2d87edb669a9d76eee85f5c589564)
2017-06-25 08:52:10 +00:00
Neale Ranns
ea89b8cf66 17.07 change default branch in gitreview
Change-Id: I7d0a27c4d103dd11561ac7ae4d59592ba77ab899
Signed-off-by: Neale Ranns <nranns@cisco.com>
2017-06-22 12:04:27 -07:00
113 changed files with 3221 additions and 1265 deletions

View File

@ -2,3 +2,4 @@
host=gerrit.fd.io
port=29418
project=vpp
defaultbranch=stable/1707

View File

@ -112,6 +112,11 @@ VNET VXLAN
M: John Lo <loj@cisco.com>
F: src/vnet/vxlan/
VNET VXLAN-GPE
M: Keith Burns <alagalah@gmail.com>
M: Hongjun Ni <hongjun.ni@intel.com>
F: src/vnet/vxlan-gpe/
Plugin - flowprobe
M: Ole Troan <otroan@employees.org>
F: src/plugins/flowprobe/
@ -123,9 +128,9 @@ F: src/plugins/sixrd/
F: src/plugins/sixrd.am
Plugin - GTPU
M: Hongjun Ni <hongjun.ni@intel.com>
F: src/plugins/gtpu/
F: src/plugins/gtpu.am
M: Hongjun Ni <hongjun.ni@intel.com>
F: src/plugins/gtpu/
F: src/plugins/gtpu.am
Test Infrastructure
M: Klement Sekera <ksekera@cisco.com>

View File

@ -62,7 +62,11 @@ else
RPM_DEPENDS_GROUPS = 'Development Tools'
endif
RPM_DEPENDS += chrpath libffi-devel rpm-build
RPM_DEPENDS += https://kojipkgs.fedoraproject.org//packages/nasm/2.12.02/2.fc26/x86_64/nasm-2.12.02-2.fc26.x86_64.rpm
ifeq ($(OS_ID),fedora)
RPM_DEPENDS += nasm
else
RPM_DEPENDS += https://kojipkgs.fedoraproject.org//packages/nasm/2.12.02/2.fc26/x86_64/nasm-2.12.02-2.fc26.x86_64.rpm
endif
EPEL_DEPENDS = libconfuse-devel ganglia-devel epel-rpm-macros
ifeq ($(filter rhel centos,$(OS_ID)),$(OS_ID))
EPEL_DEPENDS += lcov
@ -72,7 +76,7 @@ endif
RPM_SUSE_DEPENDS = autoconf automake bison ccache chrpath distribution-release gcc6 glibc-devel-static
RPM_SUSE_DEPENDS += java-1_8_0-openjdk-devel libopenssl-devel libtool lsb-release make openssl-devel
RPM_SUSE_DEPENDS += python-devel python-pip python-rpm-macros shadow
RPM_SUSE_DEPENDS += python-devel python-pip python-rpm-macros shadow nasm
ifneq ($(wildcard $(STARTUP_DIR)/startup.conf),)
STARTUP_CONF ?= $(STARTUP_DIR)/startup.conf

View File

@ -1,11 +1,75 @@
# Release Notes {#release_notes}
* @subpage release_notes_1707
* @subpage release_notes_1704
* @subpage release_notes_17011
* @subpage release_notes_1701
* @subpage release_notes_1609
* @subpage release_notes_1606
@page release_notes_1707 Release notes for VPP 17.07
More than 400 commits since the 1704 release.
## Features
- Infrastructure
- make test; improved debuggability.
- TAB auto-completion on the CLI
- DPDK 17.05
- python 3 support in test infra
- Host stack
- Improved Linux TCP stack compatibility using IWL test suite (https://jira.fd.io/browse/VPP-720)
- Improved loss recovery (RFC5681, RFC6582, RF6675)
- Basic implementation of Eifel detection algorithm (RFC3522)
- Basic support for buffer chains
- Refactored session layer API
- Overall performance, scale and hardening
- Interfaces
- memif: IP mode, jumbo frames, multi queue
- virtio-user support
- vhost-usr; adaptive (poll/interupt) support.
- Network features
- MPLS Multicast FIB
- BFD FIB integration
- NAT64 support
- GRE over IPv6
- Segement routing MPLS
- IOAM configuration for SRv6 localsid
- LISP
- NSH support
- native forward static routes
- L2 ARP
- ACL multi-core suuport
- Flowprobe:
- Add flowstartns, flowendns and tcpcontrolbits
- Stateful flows and IPv6, L4 recording
- GTP-U support
- VXLAN GPE support for FIB2.0 and bypass.
## Known issues
For the full list of issues please reffer to fd.io [JIRA](https://jira.fd.io).
## Issues fixed
For the full list of fixed issues please reffer to:
- fd.io [JIRA](https://jira.fd.io)
- git [commit log](https://git.fd.io/vpp/log/?h=stable/1707)
@page release_notes_1704 Release notes for VPP 17.04
More than 500 commits since the 1701 release.

View File

@ -10,11 +10,6 @@ DPDK_MAKE_ARGS = -C $(call find_source_fn,$(PACKAGE_SOURCE)) \
DPDK_INSTALL_DIR=$(PACKAGE_INSTALL_DIR) \
DPDK_DEBUG=$(DPDK_DEBUG)
DPDK_CRYPTO_SW_PMD=$(strip $($(PLATFORM)_uses_dpdk_cryptodev_sw))
ifneq ($(DPDK_CRYPTO_SW_PMD),)
DPDK_MAKE_ARGS += DPDK_CRYPTO_SW_PMD=y
endif
DPDK_MLX5_PMD=$(strip $($(PLATFORM)_uses_dpdk_mlx5_pmd))
ifneq ($(DPDK_MLX5_PMD),)
DPDK_MAKE_ARGS += DPDK_MLX5_PMD=y

View File

@ -23,12 +23,11 @@ vpp_CPPFLAGS += $(call installed_includes_fn, dpdk)/dpdk
vpp_LDFLAGS += $(call installed_libs_fn, dpdk)
vpp_CPPFLAGS += -I/usr/include/dpdk
endif
ifeq ($($(PLATFORM)_uses_dpdk_cryptodev_sw),yes)
vpp_configure_args += --with-dpdk-crypto-sw
endif
ifeq ($($(PLATFORM)_uses_dpdk_mlx5_pmd),yes)
vpp_configure_args += --with-dpdk-mlx5-pmd
endif
else
vpp_configure_args += --disable-dpdk-plugin
endif
ifeq ($($(PLATFORM)_enable_tests),yes)

View File

@ -39,7 +39,6 @@ vpp_uses_dpdk = yes
vpp_root_packages = vpp gmod
# DPDK configuration parameters
# vpp_uses_dpdk_cryptodev_sw = yes
# vpp_uses_dpdk_mlx5_pmd = yes
# vpp_uses_external_dpdk = yes
# vpp_dpdk_inc_dir = /usr/include/dpdk

