aboutsummaryrefslogtreecommitdiffstats
AgeCommit message (Collapse)AuthorFilesLines
2018-02-16Allow providers to override glean behaviourNeale Ranns12-78/+186
and update glean address on local interface MAC change Change-Id: I530826d60c7e9db2b0fa2d45754139d82c5ea807 Signed-off-by: Neale Ranns <neale.ranns@cisco.com>
2018-02-16Minor VXLAN/GRE Tunnel Encap Optimization and CleanupJohn Lo4-37/+53
Change-Id: I62a2a6524b72115a4239fbd7dc9ac8fdc35e20ed Signed-off-by: John Lo <loj@cisco.com>
2018-02-16Add iperf VM/vhost creationJohn DeNisco12-19/+452
Change-Id: I27a59203f406120558f73bfcc12dca8835ae6361 Signed-off-by: John DeNisco <jdenisco@cisco.com>
2018-02-16VPP modified some state checking logicKeith Burns (alagalah)1-72/+72
Change-Id: I5daff79a31f2db33ed55edd54ce043a61f6c6209 Signed-off-by: Keith Burns (alagalah) <alagalah@gmail.com>
2018-02-15session: fix fifo allocation for empty connect seg-managersFlorin Coras1-1/+0
Change-Id: Ibc5b1149f3fbbe3dfe1f069ab69bfed7de660582 Signed-off-by: Florin Coras <fcoras@cisco.com>
2018-02-15Revert "Allow interface types to override glean adjacency behaivour"Ole Trøan12-164/+77
This reverts commit 8b30e471df4d42214619e1d6c50cc8298426b45f. Change-Id: I99edb236eb0a7f8ba3fba333c3481a710ebcb59c Signed-off-by: Ole Troan <ot@cisco.com>
2018-02-15Revert "Adj: VFTs for adjacency sub-blocks"Ole Trøan5-74/+29
This reverts commit a44b015aa012d3b07ed873925d47c6d5955b7dd2. Change-Id: I2d76bc0844f58e5ddf3f3a4326b86076f46e3751 Signed-off-by: Ole Troan <ot@cisco.com>
2018-02-15Adj: VFTs for adjacency sub-blocksOle Troan5-29/+74
Change-Id: I19390f87343bacea84b49fc5d08af38875fdafdd Signed-off-by: Ole Troan <ot@cisco.com>
2018-02-15VOM: Fix broken MakefileMohsin Kazmi1-1/+1
Typo mistake broken the makefile which results in missing vom headers in system. Change-Id: Ic2e5f742f0e38140559138b4aa7564f8c25b73e4 Signed-off-by: Mohsin Kazmi <sykazmi@cisco.com>
2018-02-15SCTP: coverity warning fixMarco Varlese1-1/+5
Change-Id: I1f8a325eac2a9e2c825996f04026ae86259a7ddd Signed-off-by: Marco Varlese <marco.varlese@suse.com>
2018-02-15Allow interface types to override glean adjacency behaivourNeale Ranns12-77/+164
update the glean adj on a local interface MAC change Change-Id: Ia5c5cde424ed0fea3431532cc5abf22b364bbab5 Signed-off-by: Neale Ranns <nranns@cisco.com>
2018-02-15dpdk: add support for DPDK 18.02, deprecate 17.08Damjan Marion5-72/+5
17.11 is still default. Change-Id: I524d232579db8a59c717c5d760398b6b7f811d03 Signed-off-by: Damjan Marion <damarion@cisco.com>
2018-02-15Optimize GRE Tunnel and add support for ERSPAN encapJohn Lo16-371/+756
Change GRE tunnel to use the interface type where the same encap node is used as output node for all GRE tunnels, instead of having dedicated output and tx node for each tunnel. This allows for more efficient tunnel creation and deletion at scale tested at 1000's of GRE tunnels. Add support for ERSPAN encap as another tunnel type, in addition to the existing L3 and TEB types. The GRE ERSPAN encap supported is type 2 thus GRE encap need to include sequence number and GRE- ERSPAN tunnel can be created with user secified ERSPAN session ID. The GRE tunnel lookup hash key is updated to inclue tunnel type and session ID, in addition to SIP/DIP and FIB index. Thus, GRE-ERSPAN tunnel can be created, with the appropriate session ID, to be used as output interface for SPAN config to send mirrored packets. Change interface naming so that all GRE tunnels, irrespective of tunnel type, uses "greN" where N is the instance number. Removed interface reuse on tunnel creation and deletion to enable unfied tunnel interface name. Add support of user specified instance on GRE tunnel creation. Thus, N in the "greN" interface name can optionally be specified by user via CLI/API. Optimize GRE tunnel encap DPO stacking to bypass load-balance DPO node since packet output on GRE tunnel always belong to the same flow after 5-tupple hash. Change-Id: Ifa83915744a1a88045c998604777cc3583f4da52 Signed-off-by: John Lo <loj@cisco.com>
2018-02-15session: avoid session handle conflict with vclFlorin Coras6-13/+63
Change-Id: I7f5a3b8d92ef07d60315bab6e560eba49ea07249 Signed-off-by: Florin Coras <fcoras@cisco.com>
2018-02-15SCTP: fix corrupted buffers seen in output nodeMarco Varlese4-44/+62
The issue observed in the output-node was actually caused by one of the input-node pushing buffers to the output node when not required. That is the case with the parsing/handling of incoming packets like the COOKIE_ACK, HEARTBEAT_ACK, DATA, SACK which do not require a response to be sent to the other peer. In all the mentioned cases the packets (buffers) need to be consumed and dropped instead of heading to the output-node. Change-Id: I3dcbe5de1cedb2ab8b06fff4364749b525cc7ac6 Signed-off-by: Marco Varlese <marco.varlese@suse.com>
