Properly set type
path->fp_type = FIB_PATH_TYPE_SPECIAL
for paths with (path->fp_cfg_flags & FIB_PATH_CFG_FLAG_DROP)
Type: fix
Change-Id: Id61dbcda781d872b878e6a6410c05b840795ed46
Signed-off-by: Alexander Skorichenko <askorichenko@netgate.com>
(cherry picked from commit 4b08632748727486e7ebfdcf4d992743595bc500)
When a periodic BFD packet cannot be sent because the interface is
disabled, the allocated buffer needs to be freed. This currently will
occur for IPv4 sessions. However, buffers will leak for IPv6 sessions as
in this case, bfd_transport_control_frame() and bfd_transport_udp6()
will not indicate failure.
With this fix, stop always returning success in bfd_transport_udp6() and
start returning the actual return value.
Type: fix
Change-Id: I5fa4d9206e32cccae3053ef24966d80e2022fc81
Signed-off-by: Alexander Chernavin <achernavin@netgate.com>
(cherry picked from commit 1f4023d55d7a9c777465d24065e91fc076602fb0)
Type: fix
In esp_encrypt_inline(), an index and pointer to the last processed SA
are stored. If the next packet uses the same SA, we defer on updating
counters until a different SA is encountered.
The pointer was being retrieved, then the SA was checked to see if the
packet should be dropped due to no crypto/integ algs, then the index was
updated. If the check failed, we would skip further processing and now
the pointer refers to a different SA than the index. When you have a
batch of packets that are encrypted using an SA followed by a packet
which is dropped for no algs and then more packets to be encrypted using
the original SA, the packets that arrive after the one that was dropped
end up being processed using a pointer that refers to the wrong SA data.
This can result in a segv.
Update the current_sa_index at the same time that the sa0 pointer is
updated.
Signed-off-by: Matthew Smith <mgsmith@netgate.com>
Change-Id: I65f1511a37475b4f737f5e1b51749c0a30e88806
(cherry picked from commit dac9e566cd16fc375fff14280b37cb5135584fc6)
The recent TX flows generation fix introduced "l3_hdr_offset" which
represents the offset of the IP header in the buffer's data. The problem
is that it is erroneously defined as a 16-bit unsigned integer. If the
calculated offset is negative, "l3_hdr_offset" will get a value close to
UINT16_MAX. And the code will search the IP header somewhere beyond the
buffer's data. For example, this will occur in the case when an ICMP
error is being sent in response to a received packet.
With this fix, make "l3_hdr_offset" a signed integer.
Type: fix
Change-Id: I6f1283c7ba02656d0f592519b5863e68348c5583
Signed-off-by: Alexander Chernavin <achernavin@netgate.com>
(cherry picked from commit bae6b6d1f2a2e6623257afab21e05da2d795323a)
Currently, when IPFIX records generation is enabled for an interface in
the TX direction, some rewritten traffic is being sent from that
interface, and the Ethernet header's location has changed due to
rewriting, generated TX flows will contain fields with wrong and zero
values. For example, that can be observed when traffic is rewritten from
a subinterface to a hardware interface (i.e. when tags are removed). A
TX flow generated in this case will have wrong L2 fields because of an
incorrectly located Ethernet header. And zero L3/L4 fields because the
Ethernet type will match neither IP4 nor IP6.
The same code is executed to generate flows for both input and output
features. And the same mechanism is applied to identify the Ethernet
header in the buffer's data. However, such general code usually works
with the buffer's data conditionally based on the direction. For most
input features, the buffer's current_data will likely point to the IP
header. For most output features, the buffer's current_data will likely
point to the Ethernet header.
With this fix:
- Keep relying on ethernet_buffer_get_header() to locate the Ethernet
header for input features. And start using vlib_buffer_get_current()
to locate the Ethernet header for output features. The function will
account for the Ethernet header's position change in the buffer's
data if there is rewriting.
- After fixing Ethernet header determination in the buffer's data,
L3/L4 fields will contain non-zero but still incorrect data. That is
because IP header determination needs to be fixed too. It currently
relies on the fact that the Ethernet header is always located at the
beginning of the buffer's data and that l2_hdr_sz can be used as an
IP header offset. However, this may not be the case after rewriting.
So start calculating the actual offset of the IP header in the
buffer's data.
- Add a unit test to cover the case.
Type: fix
Change-Id: Icf3f9e6518912d06dff0d5aa48e103b3dc94edb7
Signed-off-by: Alexander Chernavin <achernavin@netgate.com>
(cherry picked from commit 64d6463d2eac0c0fe434f3a7aa56fe4d85c046d9)
As a result of recent fixes, all currently stored flows of an interface
are deleted when the feature is being disabled for the interface. This
includes stopping the timer and freeing the flow entries for further
reuse. The problem is that meta information is not cleared in the flow
entries being deleted. For example, packet delta count will keep its
value. The next flow that gets one of these pool entries will already
have a non-zero packet count. So the counting of packets will start from
a non-zero value. And incorrect packet delta count will be exported for
that flow.
With this fix, clear meta information too when clearing interface state.
Also, update the corresponding test to cover this case.
Type: fix
Change-Id: I9a73b3958adfd1676e66b0ed50f1478920671cca
Signed-off-by: Alexander Chernavin <achernavin@netgate.com>
(cherry picked from commit dab1dfeea9fec04a9a90a82dc5d770fbff344540)
Currently, TCP flags of a flow entry don't get reset once the flow is
exported (unlike other meta information about a flow - packet delta
count and octet delta count). So TCP flags are accumulated as long as
the flow is active. When the flow expires, it is exported the last time,
and its pool entry is freed for further reuse. The next flow that gets
this pool entry will already have non-zero TCP flags. If it's a TCP
flow, the flags will keep being accumulated. This might look fine when
exported. If it's a non-TCP flow, that will definitely look erroneous.
With this fix, reset TCP flags once the flow is exported. Also, cover
the reuse case with tests.
Type: fix
Change-Id: I5f8560afffcfe107909117d3d063e8a69793437e
Signed-off-by: Alexander Chernavin <achernavin@netgate.com>
(cherry picked from commit 21922cec7339f48989f230248de36a98816c4b1b)
Type: improvement
If an interface address is added, the glean adjacency for it's covering
prefix is updated with that address. In the case of multiple addresses
within the same prefix being added, the most recently added one will end
up being used as the sender protocol address for ARP requests.
Similar behavior occurs when an interface address is deleted. The glean
adjacency is updated to some appropriate entry under it's covering
prefix. If there were multiple interface addresses configured, we may
update the address on the adjacency even though the address currently in
use is not the one being deleted.
Add a new value PROVIDES_GLEAN to fib_entry_src_flag_t. The flag
identifies whether a source interface entry is being used as the address
for the glean adjacency for the covering prefix.
Update logic so that the glean is only updated on adding an interface
address if there is not already a sibling entry in use which has the
flag set. Also, only update the glean on deleting an interface address
if the address being deleted has the flag set.
Also update unit test which validates expected behavior in the case
where multiple addresses within a prefix are configured on an interface.
Signed-off-by: Matthew Smith <mgsmith@netgate.com>
Change-Id: I7d918b8dd703735b20ec76e0a60af6d7e571b766
(cherry picked from commit 9e5694b405e0200725a993f0c17d452fab508435)
Currently, when L2 and L4 recording is enabled on the L2 datapath, the
L2 template will contain L4 fields and L2 flows will be exported with
those fields always set to zero.