View File

@ -1,2 +1,2 @@
#!/bin/sh
echo oper-170622
echo rls1707

View File

@ -19,30 +19,37 @@ DPDK_INSTALL_DIR ?= $(CURDIR)/_install
DPDK_PKTMBUF_HEADROOM ?= 128
DPDK_DOWNLOAD_DIR ?= $(HOME)/Downloads
DPDK_DEBUG ?= n
DPDK_CRYPTO_SW_PMD ?= n
DPDK_MLX4_PMD ?= n
DPDK_MLX5_PMD ?= n
B := $(DPDK_BUILD_DIR)
I := $(DPDK_INSTALL_DIR)
DPDK_VERSION ?= 17.05
PKG_SUFFIX ?= vpp5
PKG_SUFFIX ?= vpp6
DPDK_BASE_URL ?= http://fast.dpdk.org/rel
DPDK_TARBALL := dpdk-$(DPDK_VERSION).tar.xz
DPDK_TAR_URL := $(DPDK_BASE_URL)/$(DPDK_TARBALL)
DPDK_17.02_TARBALL_MD5_CKSUM := 6b9f7387c35641f4e8dbba3e528f2376
DPDK_17.05_TARBALL_MD5_CKSUM := 0a68c31cd6a6cabeed0a4331073e4c05
DPDK_SOURCE := $(B)/dpdk-$(DPDK_VERSION)
MACHINE=$(shell uname -m)
ifeq ($(DPDK_CRYPTO_SW_PMD),y)
AESNIMB_LIB_TARBALL := v0.44-gcm.2.tar.gz
AESNIMB_LIB_TARBALL_URL := http://github.com/01org/intel-ipsec-mb/archive/$(AESNIMB_LIB_TARBALL)
AESNIMB_LIB_SOURCE := $(B)/intel-ipsec-mb-0.44-gcm.2
ISA_L_CRYPTO_LIB_TARBALL := isa_l_crypto.tar.gz
ISA_L_CRYPTO_LIB_TARBALL_URL := http://github.com/01org/isa-l_crypto/archive/master.tar.gz
ISA_L_CRYPTO_LIB_SOURCE := $(B)/isa-l_crypto-master
ifeq ($(MACHINE),$(filter $(MACHINE),x86_64))
AESNI := y
else
AESNI := n
endif
IPSEC_MB_VER := 0.45
AESNIMB_LIB_TARBALL := v$(IPSEC_MB_VER).tar.gz
AESNIMB_LIB_TARBALL_URL := http://github.com/01org/intel-ipsec-mb/archive/$(AESNIMB_LIB_TARBALL)
AESNIMB_LIB_SOURCE := $(B)/intel-ipsec-mb-$(IPSEC_MB_VER)
ISA_L_CRYPTO_VER := 2.18.0
ISA_L_CRYPTO_LIB_TARBALL := v$(ISA_L_CRYPTO_VER).tar.gz
ISA_L_CRYPTO_LIB_TARBALL_URL := http://github.com/01org/isa-l_crypto/archive/$(ISA_L_CRYPTO_LIB_TARBALL)
ISA_L_CRYPTO_LIB_SOURCE := $(B)/isa-l_crypto-$(ISA_L_CRYPTO_VER)
ISA_L_CRYPTO_INSTALL_DIR := $(ISA_L_CRYPTO_LIB_SOURCE)/install
ifneq (,$(findstring clang,$(CC)))
DPDK_CC=clang
else ifneq (,$(findstring icc,$(CC)))
@ -51,8 +58,6 @@ else
DPDK_CC=gcc
endif
MACHINE=$(shell uname -m)
##############################################################################
# Intel x86
##############################################################################
@ -60,7 +65,6 @@ ifeq ($(MACHINE),$(filter $(MACHINE),x86_64 i686))
DPDK_TARGET ?= $(MACHINE)-native-linuxapp-$(DPDK_CC)
DPDK_MACHINE ?= nhm
DPDK_TUNE ?= core-avx2
##############################################################################
# Cavium ThunderX
##############################################################################
@ -89,11 +93,9 @@ else
DPDK_EXTRA_CFLAGS := -g -O0
endif
ifeq ($(DPDK_CRYPTO_SW_PMD),y)
DPDK_EXTRA_CFLAGS += -I$(I)/include
DPDK_EXTRA_CFLAGS += -I$(ISA_L_CRYPTO_INSTALL_DIR)/include -Wl,-z,muldefs
DPDK_EXTRA_LDFLAGS += -L$(I)/lib
DPDK_MAKE_EXTRA_ARGS += AESNI_MULTI_BUFFER_LIB_PATH=$(AESNIMB_LIB_SOURCE)
endif
# assemble DPDK make arguments
DPDK_MAKE_ARGS := -C $(DPDK_SOURCE) -j $(JOBS) \
@ -105,8 +107,6 @@ DPDK_MAKE_ARGS := -C $(DPDK_SOURCE) -j $(JOBS) \
DESTDIR=$(I) \
$(DPDK_MAKE_EXTRA_ARGS)
DPDK_SOURCE_FILES := $(shell [ -e $(DPDK_SOURCE) ] && find $(DPDK_SOURCE) -name "*.[chS]")
define set
@if grep -q CONFIG_$1 $@ ; \
then sed -i -e 's/.*\(CONFIG_$1=\).*/\1$2/' $@ ; \
@ -137,8 +137,8 @@ $(B)/custom-config: $(B)/.patch.ok Makefile
$(call set,RTE_LIBRTE_PMD_BOND,y)
$(call set,RTE_LIBRTE_IP_FRAG,y)
$(call set,RTE_LIBRTE_PMD_QAT,y)
$(call set,RTE_LIBRTE_PMD_AESNI_MB,$(DPDK_CRYPTO_SW_PMD))
$(call set,RTE_LIBRTE_PMD_AESNI_GCM,$(DPDK_CRYPTO_SW_PMD))
$(call set,RTE_LIBRTE_PMD_AESNI_MB,$(AESNI))
$(call set,RTE_LIBRTE_PMD_AESNI_GCM,$(AESNI))
$(call set,RTE_LIBRTE_MLX4_PMD,$(DPDK_MLX4_PMD))
$(call set,RTE_LIBRTE_MLX5_PMD,$(DPDK_MLX5_PMD))
@# not needed
@ -175,7 +175,7 @@ $(CURDIR)/$(ISA_L_CRYPTO_LIB_TARBALL):
fi
DPDK_DOWNLOADS = $(CURDIR)/$(DPDK_TARBALL)
ifeq ($(DPDK_CRYPTO_SW_PMD),y)
ifeq ($(AESNI),y)
DPDK_DOWNLOADS += $(CURDIR)/$(AESNIMB_LIB_TARBALL)
DPDK_DOWNLOADS += $(CURDIR)/$(ISA_L_CRYPTO_LIB_TARBALL)
endif
@ -194,13 +194,13 @@ download: $(B)/.download.ok
$(B)/.extract.ok: $(B)/.download.ok
@echo --- extracting $(DPDK_TARBALL) ---
@tar --directory $(B) --extract --file $(CURDIR)/$(DPDK_TARBALL)
ifeq ($(DPDK_CRYPTO_SW_PMD),y)
ifeq ($(AESNI),y)
@echo --- extracting $(AESNIMB_LIB_TARBALL) ---
@tar --directory $(B) --extract --file $(CURDIR)/$(AESNIMB_LIB_TARBALL)
@echo --- extracting $(ISA_L_CRYPTO_LIB_TARBALL) ---
@tar --directory $(B) --extract --file $(CURDIR)/$(ISA_L_CRYPTO_LIB_TARBALL)
endif
@touch $@
endif
.PHONY: extract
extract: $(B)/.extract.ok
@ -225,18 +225,34 @@ $(B)/.config.ok: $(B)/.patch.ok $(B)/custom-config
.PHONY: config
config: $(B)/.config.ok
$(B)/.build.ok: $(DPDK_SOURCE_FILES)
@if [ ! -e $(B)/.config.ok ] ; then echo 'Please run "make config" first' && false ; fi
ifeq ($(DPDK_CRYPTO_SW_PMD),y)
# Build IPsec_MB library
# Order matters
ifeq ($(AESNI),y)
BUILD_TARGETS += build-ipsec-mb build-isal-crypto build-dpdk
else
BUILD_TARGETS += build-dpdk
endif
.PHONY: build-ipsec-mb
build-ipsec-mb:
mkdir -p $(I)/lib/
make -C $(AESNIMB_LIB_SOURCE) -j NO_GCM=y
cp $(AESNIMB_LIB_SOURCE)/libIPSec_MB.a $(I)/lib/
# Build ISA-L Crypto library
cd $(ISA_L_CRYPTO_LIB_SOURCE) && ./autogen.sh && ./configure --prefix=$(I)
.PHONY: build-isal-crypto
build-isal-crypto:
mkdir -p $(I)/lib/
cd $(ISA_L_CRYPTO_LIB_SOURCE) && ./autogen.sh && \
./configure --prefix=$(ISA_L_CRYPTO_INSTALL_DIR) \
--libdir=$(ISA_L_CRYPTO_INSTALL_DIR)/lib CFLAGS='-fPIC -DPIC -O2'
make -C $(ISA_L_CRYPTO_LIB_SOURCE) -j install
endif
cp $(ISA_L_CRYPTO_INSTALL_DIR)/lib/libisal_crypto.a $(I)/lib/
.PHONY: build-dpdk
build-dpdk:
@if [ ! -e $(B)/.config.ok ] ; then echo 'Please run "make config" first' && false ; fi
@make $(DPDK_MAKE_ARGS) install
$(B)/.build.ok: $(BUILD_TARGETS)
@touch $@
.PHONY: build
@ -317,7 +333,7 @@ build-rpm: $(DEV_RPM)
install-rpm:
ifneq ($(INSTALLED_RPM_VER),$(DPDK_VERSION)-$(PKG_SUFFIX))
@make $(DEV_RPM)
@$(MAKE) $(DEV_RPM)
sudo rpm -Uih $(DEV_RPM)
else
@echo "=========================================================="