With this fix, when L4 recording is enabled, add L4 fields to templates
other than the L2 template (i.e. to the IP4, IP6, L2_IP4, and L2_IP6
templates). And export L2 flows without L4 fields. Also, cover that case
in the tests.
Type: fix
Change-Id: Id5ed8b99af5634fb9d5c6e695203344782fdac01
Signed-off-by: Alexander Chernavin <achernavin@netgate.com>
(cherry picked from commit 6b027cfdbcb750b8aa1b8ab9a3904c1b2dca6f15)
When IPFIX flow record generation is enabled on an interface and the
active timer is set, flows will be saved and then exported according to
the active and passive timers. If then disable the feature on the
interface, the flow entries currently saved will remain in the state
tables. They will gradually expire and be exported. The problem is that
the template for them has already been removed. And they will be sent
with zero template ID which will make them unreadable.
A similar problem will occur if feature settings are "changed" on the
interface - i.e. disable the feature and re-enable it with different
settings (e.g. set a different datapath). The remaining flows that
correspond to the previous feature settings will be eventually sent
either with zero template ID or with template ID that corresponds to the
current feature settings on the interface (and look like garbage data).
With this fix, flush the current buffers before template removal and
clear the remaining flows of the interface during feature disabling.
Type: fix
Change-Id: I1e57db06adfdd3a02fed1a6a89b5418f85a35e16
Signed-off-by: Alexander Chernavin <achernavin@netgate.com>
(cherry picked from commit f68afe85a6e4d5e00fdad1af19a76eb40fdfa388)
When MAC address changes for an interface, address change callbacks are
executed for it. In turn adjacencies register a callback for MAC address
changes to be able to update their rewrite strings accordingly.
Subinterfaces inherit MAC address from the parent interface. When MAC
address of the parent interface changes, it also implies MAC address
change for its subinterfaces. The problem is that this is currently not
considered when address change callbacks are executed. After MAC address
change on the parent interface, packets sent from subinterfaces might
have wrong source MAC address as the result of stale adjacencies. For
example, ARP messages might be sent with the wrong (previous) MAC
address and address resolution will fail.
With this fix, when address change callbacks are executed for an
interface, they will be also executed for its subinterfaces. And
adjacencies will be able to update accordingly.
Type: fix
Change-Id: I87349698c10b9c3a31a28c0287e6dc711d9413a2
Signed-off-by: Alexander Chernavin <achernavin@netgate.com>
(cherry picked from commit 8a92b68bc8eaaec48d144fba62490a32f28eb422)
Currently, L2 flows are exported using L2_IP6 template if L3 or L4
recording is enabled on L2 datapath. That occurs because during feature
enable, L2 template is added and its ID is not saved immediately. Then
L2_IP4 and L2_IP6 templates are added overwriting "template_id" each
time. And in the end, the current value of "template_id" is saved for L2
template. The problem is that "template_id" at that point contains the
ID of L2_IP6 template.
With this fix, save the template ID immediately after adding a template
for all variants (datapaths). Also, cover the case with a test.
Type: fix
Change-Id: Id27288043b3b8f0e89e77f45ae9a01fa7439e20e
Signed-off-by: Alexander Chernavin <achernavin@netgate.com>
(cherry picked from commit 120095d3d33bfac64c1f3c870f8a332eeaf638f0)
memif_disconect may be called without barrier sync. It removes stuff in mq
without protection which may cause troubles for memif RX/TX worker threads.
The fix is to protect mq removal in memif_disconnect.
Type: fix
Change-Id: I368c466d1f13df98980dfa87e8442fbcd822a428
Signed-off-by: Steven Luong <sluong@cisco.com>
(cherry picked from commit 34c721fb47155135bf2173ca7b9a31aaacfde190)
Be less aggressive with rx events on connect/accept notification.
Type: fix
Signed-off-by: Florin Coras <fcoras@cisco.com>
Change-Id: Ie93a08c7eef69383bf0301a163fd2131dd51372a
(cherry picked from commit 054aa8c2f2681e3a4a4af02d9119fb6eaa5dbad6)
s->tx_fifo is 0 for the connecting half open session.
Type: fix
Change-Id: I2ba1ae99a2fa4fae1896587f40e0e4fb73c1edcb
Signed-off-by: Steven Luong <sluong@cisco.com>
(cherry picked from commit 947aa8fffcd85563ed0bad620f739e76c6002f50)
This patch provides minor improvements to the logic governing dequeuing
from the ring. Previously whenever a frame was dequeued
we've been trying to dequeue from the ring another one till
inflight == 0. Now threshold is set for 8 frames pending in the cache
to be consumed by the vnet. This threshold has been chosen based on
cache ring stats observation in the system under load.
Some unnecessary logic for setting deq_tail has been removed.
Also logging has been corrected, and cache ring logic simplied.
Type: improvement
Signed-off-by: Piotr Bronowski <piotrx.bronowski@intel.com>
Change-Id: I19f3daf5913006e9cb23e142a163f596e85f5bda
(cherry picked from commit 7cc17f6df9b3f4b45aaac16ba0aa098d6cd58794)
If builtin apps refuse connections, they should be cleaned up.
Type: fix
Signed-off-by: Florin Coras <fcoras@cisco.com>
Change-Id: I95ef22902ac3fe873e15e250aa5f03031c2dc0c4
(cherry picked from commit 9ffec14a2202e1268c4a2f189c39a90986090a25)
pretty=on|off has been removed from qemu and its presence
causes VM boot up issues.
Type: fix
Change-Id: I4a9f15dba5015e81fbd32278b1c74b2606c32c8f
Signed-off-by: Naveen Joy <najoy@cisco.com>
If the control agent enabled a binding on an interface multiple times,
we would add the node in the feature arc multiple times.
Type: fix
Change-Id: I2ca247db0a0211f5fa3974a18ca4fcae8485cb12
Signed-off-by: Ole Troan <otroan@employees.org>
For blocking sessions, if fifo event still active before size check it
could lead to vpp not generating an event because of race to check flag
in vpp and to eventually unset flag in vcl.
Type: fix
Signed-off-by: Florin Coras <fcoras@cisco.com>
Change-Id: I0e350b9ff92a4e08a9249345ae224589c09d305b
This patch fixes configuration of priority, port and type of protocol
for inbound and outbound policies in policy-based IPsec of this plugin.
Type: fix
Signed-off-by: Gabriel Oginski <gabrielx.oginski@intel.com>
Change-Id: I01ddc2e13ebbe87380e66a525aac1b615f619604
Session state cannot be updated after async notification event is
generated for app. Instead, make sure quic sessions that accept new
streams are switched to listening state only on accept.
Type: fix
Fixes: 0242d30
Signed-off-by: Florin Coras <fcoras@cisco.com>
Change-Id: I9663ccadbea99d555ad49e871f7dff897239dc84
As per discussion on the VPP community call,
since the message is used in CSIT tests and did
not see the changes in a while, mark as production
for the purposes of change process.
Type: improvement
Signed-off-by: Andrew Yourtchenko <ayourtch@gmail.com>
Change-Id: I4a79aafb1a9f37ac87faea7abea28cf01d1ffb4c
As discussed on the VPP call, since CSIT tests use these messages
and they have not been changedfor quite a while, bump the version
so these messages are considered as "production" from the change
process standpoint.
Type: improvement
Change-Id: I93a04b10b273d5904c0678fa0b85d47f9f683a9b
Signed-off-by: Andrew Yourtchenko <ayourtch@gmail.com>
As per discussion on the VPP call - since the APIs are used
in CSIT tests, mark them as production from the change process
perspective.
Type: improvement
Signed-off-by: Andrew Yourtchenko <ayourtch@gmail.com>
Change-Id: I9164073425384e8aa281445a2852fee49b777e2f
As per discussion on VPP call - since the APIs are used in CSIT tests,
and there has not been changes in a while, mark them as stable from
the API change process PoV.
Type: improvement
Signed-off-by: Andrew Yourtchenko <ayourtch@gmail.com>
Change-Id: Ia644e1dfcd9d182cc6f10089fc44397a61e8aaf6
As per discussion on the VPP call: since the CSIT tests use these
APIs and the APIs have not changed in quite a while, stabilize the API
from the change process point of view.
Type: improvement
Signed-off-by: Andrew Yourtchenko <ayourtch@gmail.com>
Change-Id: Id81999d03cce37764f6ed7d4f77ef5a71fe41ad1
perf_user_access_enabled is defined as u8,
clib_sysfs_read format type is %u, this is for unsigned int,
change type from u8 to u32.
Type: fix
Fixes: 268d7be66b8b ("perfmon: enable perfmon plugin for Arm")
Signed-off-by: Tianyu Li <tianyu.li@arm.com>
Change-Id: I48ec00605e496d185370e77d894d7852d6d22124
This change aims to affect crypto_sw_scheduler behavior,
but all the edits end up in vnet/crypto.
Previous release CSIT tests were testing async crypto in polling mode.
After 9a9604b09f15691d7c4ddf29afd99a31e7e31eed introduced adaptive mode
for crypto dispatch, the CSIT performance got way worse.
Possibly, there is another VPP bug related to adaptive mode
(it should not lose as many packets as seen in CSIT),
but the next release is too close for trying to fix that.
This change (instead of fixing adaptive mode)
allows CSIT to continue testing polling mode (after explicit API call),
while keeping the adaptive mode as default behavior.
The deprecated crypto_set_async_dispatch always disable adaptive mode,
crypto_set_async_dispatch_v2 has parameter to enable or disable it.
The mode parameter is still used for the inital state of adaptive mode.
Type: feature
Change-Id: Ib98080eefb4be291207af543884f2c3837f92f59
Signed-off-by: Vratko Polak <vrpolak@cisco.com>
The checkstyle --fix command remains confused
around the def/foreach/undef usage in convert_async_crypto_id,
but at least the other functions now look correctly indented to me.
Type: style
Change-Id: Ic8f7b580267386b7a6b07d33d9ba7ae9787c0e0a
Signed-off-by: Vratko Polak <vrpolak@cisco.com>
The logic for calcuating processed elements in the cache ring was broken.
In case tail and deq_tail equals and frame element pointed by the tile
is not NULL it means there is exactly one processed element in the ring.
Type: fix
Signed-off-by: Piotr Bronowski <piotrx.bronowski@intel.com>
Change-Id: I69c978334fc952049393214ccc9cc5245351f7f7
Use client address hash to pick the first outside address
instead of just address high octet, becasue it may denegerate
into stable 10/172/192, depending on nat address count.
Fix outside address distribution test to acually test the
distribution, not the algo, so previous distribution will
fail with 65 nat addresses and 100 clients:
FAIL: Outside address distribution based on source address
Traceback (most recent call last):
File ".../test/test_nat44_ed.py", line 2048, in test_outside_address_distribution
msg="Bad outside address distribution")
AssertionError: 156.25 not less than 0.33 : Bad outside address distribution
Type: improvement
Change-Id: I604b1294422f20d211db5614c47559557a78a193
Signed-off-by: Vladislav Grishenko <themiron@yandex-team.ru>
Punt support for ICMP6 messages allows for an external IPv6 RA advertisement agent.
Type: feature
Change-Id: I0cc928b747ac1f8335ee9f7c42a3231424825dbc
Signed-off-by: Ole Troan <otroan@employees.org>
Several api messages were not mp-safe although marked as such
because non-zero base id was not taken into account, and therefore
some other (from zero base id) were falsely mp-safe instead.
Keep messages as mp-safe, as they falsely were before:
10 get_first_msg_id 0 1
12 api_versions 0 1
Messages that are no longer mp-safe as they weren't marked:
15 sockclnt_create 0 1
33 proxy_arp_intfc_dump 0 1
Fix messages to be really mp-safe:
809 bridge_domain_dump 0 1
920 ip_route_add_del 0 1
921 ip_route_add_del_v2 0 1
1362 get_node_graph 0 1
1671 create_vhost_user_if 0 1
1675 create_vhost_user_if_v2 0 1
Additionally mark messages as mp-safe, seems they need no barrier:
1360 show_threads 0 1
1370 show_version 0 1
1372 show_vpe_system_time 0 1
Type: fix
Change-Id: Ie6c1e3aa89f26bf51bfbcb7e7c4d9fee885487b7
Signed-off-by: Vladislav Grishenko <themiron@yandex-team.ru>
Type: fix
Byte swapping should be done before verifying message otherwise the message length will be wrongly computed.
Change-Id: I90b2f60bd33e5362e0edd5ee425f6a6f07886f1e
Signed-off-by: Sylvain Cadilhac <sylvain.cadilhac@freepro.com>
Plugin is still in experimental state. No reason why it needs
to be default enabled.
Type: fix
Change-Id: Ibf1810215d4c8079a068bfc60aa7dd49306ee4e4
Signed-off-by: Ole Troan <otroan@employees.org>
The new arping_acd call includes the responders mac address in the reply.
Enabling a client doing address conflict detection to identify if it
is itself that is replying or that it is another host uses the IP
address.
Type: feature
Change-Id: Ia4bab2af1086f06ed71ba42e2e07368d4e330a27
Signed-off-by: Ole Troan <otroan@employees.org>
Applied the checksum delta to the source address instead of the destination address
in the RX direction.
Cleaned up tests a little.
Type: fix
Change-Id: I871f3448365587e5319dfbca6ea356935321ff9b
Signed-off-by: Ole Troan <otroan@employees.org>
In order to be able to filter on encapsulated packet, a new node
has been added to the ip4/6-unicast arcs.
Type: feature
Change-Id: I1e8ee05bc6d0fce20cadd8319c81bab260c17d21
Signed-off-by: Maxime Peim <mpeim@cisco.com>
Fifos need to be synchronously allocated once a transport like tcp
accepts a session. Since events are now delivered asynchronously,
proxy apps must explicitly register a cb function that manages
fifo allocation prior to being notified of connect event.
Type: fix
Fixes: 0242d30
Signed-off-by: Florin Coras <fcoras@cisco.com>
Change-Id: I7df973b7014e53e0766ea2bdc61e9871160bc18b
Upon test teardown, MAP features were not disabled, potentially
leading packets to be treated by the wrong node.
Type: test
Change-Id: I0c1c614318d1308f825c5cc0bf95688e92f6d00a
Signed-off-by: Maxime Peim <mpeim@cisco.com>
Make sure there's at least 3% space in the tx fifo before notifying vcl
of a tx event. The threshold is somewhat arbibrary but for a 4M fifo, it
now means that ~120kB of space should be available.
Should help minimize the amount of tx notifications generated by
session layer when apps are faster.
Type: improvement
Signed-off-by: Florin Coras <fcoras@cisco.com>
Change-Id: I11dd0931dca8f989000a2481f1f495bd267589c4
For the reasons of modularity and security, it is useful
to have various functionality split into processes different from VPP.
However, this approach presents the challenges of managing those processes,
and is markedly different from simply running everything within VPP process.
This plugin is an experiment in having the VPP itself start off a monitor
process which in turn starts the child processes, and restarts them if they
quit.