View File

@ -24,7 +24,7 @@
Name: vpp
Summary: Vector Packet Processing
License: MIT
License: ASL 2.0
Version: %{_version}
Release: %{_release}
Requires: vpp-lib = %{_version}-%{_release}, net-tools, pciutils, python

View File

@ -80,6 +80,23 @@ AC_DEFUN([PLUGIN_DISABLED],
AC_DEFUN([PRINT_VAL], [ AC_MSG_RESULT(AC_HELP_STRING($1,$2)) ])
AC_DEFUN([DPDK_IS_PMD_ENABLED],
[
AC_MSG_CHECKING([for $1 in rte_config.h])
AC_COMPILE_IFELSE(
[AC_LANG_PROGRAM(
[[#include <rte_config.h>]],
[[return RTE_$1;]],
)],
[with_$2=yes]
[AC_MSG_RESULT([yes])],
[with_$2=no]
[AC_MSG_RESULT([no])]
)
AM_CONDITIONAL(m4_toupper(WITH_$2), test "$with_$2" = "yes")
m4_append_uniq([list_of_with], [$2], [, ])
])
###############################################################################
# configure arguments
###############################################################################
@ -97,8 +114,6 @@ DISABLE_ARG(papi, [Disable Python API bindings])
DISABLE_ARG(japi, [Disable Java API bindings])
# --with-X
WITH_ARG(dpdk_crypto_sw,[Use DPDK cryptodev SW PMDs])
WITH_ARG(dpdk_mlx5_pmd, [Use DPDK with mlx5 PMD])
# --without-X
WITHOUT_ARG(libssl, [Disable libssl])
@ -130,7 +145,6 @@ AC_SUBST(PRE_DATA_SIZE, [$with_pre_data])
AC_SUBST(APICLI, [-DVPP_API_TEST_BUILTIN=${n_with_apicli}])
AC_DEFINE_UNQUOTED(DPDK_SHARED_LIB, [${n_enable_dpdk_shared}])
AC_DEFINE_UNQUOTED(DPDK_CRYPTO_SW, [${n_with_dpdk_crypto_sw}])
AC_DEFINE_UNQUOTED(WITH_LIBSSL, [${n_with_libssl}])
@ -170,6 +184,34 @@ AM_COND_IF([ENABLE_DPDK_SHARED],
[AC_MSG_ERROR([DPDK shared library not found])],)
])
DPDK_IS_PMD_ENABLED(LIBRTE_PMD_AESNI_MB, dpdk_aesni_mb_pmd)
AM_COND_IF([WITH_DPDK_AESNI_MB_PMD],
[
AC_CHECK_LIB([IPSec_MB], [submit_job_sse], [],
[AC_MSG_ERROR([IPSec_MB library not found])])
])
DPDK_IS_PMD_ENABLED(LIBRTE_PMD_AESNI_GCM, dpdk_aesni_gcm_pmd)
AM_COND_IF([WITH_DPDK_AESNI_GCM_PMD],
[
AC_CHECK_LIB([isal_crypto], [aesni_gcm128_init], [],
[AC_MSG_ERROR([isal_crypto library not found])])
])
DPDK_IS_PMD_ENABLED(LIBRTE_MLX5_PMD, dpdk_mlx5_pmd)
AM_COND_IF([WITH_DPDK_MLX5_PMD],
[
AC_CHECK_LIB([ibverbs], [ibv_fork_init], [],
[AC_MSG_ERROR([ibverbs library not found])])
])
DPDK_IS_PMD_ENABLED(LIBRTE_MLX4_PMD, dpdk_mlx4_pmd)
AM_COND_IF([WITH_DPDK_MLX4_PMD],
[
AC_CHECK_LIB([ibverbs], [ibv_fork_init], [],
[AC_MSG_ERROR([ibverbs library not found])])
])
AM_COND_IF([ENABLE_G2],
[
PKG_CHECK_MODULES(g2, gtk+-2.0)