If the VPP process ceases to exist, the monitor process terminates all
the descendant processes and quits itself.
This allows to preserve the "single entity to manage" approach of
simply running a barebones VPP.
An example of running it:
export DPDK_CONFIG=""
export DISABLED_PLUGINS=dpdk
export EXTRA_VPP_CONFIG="fateshare { monitor ./build-root/install-vpp_debug-native/vpp/bin/vpp_fateshare_monitor command ./test1 }"
make run
Signed-off-by: Andrew Yourtchenko <ayourtch@gmail.com>
Change-Id: I66221fd7403f220d9652fe76958ca499cfd070a7
Type: feature
Wrap SESSION_EVT in do loop to avoid complaints about if statement
having no arguments which can happen if debugging for groups is not
enabled.
Type: fix
Signed-off-by: Florin Coras <fcoras@cisco.com>
Change-Id: I35af179b806ed47a1e20816a19291c31fdb7566a
Add an API call mpls_interface_dump() which returns a list of mpls_interface_details:
- If no sw_if_index is given, all MPLS enabled sw_if_index are returned.
- If a particular sw_if_index is given, and it doesn't exist, an empty list is returned.
- If a sw_if_index exists and has MPLS enabled, a list of that one sw_if_index is returned.
Tested:
- Create 3 loopback interfaces
- Call for ~0 and for sw_if_index 0..5 all return empty lists
- set int mpls loop0 enable
- set int mpls loop1 enable
- Call for ~0 returns 2, and the call for sw_if_index=1 and =2 (the loopbacks) returns
each a list of one sw_if_index 1 resp 2, the other values of sw_if_index return empty list
- set int mpls loop0 disable
- Call for ~0 returns 1, and the call for sw_if_index=2 (loop1) returns both a list of one
sw_if_index=2, the other values of sw_if_index return empty list
- set int mpls loop1 disable
- Call for ~0 and for sw_if_index 0..5 all return empty lists
Example Python3 API program:
```
api_response = vpp.api.mpls_interface_dump()
print(f"Response is {api_response}")
for i in [ 0, 1, 2, 3, 4, 5 ]:
api_response = vpp.api.mpls_interface_dump(sw_if_index=i)
print(f"Response[{i}] = {api_response}")
```
Type: improvement
Change-Id: If87f7d7f8972d99260e859757dbcb251c6fa54a8
Signed-off-by: Pim van Pelt <pim@ipng.nl>
lport and eport in Cli "nat44 add load-balancing static mapping" should hton()
Type: fix
Signed-off-by: Wei Li <realbaseball2008@gmail.com>
Change-Id: I2eadb7e341efb70cc406e10b3b189e5ebff09ff4
This is the initial commit of a NPTv6 (RFC6296) implementation for VPP.
It's restricted to a single internal to external binding and runs
as an output/input feature on the egress interface.
Type: feature
Change-Id: I0e3497af97f1ebd99377b84dbf599ecea935ca24
Signed-off-by: Ole Troan <otroan@employees.org>
Support compiling in Linux Mint OS
Type: improvement
Change-Id: I08721227352b00127fe0acac67269775997fd974
Signed-off-by: spencercoder <xiexiaosong@ruijie.com.cn>
This is a clone of Gerrit 35419.
(It is abandoned and I am not the owner so I cannot reopen.)
Ticket: CSIT-1816
Type: fix
Fixes: 5e0ea09d96010e99a7ce0d2f3370f0de50c46c83
Change-Id: I2265cf38a9ce3155460a1025821c2749afca0add
Signed-off-by: Vratko Polak <vrpolak@cisco.com>
Moved the kernel call for the timestamp outside of the inner loop to improve the batch proccessing, and minimizing the kernel calls.
Type: improvement
Change-Id: I0245c223fc8a178724bb8c5df2b98083be046c26
Signed-off-by: Julian Klaiber <julian@klaiber.me>
Sw ring is renamed to the cache ring. This name better reflects the
puropse of this ring. We've introduced push/pop functions, as well as
other utility functions which remove code repetition. Error handlig
is improved: previously in case of an error all frame elements were
marked as bad, now only these for which errors occured have the error
status set.
Unnecessary stats counters have been removed.
Type: improvement
Signed-off-by: Piotr Bronowski <piotrx.bronowski@intel.com>
Change-Id: I2fd42a529ac84ce5ad260611d6b35a861d441c79
Type: feature
this patch adds a new tag "host" to interfaces for cnat-snat
if an interface is tagged pod and host we do not snat traffic outgoing through it
Change-Id: I71f5bfcb85581bb8508ba547374f0603f1079ac6
Signed-off-by: hedi bouattour <hedibouattour2010@gmail.com>
Add a new native idpf driver. This patch enables the device
initialization. Add some necessary functions and definations
for input and output. A new version of virtchnl is introduced.
Type: feature
Signed-off-by: Ting Xu <ting.xu@intel.com>
Change-Id: Ibbd9cd645e64469f1c4c8b33346c1301be3f6927
- Package update performed by
1. updating pip, pip-tools, setuptools
2. 'make test-refresh-deps' on ubuntu 22.04
3. fixing 'make test' and 'make docs' issues
on ubuntu 22.04
4. 'make test-refresh-deps' on ubuntu 20.04
- Add dependency for 'make test-refresh-deps'
to insure python venv is set up.
- Update of python formatter, black,
caused reformating of 41 python code
files.
Type: make
Change-Id: I7cafdf4b5189065ac57cb6b254937f6e0897a924
Signed-off-by: Dave Wallace <dwallacelf@gmail.com>
Supplemented the documentation of "l2 rewrite", and added examples
Type:docs
Change-Id: If49ae0b22989b3cd1c88a27a4e51b74be32d75e7
Signed-off-by: yanlong <dyl_wlc@163.com>
As per discussion on the VPP call, since they are being
used in CSIT tests and have not seen changes in a while,
mark the messages as production from the change process
standpoint.
Type: improvement
Signed-off-by: Andrew Yourtchenko <ayourtch@gmail.com>
Change-Id: I7fda71edd923b798d034380320a869f7c35cb5a6
When a listen session receives an ACCEPTED message, but then
receives either a RESET or DISCONNECTED message from VPP before the
session is accepted, the listen session state is switched to
VPP_CLOSING or DISCONNECT.
The subsequent CLEANUP message handler attempts to send a
disconneted or reset reply message to VPP, but since the vpp_evt_q
for the listen session is null, this leads to a crash.
Type: fix
Change-Id: Ic51f78f631fe8d15bf8c56b795f4a900c3e2f724
Signed-off-by: wanghanlin <wanghanlin@corp.netease.com>
This patch bumps DPDK version from 23.03 to 23.07.
Type: feature
Change-Id: I15140cecd008bfafb358f6348a1cb8fc08f70f02
Signed-off-by: Kai Ji <kai.ji@intel.com>
- Remove test code & non-vpp code from coverage report
- Remove driver/hardware vpp code which cannot be tested
in 'make test' from coverage report
Type: fix
Change-Id: I04b50c14bc3437b845f2afafae47297189e61e3f
Signed-off-by: Dave Wallace <dwallacelf@gmail.com>
Move from synchronous flushing of io and ctrl events from transports to
applications to an async model via a new session_input input node that
runs in interrupt mode. Events are coalesced per application worker.
On the one hand, this helps by minimizing message queue locking churn.
And on the other, it opens the possibility for further optimizations of
event message generation, obviates need for rx rescheduling rpcs and is
a first step towards a fully async data/io rx path.
Type: improvement
Signed-off-by: Florin Coras <fcoras@cisco.com>
Change-Id: Id6bebcb65fc9feef8aa02ddf1af6d9ba6f6745ce
Type: improvement
Remove rwlock contention on timestamps. ~10% pps with
10k sessions. Use fixed-size-pools of increasing sizes
starting with 4K, and with a x2 step each time.
We don't free/shrink allocated pools.
Change-Id: I5fea51faba40430106c823275a6356e81709d118
Signed-off-by: Nathan Skrzypczak <nathan.skrzypczak@gmail.com>
This replace the cnat ip4/ip6 to client
lookups previously done with a regular
hash, by a bihash lookup.
Type: improvement
Do the client lookup in a bihash instead of
a hash.
Change-Id: I730c1893525c002b44ada8e290a36802835e88e9
Signed-off-by: Nathan Skrzypczak <nathan.skrzypczak@gmail.com>
This adds a flag on the translation
asking the VIP & input-feature nodes
not to create the return session when
translating / load-balancing an incoming
flow. This is needed with maglev & DSR
Type: feature
Change-Id: I699012310ddc59f6ceeeb4878638eac6da5128dc
Signed-off-by: Nathan Skrzypczak <nathan.skrzypczak@gmail.com>
Maybe some function calls the wrapper funtion like read which invokes
the ldp_init_check in the other libs as a constructor before
ldp_constructor. Then the ldp has been initialized already when
ldp_constructor is invoked. And it's normal case, we shouldn't treat it
as an error.
So ldp_init should return success if ldp is initialized already instead
of an assert.
Type: fix
Change-Id: Ifa2a7b1d5471981a3f840b14a4fa5d48fb1f1374
Signed-off-by: Gao Feng <gfree.wind@outlook.com>
more generic version of clib_sysfs_link_to_name with support for
format strings...
Type: improvement
Change-Id: I0cb263748970378c661415196eb7e08450370677
Signed-off-by: Damjan Marion <damarion@cisco.com>
works with vectors of pointers...
Type: improvement
Change-Id: I530653978fcf981be299cf42a1133be000d74d0c
Signed-off-by: Damjan Marion <damarion@cisco.com>
More conveninet way to unformat file by providing filesystem path.
Takes format string for easier constuction of path...
Type: improvement
Change-Id: I433204fa20dc98e2b11c53914883d047a7fc62c6
Signed-off-by: Damjan Marion <damarion@cisco.com>
When a VCL_STATE_LISTEN_NO_MQ session receives an ACCEPTED message,
but then receives either a RESET or DISCONNECTED message from VPP
before the session is unlistened, the listen session state is
switched to DISCONNECT.
The subsequent CLEANUP message handler attempts to send a reset
reply message to VPP, but since the vpp_evt_q for the listen
session is null, this leads to a crash.
Type: fix
Change-Id: Id7e88dcb16df3eda912b3f763730ec8d8973473a
Signed-off-by: wanghanlin <wanghanlin@corp.netease.com>
This patch removes zero checks for new_addr, new_port
meaning sessions with zero values will rewrite the packet
with a 0 value instead of leaving it in place. This allows
to reduce branchiness in the code, and sessions are fully
resolved at creation time anyway.
This also adds support for checksum offloads:
- IP checksum offload : we always compute the checksum to
avoid issues with drivers. We'll revert this if we realize
cost gets too important.
- TCP/UDP checksum offload : we add the implementation for
pseudo header checksum computation. This is needed for the
drivers that do not re-compute this pseudo-checksum before
the packet is TX-ed (e.g. a few DPDK drivers).
Type: improvement
Change-Id: I6543f3aec8c120ec50f4219108609138283620ef
Signed-off-by: Nathan Skrzypczak <nathan.skrzypczak@gmail.com>
Since gre is a plugin, nsh should not use symbol names directly.
Type: fix
Fixes: cefb178aa487a217d4ac75d7d4fa62db4b7d70fd
Change-Id: I1a1c20740aabdaafd69f507cd71016c3109b0205
Signed-off-by: Benoît Ganne <bganne@cisco.com>
So error logs are displayed on console earlier....
Type: improvement
Change-Id: If31b76c9d06254b0fec5b5b3f4e92a881b4cf786
Signed-off-by: Damjan Marion <damarion@cisco.com>
Avoid explicit manipulation of session state and generate closing event
if need be.
Type: fix
Signed-off-by: Florin Coras <fcoras@cisco.com>
Change-Id: I07cda1db08a2673b27b496ea1371b0dfd8e6f98a
Type: fix
Buffer needs to be rewinded before being passed to punt-dispatch node.
Change-Id: I43d103515d372e425f4c3b08ca1779398f1fced4
Signed-off-by: Sylvain Cadilhac <sylvain.cadilhac@freepro.com>
App transports like TLS can close sessions on tx and consequently
generate new events. That can realloc the event pool.
Type: fix
Signed-off-by: Florin Coras <fcoras@cisco.com>
Change-Id: I58a97502acc1182b3d051ba1aa9e0e98c16f4593
To allow dynamic registration of device classes..."
Change-Id: Ie8435e8c55b7e300be06abe97b653c0c3ce7f732
Type: improvement
Signed-off-by: Damjan Marion <damarion@cisco.com>
Small mistake was made, reported by coverty scan.
Type: fix
Change-Id: I98ca16c0275a94b2def99831f9353d4ff3fe93a9
Signed-off-by: Maxime Peim <mpeim@cisco.com>
The following issues are fixed:
* in responder code: do lookup again as the old pointer could be
invalidated during the cleanup operation
* in initiar code: do the cleanup of session if there're no child SAs or
if there's no response from the responder during initial request (this
can easily happen if the response packet was lost/dropped/etc)
* print the state of ikev2 profile (for easier tshooting)
Type: fix
Change-Id: I853d9851c0cf131696585e3c98fa97e66789badd
Signed-off-by: Stanislav Zaikin <stanislav.zaikin@46labs.com>
It is a function in vlib, so no reason to mention vnet.
Type: fix
Fixes: bf179a91d8d224c64d08643a2bb52580f68ce96b
Change-Id: Ic5f601d94d88b667f7ce44a017a0e1d5b4db5da1
Signed-off-by: Vratko Polak <vrpolak@cisco.com>
The extra format line was added for no reason from patch ff27c9f8e.
Type: fix
Fixes: ff27c9f8e
Change-Id: Ib25149cc8a17c29d0c8a0dbc06f0ea12ca4f328c
Signed-off-by: Steven Luong <sluong@cisco.com>
clang-16 complains about signed one-bit bitfield value changes
from 1 to -1. Use unsigned type instead.
Type: fix
Signed-off-by: Tianyu Li <tianyu.li@arm.com>
Change-Id: I84f8cf314d36183a5e6f544cd756c01d1d10a1a5
In the current implementation there is a bug related to the incorrect
message handling due to the wrong id.
The fix changes logic responsible for handling incoming API messages
by correcting their ids.
Type: fix
Signed-off-by: Gabriel Oginski <gabrielx.oginski@intel.com>
Change-Id: Iea29506053c9fd2e1d01bce83e7f4a6e1de39321
Type: improvement
Support SO_ORIGINAL_DST socket option to get original dst_ip4 and dst_port if nat44 rule enabled.
Change-Id: If00e00d03e48f3b78a23a68f1b078954d79dd0f7
Signed-off-by: qinyang <qiny@yusur.tech>
When _VEC128 instructions are not enabled logic is buggy.
The function always returned 1.