File diff suppressed because it is too large Load Diff

View File

@ -122,12 +122,18 @@ typedef struct
} ace_mask_type_entry_t;
typedef struct {
/* mheap to hold all the ACL module related allocations, other than hash */
void *acl_mheap;
/* API message ID base */
u16 msg_id_base;
acl_list_t *acls; /* Pool of ACLs */
hash_acl_info_t *hash_acl_infos; /* corresponding hash matching housekeeping info */
clib_bihash_48_8_t acl_lookup_hash; /* ACL lookup hash table. */
/* mheap to hold all the miscellaneous allocations related to hash-based lookups */
void *hash_lookup_mheap;
int acl_lookup_hash_initialized;
applied_hash_ace_entry_t **input_hash_entry_vec_by_sw_if_index;
applied_hash_ace_entry_t **output_hash_entry_vec_by_sw_if_index;
@ -144,6 +150,9 @@ typedef struct {
u32 **input_sw_if_index_vec_by_acl;
u32 **output_sw_if_index_vec_by_acl;
/* Total count of interface+direction pairs enabled */
u32 fa_total_enabled_count;
/* Do we use hash-based ACL matching or linear */
int use_hash_acl_matching;
@ -172,9 +181,6 @@ typedef struct {
u32 fa_cleaner_node_index;
/* FA session timeouts, in seconds */
u32 session_timeout_sec[ACL_N_TIMEOUTS];
/* session add/delete counters */
u64 *fa_session_adds_by_sw_if_index;
u64 *fa_session_dels_by_sw_if_index;
/* total session adds/dels */
u64 fa_session_total_adds;
u64 fa_session_total_dels;
@ -224,6 +230,8 @@ typedef struct {
u64 fa_current_cleaner_timer_wait_interval;
int fa_interrupt_generation;
/* per-worker data related t conn management */
acl_fa_per_worker_data_t *per_worker_data;