Type: fix
Signed-off-by: Piotr Bronowski <piotrx.bronowski@intel.com>
Change-Id: I603200637e8d65813f4e49ef15d798e74b79b9cf
When msg->msg_controllen is set in recvmsg, the caller wants to receive
additional information about the messages. However, they might not
always be available. In that case, we should clear cmsg since
the caller uses CMSG_NXTHDR which might access uninitialized fields in
cmsg.
Type: fix
Change-Id: Ifdf9634bfcb1427f7ae3812014a46bfd7f4bc473
Signed-off-by: Steven Luong <sluong@cisco.com>
This patch addresses the issue when the list of available interfaces
is not up to date. Due to this issue adding a new route fails
and finally the connection is not established.
Type: fix
Signed-off-by: Gabriel Oginski <gabrielx.oginski@intel.com>
Change-Id: I3a63c0dd99ebc28ea149b4b23867440937682761
This patch addresses the issue where the message ID registration
in the register_event function is incorrect. Due to this incorrect
registration, the lookup for the corresponding callback on received
messages fails, eventually leading to a segmentation fault
and double-free memory space.
Type: fix
Signed-off-by: Gabriel Oginski <gabrielx.oginski@intel.com>
Change-Id: If95182f972f64adb44d514e18c831cc9627d8f0f
In the current implementation there is a bug in the function
responsible for getting software interface index by the name of the
interface. Incorrect function is used to send the API message, also
the handler with replied message is incorrect.
The fix changes function to send dump message and also adds handler
with replied message in the correct way.
Type: fix
Signed-off-by: Gabriel Oginski <gabrielx.oginski@intel.com>
Change-Id: Id1a3ba2ce7e92d216907f344431b9e2acb1d5572
- Move the VPP API Change Process documentation
from the wiki page into the in-tree VPP docs
Type: docs
Change-Id: I42f661618b8632230bebe3aa8fbad455b9a05d01
Signed-off-by: Dave Wallace <dwallacelf@gmail.com>
Type: improvement
There is a mode field in ipip_tunnel_details. The handler for the dump
API does not do anything to populate it so it always contains 0
(TUNNEL_API_MODE_P2P). This is correct for p2p tunnels but is wrong for
multipoint tunnels.
Populate the field with the correct mode.
Signed-off-by: Matthew Smith <mgsmith@netgate.com>
Change-Id: I6c1288a0d3929db0f67100748b5760c36b594f97
Before this fix, the src_ip_sticky flag was passed as an argument to
the lb_node_get_hash function, which computes a hash value for a packet.
However, in per-port-vip case, the value of src_ip_sticky flag may be
different for each port number. As a result, the value is the same for
all port numbers, even though it is a per-port-vip case.
This commit fixes the src_ip_sticky evaluation by delaying it until the
packet is received, so that the correct value is obtained. Also, the
unit test case has been enhanced for this bug fix.
The steps to reproduce this bug are described below:
https://lists.fd.io/g/vpp-dev/message/23248
Type: fix
Fixes: 613e6dc0bf92 ("lb: add source ip based sticky load balancing")
Change-Id: I483492b214a1768e7a21fd86edd5151b3c46528b
Signed-off-by: Nobuhiro MIKI <nmiki@yahoo-corp.jp>
nl_route_add() recently started to use its optional argument to check
whether replace flag is set for the message. When notification messages
are processed, the argument is a pointer to the corresponding message
info. However, when dump replies are processed, the argument is a null
pointer. This leads to null pointer dereference and crash when dump of
routes is processed.
With this fix, check for replace flag only if message info was passed
to nl_route_add(). Otherwise, assume the flag is not set. Dump replies
do not have it set.
Type: fix
Change-Id: Icb04a1146e09cc965b623018c28f91b347be0eab
Signed-off-by: Alexander Chernavin <achernavin@netgate.com>
1) Imports ENCAP_MPLS labels from IPv4/IPv6 routes.
Note that this requires libnl 3.6.0 or newer.
In previous patches, the fib_path_ext_t had a path ID of -1.
After a long investigation, it turned out to be caused by route weight
being set to 0. There is a comment explaining more details.
2) Handles MPLS routes.
MPLS routes were wrongly added as IPv4 routes before.
POP and SWAP are now both supported.
All the routes are installed as NON-EOS and EOS routes,
as the Linux kernel does not differentiate.
EOS POP used in PHP uses the next-hop address family
to determine the resulting address family.
This patch is sufficient for P setups.
PE setups with implicit null should also function okay, as long as a
seperate label gets programmed per address family.
PE setups with explicit null will also forward packets,
but punting is a bit odd and needs MPLS input enabled on the LCP host
device.
3) Propagate MPLS input state to LCP Pair and Linux.
Since the Linux kernel uses the MPLS routes itself,
the LCP pair tap needs MPLS enabled to allow host originated packets.
This also syncs the Linux `net.mpls.conf.<host_if>.input` sysctl to
allow punted packets to have MPLS labels, mostly explicit nulls.
In addition, a special feature is enabled to cross connect MPLS packets
coming from Linux directly to interface-output untouched.
Make sure to enable MPLS/add a table in VPP first and load the
MPLS kernel modules!!
Type: feature
Change-Id: Ie4184bb4cc96905bf8b483a27e7ca6d251697374
Signed-off-by: Adrian Pistol <vifino@posteo.net>
Signed-off-by: Pim van Pelt <pim@ipng.nl>
stats entries /if/names are never deleted as it is a vector of the
sw_if_index value. When the interface is deleted and then created again
later, and if the new interface takes a different sw_if_index, we may
end up with duplicate entries for the same interface name. For example,
the following configuration sequence causes problem
create loopback interface
create loopback interface
delete loopback interface intfc loop0
delete loopback interface intfc loop1
create loopback interface
vpp_get_stats dump /if/names
[0]: local0 /if/names
[1]: loop0 /if/names
[2]: loop0 /if/names
The fix is to set the delete /if/names entry to deleted when the interface is deleted.
Type: fix
Change-Id: I7d811b12d56e3cf8c7deffe14736ea0f24814d02
Signed-off-by: Steven Luong <sluong@cisco.com>
clang-16 complains about signed one-bit bitfield value
changes from 1 to -1. Use unsigned type instead.
Type: fix
Signed-off-by: Tianyu Li <tianyu.li@arm.com>
Change-Id: Iab006c036d4068af2fe3caaefc871a95b26cc578
List of changed messages:
- lcp_itf_pair_add_del
- lcp_itf_pair_add_del_reply
- lcp_itf_pair_add_del_v2
- lcp_itf_pair_add_del_v2_reply
This change is part of VPP API cleanup initiative.
Type: fix
Signed-off-by: Ondrej Fabry <ofabry@cisco.com>
Change-Id: Ic20a852dd1fb27858c8776095f9c98757b89bfe8
List of changed messages:
- ip_punt_redirect_dump
- ip_punt_redirect_details
This change is part of VPP API cleanup initiative.
Type: fix
Signed-off-by: Ondrej Fabry <ofabry@cisco.com>
Change-Id: Icf91f760b9bd328110b0f9fc2e421bb954033d21
List of changed messages:
- memif_socket_filename_add_del
- memif_socket_filename_add_del_reply
- memif_create
- memif_create_reply
This change is part of VPP API cleanup initiative.
Type: fix
Signed-off-by: Ondrej Fabry <ofabry@cisco.com>
Change-Id: Id334990584b64a0efa3c28a3d8b6b641adab8c09
List of changed messages:
- memclnt_create
- memclnt_create_reply
This change is part of VPP API cleanup initiative.
Type: fix
Signed-off-by: Ondrej Fabry <ofabry@cisco.com>
Change-Id: I0031cc2f1604ca4c34574c8e1ee28e358c2bbe5d
List of changed messages:
- pg_create_interface
- pg_create_interface_reply
This change is part of VPP API cleanup initiative.
Type: fix
Signed-off-by: Ondrej Fabry <ofabry@cisco.com>
Change-Id: I574927f0820c54d748f27fd96a45afec5243b645
List of changed messages:
- sr_policies_dump
This change is part of VPP API cleanup initiative.
Type: fix
Signed-off-by: Ondrej Fabry <ofabry@cisco.com>
Change-Id: I16ae1bed83ad8c73e3254b6d195251702de84f97
List of changed messages:
- ipsec_sad_entry_add_del_v2
- ipsec_sad_entry_add_del_v2_reply
- ipsec_sa_v2_dump
- ipsec_sa_v2_details
This change is part of VPP API cleanup initiative.
Type: fix
Signed-off-by: Ondrej Fabry <ofabry@cisco.com>
Change-Id: I8fd6906e9684ef7ebc0688dc8b0637ae2dc8d0a2
This patch introduces sw_ring to the crypto op data path implementation,
so that raw data path and crypto op data path use same mechanism of processing
async frames. Crypto op ring has been removed from the implementation.
Type: improvement
Signed-off-by: Piotr Bronowski <piotrx.bronowski@intel.com>
Change-Id: Id823f80a88cfa0ff40252616a36de8bb044c7f45
When vlib buffer is processed on vnet side its length is corrected by
cipher padding and icv_sz. These changes need to be reflected in
the mbuf internals.
Type: fix
Signed-off-by: Piotr Bronowski <piotrx.bronowski@intel.com>
Change-Id: I0aa03f67f556dfc8f9a577ca1967210527221e02
There is an API call to change neighbor database configuration (i.e.
limit on peer number, aging, and recycling). With this change, make
getting current values of these settings available via the API.
Type: improvement
Change-Id: Ie9394e086b68cf9b28ad98dea162f203f8043cbb
Signed-off-by: Alexander Chernavin <achernavin@netgate.com>
List of changed messages:
- af_packet_create
- af_packet_create_reply
- af_packet_create_v2
- af_packet_create_v2_reply
This change is part of VPP API cleanup initiative.
Type: fix
Signed-off-by: Ondrej Fabry <ofabry@cisco.com>
Change-Id: Ia065c3bbc2c7923de64f47417099aea1aa1216b1
List of changed messages:
- tap_create_v2
- tap_create_v2_reply
This change is part of VPP API cleanup initiative.
Type: fix
Signed-off-by: Ondrej Fabry <ofabry@cisco.com>
Change-Id: I7b1b22cc4a0e31f5c19fe48e7a0f30631576f9df
List of changed messages:
- vxlan_add_del_tunnel
- vxlan_add_del_tunnel_v2
- vxlan_add_del_tunnel_reply
- vxlan_add_del_tunnel_v2_reply
- vxlan_tunnel_dump
- vxlan_tunnel_details
This change is part of VPP API cleanup initiative.
Type: fix
Signed-off-by: Ondrej Fabry <ofabry@cisco.com>
Change-Id: I0a7227e76a493731fd136f8e6310ad372fab2494
Namespace keyword is reverved c++ word, so it's not possible to include
vapi header for af_xdp plugin and use it.
Type: fix
Signed-off-by: Stanislav Zaikin <stanislav.zaikin@46labs.com>
Change-Id: I42a0e0a89ff2c407090d3c18c1bc5a5605ddf032
If a frame should be sent to 'ethernet-input' set the
ETH_INPUT_FRAME_F_SINGLE_SW_IF_IDX flag. It will force 'ethernet-input'
to use a fast-path for such frames.
This patch also aligns the behaviour with other input nodes.
Type: improvement
Change-Id: Icff0fa31204d5304a2ea0a4f4e7bc418dedbfe32
Signed-off-by: Stanislav Zaikin <zstaseg@gmail.com>
An SA is normally bound to the first thread using it. However, one
could want to manually bind an SA to a specific worker.
Type: improvement
Signed-off-by: Maxime Peim <mpeim@cisco.com>
Change-Id: I05cbbf753e44a01d9964ee47812c964db9bbb488
- Updated/rebased version of https://gerrit.fd.io/r/c/vpp/+/34199
Type: test
Change-Id: I43913ecfd11a4578bdb10c4be76253fe38d57976
Signed-off-by: Nathan Skrzypczak <nathan.skrzypczak@gmail.com>
Signed-off-by: Dave Wallace <dwallacelf@gmail.com>
Packet-generator does not support TCP options.
Along with its support, a formatting function has been added.
Further work will be needed to update header formatting functions
to take into account TCP connection options. For now, TCP options
are taken on a per-packet basis.
Type: improvement
Change-Id: Id800887853c4941d893be353ce6d8624ed8bbc5d
Signed-off-by: Maxime Peim <mpeim@cisco.com>
cdf73b973181ff4c67147900408216e37bae897a has added the qemu tests as part of the default test run,
which results in "make test" failure in more restricted environments which do not allow the
namespace creation.
Add a config flag to skip those tests, and skip them if the namespace creation fails.
Type: test
Signed-off-by: Andrew Yourtchenko <ayourtch@gmail.com>
Change-Id: Ie631f7fb2a80864f77c79619eba4a43712e950e5
Make sure half-open sessions are marked as transport closed once
connected notification is provided. This ensures that if they've been
scheduled for tx, the event is ignored.
Type: fix
Signed-off-by: Florin Coras <fcoras@cisco.com>
Change-Id: I8c44584e843d93365ec737ae4e1bcb74eba35506
This rework tries to address issues found on SPR QAT, for traffic
reaching max possible throughoutput for single QAT PF packet drops were
observed.
Fix changes enq/deq scheme by utilizing software ring in enq call from
VNET but enq and deq to QAT happens only in deq callback function what
should enable better utlization of hardware resources.
Type: improvement
Signed-off-by: Dastin Wilski <dastin.wilski@gmail.com>
Signed-off-by: Piotr Bronowski <piotrx.bronowski@intel.com>
Change-Id: I2e8c473d20a269fd5e93f0c8d1f8c8aa193712bd
The af_xdp plugin does not support chained buffers; attempting to send
chain buffers will result truncated packets or even send other packet's
data. As a workaround, turn any buffer chain into a single buffer before
tx.
Type: fix
Change-Id: I05dec912455eb2bb6c8122a28cd646f88983aa9a
Signed-off-by: Shmuel Hazan <shmuel.h@siklu.com>
This patch introduces sw_ring. This ring is used in next set of patchas
and plays role of a buffer for QAT, allowing collecting frame elements
in case QAT queue is fully utilized, and assembling frame
from QAT dequeued elements.
Type: improvement
Signed-off-by: Piotr Bronowski <piotrx.bronowski@intel.com>
Signed-off-by: Dastin Wilski <dastin.wilski@gmail.com>
Change-Id: I20718e200986ab4dba5cbc31c05a904072a6981a
Make sure the same frame is not used for multiple interfaces, otherwise it breaks the ETH_INPUT_FRAME_F_SINGLE_SW_IF_IDX promise.
Type: fix
Signed-off-by: Artem Glazychev <artem.glazychev@xored.com>
Change-Id: I02546259ceaea36f65cb9f78b9b3ee45ed4075c9
TCP nodes consume the buffers so they have no nexts. To avoid long drop
path through vlib graph, add drop node.