View File

@ -599,29 +599,38 @@ fa_session_get_timeout (acl_main_t * am, fa_session_t * sess)
}
static void
acl_fa_ifc_init_sessions (acl_main_t * am, int sw_if_index0)
acl_fa_verify_init_sessions (acl_main_t * am)
{
/// FIXME-MULTICORE: lock around this function
#ifdef FA_NODE_VERBOSE_DEBUG
clib_warning
("Initializing bihash for sw_if_index %d num buckets %lu memory size %llu",
sw_if_index0, am->fa_conn_table_hash_num_buckets,
am->fa_conn_table_hash_memory_size);
#endif
BV (clib_bihash_init) (&am->fa_sessions_hash,
if (!am->fa_sessions_hash_is_initialized) {
u16 wk;
/* Allocate the per-worker sessions pools */
for (wk = 0; wk < vec_len (am->per_worker_data); wk++) {
acl_fa_per_worker_data_t *pw = &am->per_worker_data[wk];
pool_alloc_aligned(pw->fa_sessions_pool, am->fa_conn_table_max_entries, CLIB_CACHE_LINE_BYTES);
}
/* ... and the interface session hash table */
BV (clib_bihash_init) (&am->fa_sessions_hash,
"ACL plugin FA session bihash",
am->fa_conn_table_hash_num_buckets,
am->fa_conn_table_hash_memory_size);
am->fa_sessions_hash_is_initialized = 1;
am->fa_sessions_hash_is_initialized = 1;
}
}
static inline fa_session_t *get_session_ptr(acl_main_t *am, u16 thread_index, u32 session_index)
{
acl_fa_per_worker_data_t *pw = &am->per_worker_data[thread_index];
fa_session_t *sess = pw->fa_sessions_pool + session_index;
fa_session_t *sess = pool_is_free_index (pw->fa_sessions_pool, session_index) ? 0 : pool_elt_at_index(pw->fa_sessions_pool, session_index);
return sess;
}
static inline int is_valid_session_ptr(acl_main_t *am, u16 thread_index, fa_session_t *sess)
{
acl_fa_per_worker_data_t *pw = &am->per_worker_data[thread_index];
return ((sess != 0) && ((sess - pw->fa_sessions_pool) < pool_len(pw->fa_sessions_pool)));
}
static void
acl_fa_conn_list_add_session (acl_main_t * am, fa_full_session_id_t sess_id, u64 now)
{
@ -648,9 +657,6 @@ acl_fa_conn_list_add_session (acl_main_t * am, fa_full_session_id_t sess_id, u64
if (~0 == pw->fa_conn_list_head[list_id]) {
pw->fa_conn_list_head[list_id] = sess_id.session_index;
/* If it is a first conn in any list, kick the cleaner */
vlib_process_signal_event (am->vlib_main, am->fa_cleaner_node_index,
ACL_FA_CLEANER_RESCHEDULE, 0);
}
}
@ -725,6 +731,7 @@ acl_fa_track_session (acl_main_t * am, int is_input, u32 sw_if_index, u64 now,
static void
acl_fa_delete_session (acl_main_t * am, u32 sw_if_index, fa_full_session_id_t sess_id)
{
void *oldheap = clib_mem_set_heap(am->acl_mheap);
fa_session_t *sess = get_session_ptr(am, sess_id.thread_index, sess_id.session_index);
ASSERT(sess->thread_index == os_get_thread_index ());
BV (clib_bihash_add_del) (&am->fa_sessions_hash,
@ -733,8 +740,9 @@ acl_fa_delete_session (acl_main_t * am, u32 sw_if_index, fa_full_session_id_t se
pool_put_index (pw->fa_sessions_pool, sess_id.session_index);
/* Deleting from timer structures not needed,
as the caller must have dealt with the timers. */
vec_validate (am->fa_session_dels_by_sw_if_index, sw_if_index);
am->fa_session_dels_by_sw_if_index[sw_if_index]++;
vec_validate (pw->fa_session_dels_by_sw_if_index, sw_if_index);
clib_mem_set_heap (oldheap);
pw->fa_session_dels_by_sw_if_index[sw_if_index]++;
clib_smp_atomic_add(&am->fa_session_total_dels, 1);
}
@ -749,10 +757,14 @@ acl_fa_can_add_session (acl_main_t * am, int is_input, u32 sw_if_index)
static u64
acl_fa_get_list_head_expiry_time(acl_main_t *am, acl_fa_per_worker_data_t *pw, u64 now, u16 thread_index, int timeout_type)
{
if (~0 == pw->fa_conn_list_head[timeout_type]) {
fa_session_t *sess = get_session_ptr(am, thread_index, pw->fa_conn_list_head[timeout_type]);
/*
* We can not check just the index here because inbetween the worker thread might
* dequeue the connection from the head just as we are about to check it.
*/
if (!is_valid_session_ptr(am, thread_index, sess)) {
return ~0LL; // infinity.
} else {
fa_session_t *sess = get_session_ptr(am, thread_index, pw->fa_conn_list_head[timeout_type]);
u64 timeout_time =
sess->link_enqueue_time + fa_session_get_list_timeout (am, sess);
return timeout_time;
@ -859,7 +871,7 @@ acl_fa_try_recycle_session (acl_main_t * am, int is_input, u16 thread_index, u32
}
}
static void
static fa_session_t *
acl_fa_add_session (acl_main_t * am, int is_input, u32 sw_if_index, u64 now,
fa_5tuple_t * p5tuple)
{
@ -867,6 +879,7 @@ acl_fa_add_session (acl_main_t * am, int is_input, u32 sw_if_index, u64 now,
clib_bihash_kv_40_8_t kv;
fa_full_session_id_t f_sess_id;
uword thread_index = os_get_thread_index();
void *oldheap = clib_mem_set_heap(am->acl_mheap);
acl_fa_per_worker_data_t *pw = &am->per_worker_data[thread_index];
f_sess_id.thread_index = thread_index;
@ -893,18 +906,16 @@ acl_fa_add_session (acl_main_t * am, int is_input, u32 sw_if_index, u64 now,
if (!acl_fa_ifc_has_sessions (am, sw_if_index))
{
acl_fa_ifc_init_sessions (am, sw_if_index);
}
ASSERT(am->fa_sessions_hash_is_initialized == 1);
BV (clib_bihash_add_del) (&am->fa_sessions_hash,
&kv, 1);
acl_fa_conn_list_add_session(am, f_sess_id, now);
vec_validate (am->fa_session_adds_by_sw_if_index, sw_if_index);
am->fa_session_adds_by_sw_if_index[sw_if_index]++;
vec_validate (pw->fa_session_adds_by_sw_if_index, sw_if_index);
clib_mem_set_heap (oldheap);
pw->fa_session_adds_by_sw_if_index[sw_if_index]++;
clib_smp_atomic_add(&am->fa_session_total_adds, 1);
return sess;
}
static int
@ -1072,8 +1083,10 @@ acl_fa_node_fn (vlib_main_t * vm,
if (acl_fa_can_add_session (am, is_input, sw_if_index0))
{
acl_fa_add_session (am, is_input, sw_if_index0, now,
&kv_sess);
fa_session_t *sess = acl_fa_add_session (am, is_input, sw_if_index0, now,
&kv_sess);
acl_fa_track_session (am, is_input, sw_if_index0, now,
sess, &fa_5tuple);
pkts_new_session += 1;
}
else
@ -1342,8 +1355,10 @@ acl_fa_worker_conn_cleaner_process(vlib_main_t * vm,
if (num_expired >= am->fa_max_deleted_sessions_per_interval) {
/* there was too much work, we should get an interrupt ASAP */
pw->interrupt_is_needed = 1;
pw->interrupt_is_unwanted = 0;
} else if (num_expired <= am->fa_min_deleted_sessions_per_interval) {
/* signal that they should trigger us less */
pw->interrupt_is_needed = 0;
pw->interrupt_is_unwanted = 1;
} else {
/* the current rate of interrupts is ok */
@ -1351,6 +1366,7 @@ acl_fa_worker_conn_cleaner_process(vlib_main_t * vm,
pw->interrupt_is_unwanted = 0;
}
}
pw->interrupt_generation = am->fa_interrupt_generation;
return 0;
}
@ -1359,11 +1375,11 @@ send_one_worker_interrupt (vlib_main_t * vm, acl_main_t *am, int thread_index)
{
acl_fa_per_worker_data_t *pw = &am->per_worker_data[thread_index];
if (!pw->interrupt_is_pending) {
pw->interrupt_is_pending = 1;
vlib_node_set_interrupt_pending (vlib_mains[thread_index],
acl_fa_worker_session_cleaner_process_node.index);
pw->interrupt_is_pending = 1;
/* if the interrupt was requested, mark that done. */
pw->interrupt_is_needed = 0;
/* pw->interrupt_is_needed = 0; */
}
}
@ -1394,7 +1410,7 @@ acl_fa_session_cleaner_process (vlib_main_t * vm, vlib_node_runtime_t * rt,
am->fa_current_cleaner_timer_wait_interval = max_timer_wait_interval;
am->fa_cleaner_node_index = acl_fa_session_cleaner_process_node.index;
am->fa_interrupt_generation = 1;
while (1)
{
now = clib_cpu_time_now ();
@ -1430,8 +1446,8 @@ acl_fa_session_cleaner_process (vlib_main_t * vm, vlib_node_runtime_t * rt,
}
}
/* If no pending connections then no point in timing out */
if (!has_pending_conns)
/* If no pending connections and no ACL applied then no point in timing out */
if (!has_pending_conns && (0 == am->fa_total_enabled_count))
{
am->fa_cleaner_cnt_wait_without_timeout++;
(void) vlib_process_wait_for_event (vm);
@ -1563,6 +1579,23 @@ acl_fa_session_cleaner_process (vlib_main_t * vm, vlib_node_runtime_t * rt,
if (event_data)
_vec_len (event_data) = 0;
/*
* If the interrupts were not processed yet, ensure we wait a bit,
* but up to a point.
*/
int need_more_wait = 0;
int max_wait_cycles = 100;
do {
need_more_wait = 0;
vec_foreach(pw0, am->per_worker_data) {
if (pw0->interrupt_generation != am->fa_interrupt_generation) {
need_more_wait = 1;
}
}
if (need_more_wait) {
vlib_process_suspend(vm, 0.0001);
}
} while (need_more_wait && (--max_wait_cycles > 0));
int interrupts_needed = 0;
int interrupts_unwanted = 0;
@ -1580,12 +1613,15 @@ acl_fa_session_cleaner_process (vlib_main_t * vm, vlib_node_runtime_t * rt,
if (interrupts_needed) {
/* they need more interrupts, do less waiting around next time */
am->fa_current_cleaner_timer_wait_interval /= 2;
/* never go into zero-wait either though - we need to give the space to others */
am->fa_current_cleaner_timer_wait_interval += 1;
} else if (interrupts_unwanted) {
/* slowly increase the amount of sleep up to a limit */
if (am->fa_current_cleaner_timer_wait_interval < max_timer_wait_interval)
am->fa_current_cleaner_timer_wait_interval += cpu_cps * am->fa_cleaner_wait_time_increment;
}
am->fa_cleaner_cnt_event_cycles++;
am->fa_interrupt_generation++;
}
/* NOT REACHED */
return 0;
@ -1596,13 +1632,26 @@ void
acl_fa_enable_disable (u32 sw_if_index, int is_input, int enable_disable)
{
acl_main_t *am = &acl_main;
if (enable_disable) {
acl_fa_verify_init_sessions(am);
am->fa_total_enabled_count++;
void *oldheap = clib_mem_set_heap (am->vlib_main->heap_base);
vlib_process_signal_event (am->vlib_main, am->fa_cleaner_node_index,
ACL_FA_CLEANER_RESCHEDULE, 0);
clib_mem_set_heap (oldheap);
} else {
am->fa_total_enabled_count--;
}
if (is_input)
{
ASSERT(clib_bitmap_get(am->fa_in_acl_on_sw_if_index, sw_if_index) != enable_disable);
void *oldheap = clib_mem_set_heap (am->vlib_main->heap_base);
vnet_feature_enable_disable ("ip4-unicast", "acl-plugin-in-ip4-fa",
sw_if_index, enable_disable, 0, 0);
vnet_feature_enable_disable ("ip6-unicast", "acl-plugin-in-ip6-fa",
sw_if_index, enable_disable, 0, 0);
clib_mem_set_heap (oldheap);
am->fa_in_acl_on_sw_if_index =
clib_bitmap_set (am->fa_in_acl_on_sw_if_index, sw_if_index,
enable_disable);
@ -1610,10 +1659,12 @@ acl_fa_enable_disable (u32 sw_if_index, int is_input, int enable_disable)
else
{
ASSERT(clib_bitmap_get(am->fa_out_acl_on_sw_if_index, sw_if_index) != enable_disable);
void *oldheap = clib_mem_set_heap (am->vlib_main->heap_base);
vnet_feature_enable_disable ("ip4-output", "acl-plugin-out-ip4-fa",
sw_if_index, enable_disable, 0, 0);
vnet_feature_enable_disable ("ip6-output", "acl-plugin-out-ip6-fa",
sw_if_index, enable_disable, 0, 0);
clib_mem_set_heap (oldheap);
am->fa_out_acl_on_sw_if_index =
clib_bitmap_set (am->fa_out_acl_on_sw_if_index, sw_if_index,
enable_disable);
@ -1624,9 +1675,11 @@ acl_fa_enable_disable (u32 sw_if_index, int is_input, int enable_disable)
#ifdef FA_NODE_VERBOSE_DEBUG
clib_warning("ENABLE-DISABLE: clean the connections on interface %d", sw_if_index);
#endif
void *oldheap = clib_mem_set_heap (am->vlib_main->heap_base);
vlib_process_signal_event (am->vlib_main, am->fa_cleaner_node_index,
ACL_FA_CLEANER_DELETE_BY_SW_IF_INDEX,
sw_if_index);
clib_mem_set_heap (oldheap);
}
}