Type: improvement
Signed-off-by: Florin Coras <fcoras@cisco.com>
Change-Id: Ibe6e075e83612ed16270934398c6a013f236ae35
AF_XDP socket will only tx enqueued packets up to a max batch size so
we need to retry until everything has been sent.
Type: fix
Change-Id: Ia487ab63d3e85a478471cd1d679c5fb471804ba3
Signed-off-by: Benoît Ganne <bganne@cisco.com>
The async frames pool may be resized once drained. This will cause 2 problems: original pool pointer is invalidated and pool size changed, both problems will confuse the crypto infra user graph nodes (like IPsec and Wireguard) and crypto engines if they expect the pool pointers always valid and the pool size never changed (for performance reason).
This patch introduces fixed size of the async frames pool. This helps zeroing surprise to the components shown above and avoiding segmentation fault when pool resizing happened. In addition, the crypto engine may take advantage of the feature to sync its own pool/vector with crypto infra.
Type: improvement
Signed-off-by: Gabriel Oginski <gabrielx.oginski@intel.com>
Signed-off-by: Piotr Bronowski <piotrx.bronowski@intel.com>
Change-Id: I2a71783b90149fa376848b9c4f84ce8c6c034bef
Otherwise, we will get an error. The program could remain from the previous run.
Type: fix
Signed-off-by: Artem Glazychev <artem.glazychev@xored.com>
Change-Id: I68e4072bd3b327592013804d67ccab7eb0ed3a0e
SVM_FIFO_WANT_DEQ_NOTIF_IF_FULL should be treated as a
config option that is not frequently changed. Or alternatively, it
should be set together with SVM_FIFO_WANT_DEQ_NOTIF to elicit a one time
tx notification.
Type: fix
Signed-off-by: Florin Coras <fcoras@cisco.com>
Change-Id: Ie4132c7789ee87227a875ff981eb98f9f4d898a9
- do not allocate port sparse vector when only checking if a port is
already in use
- do not display port that have been unregistered by default
Type: improvement
Change-Id: I6cc94e35806dd8d415cd5d1c1c51e6b066ac26a1
Signed-off-by: Benoît Ganne <bganne@cisco.com>
Linux uses NLM_F_REPLACE in the netlink message to signal a FIB update
The code invariably does a FIB update for IPv4 and a addition for IPv6.
Without this fix, the following:
ip route add 2001:db8::/48 via 2001:db8::1
ip route replace 2001:db8::/48 via 2001:db8::2
ends up as two separate FIB entries in VPP. With the fix, there will be one FIB entry (the second one with nexthop ::2).
Type: fix
Change-Id: I8f98d6ded52ae0c60bfddaa7fc39acbbaa19d34a
Signed-off-by: Pim van Pelt <pim@ipng.nl>
Type: feature
With this change, packets that are larger than a single buffer can fit
will be able to be sent and received over a Wireguard tunnel. Also,
cover this with tests.
Signed-off-by: Alexander Chernavin <achernavin@netgate.com>
Change-Id: Ifaf7325676d728580097bc389b51a9be39e44d88
List of changed messages:
- nat44_add_del_static_mapping
- nat44_user_session_dump
- nat44_user_session_details
- nat44_user_session_v2_dump
- nat44_user_session_v2_details
This change is part of VPP API cleanup initiative.
Type: fix
Signed-off-by: Ondrej Fabry <ofabry@cisco.com>
Change-Id: I317ae93a0e763c3759a8c24fd550e1c97f6f4987
This patch can make crypto dispatch node adaptively switching
between pooling and interrupt mode, and improve vpp overall
performance.
Type: improvement
Signed-off-by: Xiaoming Jiang <jiangxiaoming@outlook.com>
Change-Id: I845ed1d29ba9f3c507ea95a337f6dca7f8d6e24e
In some cases, in the trace dump v2 dump function, we iterate over the
client cache even though this one could be empty.
Type: fix
Change-Id: Ice5cefa25bb93dabe86fe565347cdc32faa674ac
Signed-off-by: Maxime Peim <mpeim@cisco.com>
Type: test
This application creates two memif interfaces which connect
to an external application i.e. VPP.
Usage:
1) Start VPP with following config.
create interface memif id 0 master
create interface memif id 1 master
set int state memif0/0 up
set int state memif0/1 up
create packet-generator interface pg0
set int state pg0 up
create packet-generator interface pg1
set int state pg1 up
set int l2 xconn pg0 memif0/0
set int l2 xconn memif0/0 pg0
set int l2 xconn pg1 memif0/1
set int l2 xconn memif0/1 pg1
packet-generator new { \
name memif \
limit -1 \
node ethernet-input \
size 64-64 \
interface pg0 \
worker 0 \
data { \
IP4: 42:01:0a:00:00:0a -> 02:fe:4b:6e:4d:c1 \
UDP: 172.16.2.2 -> 172.16.0.2 \
UDP: 1234 -> 1234 \
length 30 checksum 0 incrementing 1 \
} \
}
2) Compile and Run the test_app in another terminal.
mkdir -p extras/libmemif/build
cd extras/libmemif/build
cmake ..
make
sudo ./examples/test_app
3) Run in VPP cli
vpp# packet enable
4) Run monitor to see the throughput and pps
vpp# monitor interface memif0/0
Or
vpp# monitor interface memif0/1
Signed-off-by: Mohsin Kazmi <sykazmi@cisco.com>
Change-Id: I4b9062fca8ad3020225adb7b1b09e5d66b1a7d48
The plugin creates and manages adjacencies for the physical interface in
each interface pair (they are part of the x-connect feature). When a
link update notification is received from the host system, MAC address
of the corresponding physical interface is updated (as needed) as well
as previously created adjacencies for it (because a new rewrite string
needs to be generated).
Subinterfaces inherit MAC address from the parent interface. When MAC
address of the parent interface changes, it also implies MAC address
change for its subinterfaces. The problem is that this is currently not
considered in the plugin. After MAC address update on the parent
interface, packets sent from subinterfaces might have wrong source MAC
address. For example, IPv6 Neighbor Solicitation messages will be sent
with the wrong (previous) MAC address and neighbor discovery will fail.
With this fix, when the plugin updates adjacencies for a physical
interface, it will also update adjacencies for the subinterfaces with
existing interface pair.
Type: fix
Change-Id: Ia5f617197e33cb79b9b025c02c2c126c31a551ec
Signed-off-by: Alexander Chernavin <achernavin@netgate.com>
@ -33,7 +33,7 @@ Delete all the generated files with the following:
View the results
----------------
If there are no errors during the build process, you should now have an ``index.html`` file in your ``vpp/docs/_build/html`` directory, which you can then view in your browser.
If there are no errors during the build process, you should now have an ``index.html`` file in your ``vpp/build-root/docs/html`` directory, which you can then view in your browser.
Whenever you make changes to your ``.rst`` files that you want to see, repeat this build process.
# adj-fibs due to the fact the the BVI address has /32 and
# the subnet is not attached.
#
for(ip,fip)inzip(ep.ips,ep.fips):
forip,fipinzip(ep.ips,ep.fips):
# Add static mappings for each EP from the 10/8 to 11/8 network
ifip_address(ip).version==4:
flags=self.nat_config_flags.NAT_IS_ADDR_ONLY
Some files were not shown because too many files have changed in this diff
Show More
Reference in New Issue
Block a user
Blocking a user prevents them from interacting with repositories, such as opening or commenting on pull requests or issues. Learn more about blocking a user.