View File

@ -109,6 +109,9 @@ typedef struct {
/* per-worker ACL_N_TIMEOUTS of conn lists */
u32 *fa_conn_list_head;
u32 *fa_conn_list_tail;
/* adds and deletes per-worker-per-interface */
u64 *fa_session_dels_by_sw_if_index;
u64 *fa_session_adds_by_sw_if_index;
/* Vector of expired connections retrieved from lists */
u32 *expired;
/* the earliest next expiry time */
@ -144,6 +147,10 @@ typedef struct {
* because there is not enough work for the current rate.
*/
int interrupt_is_unwanted;
/*
* Set to copy of a "generation" counter in main thread so we can sync the interrupts.
*/
int interrupt_generation;
} acl_fa_per_worker_data_t;

File diff suppressed because it is too large Load Diff

View File

@ -57,4 +57,8 @@ hash_multi_acl_match_5tuple (u32 sw_if_index, fa_5tuple_t * pkt_5tuple, int is_l
*/
void show_hash_acl_hash(vlib_main_t * vm, acl_main_t *am, u32 verbose);
/* Debug functions to turn validate/trace on and off */
void acl_plugin_hash_acl_set_validate_heap(acl_main_t *am, int on);
void acl_plugin_hash_acl_set_trace_heap(acl_main_t *am, int on);
#endif

View File

@ -18,9 +18,15 @@
#define ACL_HASH_LOOKUP_DEBUG 0
#if ACL_HASH_LOOKUP_DEBUG == 1
#define DBG0(...) clib_warning(__VA_ARGS__)
#define DBG(...)
#define DBG_UNIX_LOG(...)
#elif ACL_HASH_LOOKUP_DEBUG == 2
#define DBG0(...) clib_warning(__VA_ARGS__)
#define DBG(...) clib_warning(__VA_ARGS__)
#define DBG_UNIX_LOG(...) clib_unix_warning(__VA_ARGS__)
#else
#define DBG0(...)
#define DBG(...)
#define DBG_UNIX_LOG(...)
#endif

View File

@ -38,6 +38,9 @@ typedef struct {
typedef struct {
/* The mask types present in this ACL */
uword *mask_type_index_bitmap;
/* hash ACL applied on these interfaces */
u32 *inbound_sw_if_index_list;
u32 *outbound_sw_if_index_list;
hash_ace_info_t *rules;
} hash_acl_info_t;
@ -57,6 +60,10 @@ typedef struct {
* if ~0 then this is entry in the hash.
*/
u32 prev_applied_entry_index;
/*
* chain tail, if this is the first entry
*/
u32 tail_applied_entry_index;
/*
* Action of this applied ACE
*/
@ -69,6 +76,8 @@ typedef struct {
* hash_ace_info_t=>mask_type_index bits set
*/
uword *mask_type_index_bitmap;
/* applied ACLs so we can track them independently from main ACL module */
u32 *applied_acls;
} applied_hash_acl_info_t;

View File

@ -19,14 +19,19 @@ dpdk_plugin_la_LDFLAGS = $(AM_LDFLAGS) -ldpdk
else
dpdk_plugin_la_LDFLAGS = $(AM_LDFLAGS) -Wl,--whole-archive,-l:libdpdk.a,--no-whole-archive
endif
if WITH_DPDK_CRYPTO_SW
if WITH_DPDK_AESNI_MB_PMD
dpdk_plugin_la_LDFLAGS += -Wl,--exclude-libs,libIPSec_MB.a,-l:libIPSec_MB.a
endif
if WITH_DPDK_AESNI_GCM_PMD
dpdk_plugin_la_LDFLAGS += -Wl,--exclude-libs,libisal_crypto.a,-l:libisal_crypto.a
endif
dpdk_plugin_la_LDFLAGS += -Wl,-lm,-ldl
if WITH_DPDK_MLX5_PMD
dpdk_plugin_la_LDFLAGS += -Wl,-libverbs
endif
if WITH_DPDK_MLX4_PMD
dpdk_plugin_la_LDFLAGS += -Wl,-libverbs
endif
dpdk_plugin_la_SOURCES = \
dpdk/main.c \

View File

@ -12,13 +12,16 @@
* See the License for the specific language governing permissions and
* limitations under the License.
*/
#include <vnet/vnet.h>
#include <vppinfra/vec.h>
#include <vppinfra/format.h>
#include <vlib/unix/cj.h>
#include <assert.h>
#include <vnet/ip/ip.h>
#include <vnet/ethernet/ethernet.h>
#include <vnet/ethernet/arp_packet.h>
#include <dpdk/device/dpdk.h>
#include <dpdk/device/dpdk_priv.h>
@ -178,6 +181,65 @@ dpdk_device_stop (dpdk_device_t * xd)
}
}
void
dpdk_port_state_callback (uint8_t port_id,
enum rte_eth_event_type type, void *param)
{
struct rte_eth_link link;
vlib_main_t *vm = vlib_get_main ();
dpdk_device_t *xd = &dpdk_main.devices[port_id];
RTE_SET_USED (param);
if (type != RTE_ETH_EVENT_INTR_LSC)
{
clib_warning ("Unknown event %d received for port %d", type, port_id);
return;
}
rte_eth_link_get_nowait (port_id, &link);
u8 link_up = link.link_status;
if (xd->flags & DPDK_DEVICE_FLAG_BOND_SLAVE)
{
u8 bd_port = xd->bond_port;
int bd_mode = rte_eth_bond_mode_get (bd_port);
if ((link_up && !(xd->flags & DPDK_DEVICE_FLAG_BOND_SLAVE_UP)) ||
(!link_up && (xd->flags & DPDK_DEVICE_FLAG_BOND_SLAVE_UP)))
{
clib_warning ("Port %d state to %s, "
"slave of port %d BondEthernet%d in mode %d",
port_id, (link_up) ? "UP" : "DOWN",
bd_port, xd->port_id, bd_mode);
if (bd_mode == BONDING_MODE_ACTIVE_BACKUP)
{
rte_eth_link_get_nowait (bd_port, &link);
if (link.link_status) /* bonded interface up */
{
u32 hw_if_index = dpdk_main.devices[bd_port].hw_if_index;
vlib_process_signal_event
(vm, send_garp_na_process_node_index, SEND_GARP_NA,
hw_if_index);
}
}
}
if (link_up) /* Update slave link status */
xd->flags |= DPDK_DEVICE_FLAG_BOND_SLAVE_UP;
else
xd->flags &= ~DPDK_DEVICE_FLAG_BOND_SLAVE_UP;
}
else /* Should not happen as callback not setup for "normal" links */
{
if (link_up)
clib_warning ("Port %d Link Up - speed %u Mbps - %s",
port_id, (unsigned) link.link_speed,
(link.link_duplex == ETH_LINK_FULL_DUPLEX) ?
"full-duplex" : "half-duplex");
else
clib_warning ("Port %d Link Down\n\n", port_id);
}
}
/*
* fd.io coding-style-patch-verification: ON
*

View File

@ -307,7 +307,7 @@ dpdk_prefetch_buffer_by_index (vlib_main_t * vm, u32 bi)
struct rte_mbuf *mb;
b = vlib_get_buffer (vm, bi);
mb = rte_mbuf_from_vlib_buffer (b);
CLIB_PREFETCH (mb, CLIB_CACHE_LINE_BYTES, LOAD);
CLIB_PREFETCH (mb, 2 * CLIB_CACHE_LINE_BYTES, STORE);
CLIB_PREFETCH (b, CLIB_CACHE_LINE_BYTES, LOAD);
}

View File

@ -92,6 +92,7 @@ typedef enum
VNET_DPDK_PORT_TYPE_ETH_10G,
VNET_DPDK_PORT_TYPE_ETH_25G,
VNET_DPDK_PORT_TYPE_ETH_40G,
VNET_DPDK_PORT_TYPE_ETH_50G,
VNET_DPDK_PORT_TYPE_ETH_100G,
VNET_DPDK_PORT_TYPE_ETH_BOND,
VNET_DPDK_PORT_TYPE_ETH_SWITCH,
@ -173,6 +174,8 @@ typedef struct
#define DPDK_DEVICE_FLAG_MAYBE_MULTISEG (1 << 4)
#define DPDK_DEVICE_FLAG_HAVE_SUBIF (1 << 5)
#define DPDK_DEVICE_FLAG_HQOS (1 << 6)
#define DPDK_DEVICE_FLAG_BOND_SLAVE (1 << 7)
#define DPDK_DEVICE_FLAG_BOND_SLAVE_UP (1 << 8)
u16 nb_tx_desc;
CLIB_CACHE_LINE_ALIGN_MARK (cacheline1);
@ -197,6 +200,10 @@ typedef struct
/* af_packet or BondEthernet instance number */
u8 port_id;
/* Bonded interface port# of a slave -
only valid if DPDK_DEVICE_FLAG_BOND_SLAVE bit is set */
u8 bond_port;
struct rte_eth_link link;
f64 time_last_link_update;
@ -408,6 +415,8 @@ typedef struct
void dpdk_device_setup (dpdk_device_t * xd);
void dpdk_device_start (dpdk_device_t * xd);
void dpdk_device_stop (dpdk_device_t * xd);
void dpdk_port_state_callback (uint8_t port_id,
enum rte_eth_event_type type, void *param);
#define foreach_dpdk_error \
_(NONE, "no error") \

View File

@ -186,6 +186,10 @@ format_dpdk_device_name (u8 * s, va_list * args)
device_name = "FortyGigabitEthernet";
break;
case VNET_DPDK_PORT_TYPE_ETH_50G:
device_name = "FiftyGigabitEthernet";
break;
case VNET_DPDK_PORT_TYPE_ETH_100G:
device_name = "HundredGigabitEthernet";
break;

View File

@ -61,6 +61,8 @@ port_type_from_speed_capa (struct rte_eth_dev_info *dev_info)
if (dev_info->speed_capa & ETH_LINK_SPEED_100G)
return VNET_DPDK_PORT_TYPE_ETH_100G;
else if (dev_info->speed_capa & ETH_LINK_SPEED_50G)
return VNET_DPDK_PORT_TYPE_ETH_50G;
else if (dev_info->speed_capa & ETH_LINK_SPEED_40G)
return VNET_DPDK_PORT_TYPE_ETH_40G;
else if (dev_info->speed_capa & ETH_LINK_SPEED_25G)
@ -1270,9 +1272,9 @@ dpdk_update_link_state (dpdk_device_t * xd, f64 now)
ed->new_link_state = (u8) xd->link.link_status;
}
if ((xd->flags & DPDK_DEVICE_FLAG_ADMIN_UP) &&
((xd->link.link_status != 0) ^
vnet_hw_interface_is_link_up (vnm, xd->hw_if_index)))
if ((xd->flags & (DPDK_DEVICE_FLAG_ADMIN_UP | DPDK_DEVICE_FLAG_BOND_SLAVE))
&& ((xd->link.link_status != 0) ^
vnet_hw_interface_is_link_up (vnm, xd->hw_if_index)))
{
hw_flags_chg = 1;
hw_flags |= (xd->link.link_status ? VNET_HW_INTERFACE_FLAG_LINK_UP : 0);
@ -1373,8 +1375,10 @@ dpdk_process (vlib_main_t * vm, vlib_node_runtime_t * rt, vlib_frame_t * f)
/*
* Extra set up for bond interfaces:
* 1. Setup MACs for bond interfaces and their slave links which was set
* in dpdk_device_setup() but needs to be done again here to take effect.
* 2. Set up info for bond interface related CLI support.
* in dpdk_device_setup() but needs to be done again here to take
* effect.
* 2. Set up info and register slave link state change callback handling.
* 3. Set up info for bond interface related CLI support.
*/
int nports = rte_eth_dev_count ();
if (nports > 0)
@ -1399,7 +1403,8 @@ dpdk_process (vlib_main_t * vm, vlib_node_runtime_t * rt, vlib_frame_t * f)
(slink[0], (struct ether_addr *) addr);
/* Set MAC of bounded interface to that of 1st slave link */
clib_warning ("Set MAC for bond dev# %d", i);
clib_warning ("Set MAC for bond port %d BondEthernet%d",
i, xd->port_id);
rv = rte_eth_bond_mac_address_set
(i, (struct ether_addr *) addr);
if (rv)
@ -1428,34 +1433,38 @@ dpdk_process (vlib_main_t * vm, vlib_node_runtime_t * rt, vlib_frame_t * f)
/* Add MAC to all slave links except the first one */
if (nlink)
{
clib_warning ("Add MAC for slave dev# %d", slave);
clib_warning ("Add MAC for slave port %d", slave);
rv = rte_eth_dev_mac_addr_add
(slave, (struct ether_addr *) addr, 0);
if (rv)
clib_warning ("Add MAC addr failure rv=%d", rv);
}
/* Setup slave link state change callback handling */
rte_eth_dev_callback_register
(slave, RTE_ETH_EVENT_INTR_LSC,
dpdk_port_state_callback, NULL);
dpdk_device_t *sxd = &dm->devices[slave];
sxd->flags |= DPDK_DEVICE_FLAG_BOND_SLAVE;
sxd->bond_port = i;
/* Set slaves bitmap for bonded interface */
bhi->bond_info = clib_bitmap_set
(bhi->bond_info, sdev->hw_if_index, 1);
/* Set slave link flags on slave interface */
/* Set MACs and slave link flags on slave interface */
shi = vnet_get_hw_interface (vnm, sdev->hw_if_index);
ssi = vnet_get_sw_interface
(vnm, sdev->vlib_sw_if_index);
sei = pool_elt_at_index
(em->interfaces, shi->hw_instance);
shi->bond_info = VNET_HW_INTERFACE_BOND_INFO_SLAVE;
ssi->flags |= VNET_SW_INTERFACE_FLAG_BOND_SLAVE;
clib_memcpy (shi->hw_address, addr, 6);
clib_memcpy (sei->address, addr, 6);
/* Set l3 packet size allowed as the lowest of slave */
if (bhi->max_l3_packet_bytes[VLIB_RX] >
shi->max_l3_packet_bytes[VLIB_RX])
bhi->max_l3_packet_bytes[VLIB_RX] =
bhi->max_l3_packet_bytes[VLIB_TX] =
shi->max_l3_packet_bytes[VLIB_RX];
/* Set max packet size allowed as the lowest of slave */
if (bhi->max_packet_bytes > shi->max_packet_bytes)
bhi->max_packet_bytes = shi->max_packet_bytes;

View File

@ -7,10 +7,10 @@ This document is meant to contain all related information about implementation a
DPDK Cryptodev is an asynchronous crypto API that supports both Hardware and Software implementations (for more details refer to [DPDK Cryptography Device Library documentation](http://dpdk.org/doc/guides/prog_guide/cryptodev_lib.html)).
When DPDK support is enabled and there are enough Cryptodev resources for all workers, the node graph is reconfigured by adding and changing default next nodes.
When there are enough Cryptodev resources for all workers, the node graph is reconfigured by adding and changing the default next nodes.
The following nodes are added:
* dpdk-crypto-input : polling input node, basically dequeuing from crypto devices.
* dpdk-crypto-input : polling input node, dequeuing from crypto devices.
* dpdk-esp-encrypt : internal node.
* dpdk-esp-decrypt : internal node.
* dpdk-esp-encrypt-post : internal node.
@ -23,16 +23,9 @@ Set new default next nodes:
### How to enable VPP IPSec with DPDK Cryptodev support
DPDK Cryptodev is supported in DPDK enabled VPP and by default only HW Cryptodev is supported.
To enable SW Cryptodev support (AESNI-MB-PMD and GCM-PMD), we need the following env option:
When building DPDK with VPP, Cryptodev support is always enabled.
vpp_uses_dpdk_cryptodev_sw=yes
A couple of ways to achive this:
* uncomment/add it in the platforms config (ie. build-data/platforms/vpp.mk)
* set the option when building vpp (ie. make vpp_uses_dpdk_cryptodev_sw=yes build-release)
When enabling SW Cryptodev support, it means that you need to pre-build the required crypto libraries needed by those SW Cryptodev PMDs. This requires nasm, see nasm section below.
Additionally, on x86_64 platforms, DPDK is built with SW crypto support.
### Crypto Resources allocation

View File

@ -245,7 +245,6 @@ memif_interface_tx_inline (vlib_main_t * vm, vlib_node_runtime_t * node,
{
vlib_error_count (vm, node->node_index, MEMIF_TX_ERROR_NO_FREE_SLOTS,
n_left);
vlib_buffer_free (vm, buffers, n_left);
}
vlib_buffer_free (vm, vlib_frame_args (frame), frame->n_vectors);

View File

@ -227,6 +227,14 @@ memif_connect (memif_if_t * mif)
clib_warning
("Warning: unable to set rx mode for interface %d queue %d: "
"rc=%d", mif->hw_if_index, i, rv);
else
{
vnet_hw_interface_rx_mode rxmode;
vnet_hw_interface_get_rx_mode (vnm, mif->hw_if_index, i, &rxmode);
if (rxmode == VNET_HW_INTERFACE_RX_MODE_POLLING)
mq->ring->flags |= MEMIF_RING_FLAG_MASK_INT;
}
}
mif->flags &= ~MEMIF_IF_FLAG_CONNECTING;

View File

@ -21,6 +21,8 @@ import subprocess
import re
import sys
from optparse import OptionParser
from errno import EACCES, EPERM, ENOENT
try:
import readline
@ -43,6 +45,30 @@ class Vppctl(Cmd):
readline.set_history_length(persishist_size)
readline.write_history_file(persishist)
def print_file_error_message(self,e, file_name):
#PermissionError
if e.errno==EPERM or e.errno==EACCES:
print("PermissionError error({0}): {1} for:\n{2}".format(e.errno, e.strerror, file_name))
#FileNotFoundError
elif e.errno==ENOENT:
print("FileNotFoundError error({0}): {1} as:\n{2}".format(e.errno, e.strerror, file_name))
elif IOError:
print("I/O error({0}): {1} as:\n{2}".format(e.errno, e.strerror, file_name))
elif OSError:
print("OS error({0}): {1} as:\n{2}".format(e.errno, e.strerror, file_name))
def testPermissions(self):
if(self.api_prefix is None):
filename = "/dev/shm/vpe-api"
else:
filename = "/dev/shm/%s-vpe-api" % self.api_prefix
try:
file = open(filename)
file.close()
except (IOError, OSError) as e:
self.print_file_error_message(e,filename)
sys.exit()
def runVat(self, line):
input_prefix = "exec "
input_command = input_prefix + line
@ -53,9 +79,7 @@ class Vppctl(Cmd):
else:
command = ['vpp_api_test',"chroot prefix %s " % self.api_prefix]
if os.geteuid() != 0:
command = ['sudo'] + command
self.testPermissions()
vpp_process = subprocess.Popen(command,
stderr=subprocess.PIPE,
stdin=subprocess.PIPE,

View File

@ -13,7 +13,7 @@
bin_PROGRAMS += svmtool svmdbtool
nobase_include_HEADERS += svm/svm.h svm/ssvm.h svm/svmdb.h \
nobase_include_HEADERS += svm/svm.h svm/svm_common.h svm/ssvm.h svm/svmdb.h \
svm/svm_fifo.h svm/svm_fifo_segment.h
lib_LTLIBRARIES += libsvm.la libsvmdb.la

Some files were not shown because too many files have changed in this diff Show More