2018-02-15SCTP: refactoringMarco Varlese4-129/+97
This patch takes care of some refactoring, including the initialization of the timestamp to calculate the RTO, the output state-machine validation which can be enabled (disabled by default) when debugging and some clean-up of unused fields. It also addresses the requirement of Karn's algorithm when computing the RTO. Change-Id: I6b875152369bff23cad085708cec1f7e1151cfa8 Signed-off-by: Marco Varlese <marco.varlese@suse.com>
2018-02-14Reenable dhcp client detect when lease expiresDave Barach1-1/+50
We disable the client detect feature when we bind a DHCP address. Turn it back on again when the lease expires. Otherwise, if the DHCP server replies after an outage, we'll never see the reply. Add dhcp packet tx counters, by packet type Change-Id: Id54b05647d5d7bd8d3ab99e6584ee86d9e4ff7f9 Signed-off-by: Dave Barach <dave@barachs.net>
2018-02-14session: support local sessions and deprecate redirectsFlorin Coras24-496/+1280
Memfd backed shared memory segments can only be negotiated over sockets. For such scenarios, the existing redirect mechanism that establishes cut-through sessions does not work anymore as the two peer application do not share such a socket. This patch adds support for local sessions, as opposed to sessions backed by a transport connection, in a way that is almost transparent to the two applications by reusing the existing binary api messages. Moreover, all segment allocations are now entirely done through the segment manager valloc, so segment overlaps due to independent allocations previously required for redirects are completely avoided. The one notable characteristic of local sessions (cut-through from app perspective) notification messages is that they carry pointers to two event queues, one for each app peer, instead of one. For transport-backed sessions one of the queues can be inferred but for local session they cannot. Change-Id: Ia443fb63e2d9d8e43490275062a708f039038175 Signed-off-by: Florin Coras <fcoras@cisco.com>
2018-02-14VOM: build with plugins disabledNeale Ranns5-34/+83
Change-Id: I1384d16deb3fa38b988dd2fc98f436124e381536 Signed-off-by: Neale Ranns <neale.ranns@cisco.com>
2018-02-14vppinfra: Remove empty fileMohsin Kazmi1-0/+0
Change-Id: I3908cc112b40d4bb52da18e7c3ac5ae0af455f87 Signed-off-by: Mohsin Kazmi <sykazmi@cisco.com>
2018-02-14make-test: use api custom-dump to reduce log size.Dave Wallace2-2/+8
- Reduce log size by using "api trace custom-dump" instead of "api trace dump". - Fix custom-dump output of cli_inband_t api message to include cli command being executed. New output: DBGvpp# api trace custom-dump /tmp/test vl_api_memclnt_delete_t: index: 2 handle: 0x301d8e10 SCRIPT: memclnt_create name vpp_api_test SCRIPT: sw_interface_dump all SCRIPT: control_ping SCRIPT: exec show run Old output: DBGvpp# api trace dump /tmp/test ---------- trace 0 ----------- vl_api_memclnt_delete_t: index: 33554432 handle: 0x108e1d3000000000 ---------- trace 1 ----------- vl_api_memclnt_create_t: name: vpp_api_test input_queue: 0x808e1d3000000000 context: 0 ctx_quota: 0 ---------- trace 2 ----------- vl_api_sw_interface_dump_t: _vl_msg_id: 61 client_index: 33554432 context: 0 name_filter_valid: 0 ---------- trace 3 ----------- vl_api_control_ping_t: _vl_msg_id: 712 client_index: 33554432 context: 0 ---------- trace 4 ----------- vl_api_cli_inband_t: _vl_msg_id: 715 client_index: 33554432 context: 0 length: 9 Change-Id: If740c861649a3a59b8cc7a777c23c3cf94b8ff87 Signed-off-by: Dave Wallace <dwallacelf@gmail.com>
2018-02-14NAT44 out2in DHCP client next nodeMatthew Smith1-8/+24
Call vnet_feature_next() for DHCP replies instead of using default ip4-lookup. This allows DHCP replies to reach an outside interface if it's configured as a DHCP client. Change-Id: Icce1cd68b21256fcd6b1fad6792c06578b0e4e36 Signed-off-by: Matthew Smith <mgsmith@netgate.com>
2018-02-14vxlan:remove interface recycle mechanismEyal Bari2-69/+11
vxlan interfaces no longer create tx nodes and are "cheap" to create and delete Change-Id: I7628d8ce86ec88609ed08162c94f5bc95df0d9f4 Signed-off-by: Eyal Bari <ebari@cisco.com>
2018-02-14NAT44: run NAT nodes after ACL (VPP-1160)Matus Fabian1-15/+15
NAT input features run after acl-plugin-in-ip4-fa NAT output features run after acl-plugin-out-ip4-fa Change-Id: I1e4487a0d6fdb99a90b8db640d9ad0e0eb7347a5 Signed-off-by: Matus Fabian <matfabia@cisco.com>
2018-02-13vnet:remove duplicate interface function macroEyal Bari1-15/+3
Change-Id: I0ee18df69d5fe833c746d0d1e14aac14338a6e42 Signed-off-by: Eyal Bari <ebari@cisco.com>
2018-02-13BFD: make CLI consume only one line at a timeKlement Sekera1-26/+78
This makes it possible to add BFD commands to scripts executed via `exec' CLI. Change-Id: Id0ed6c09baee6f8ac9ff183d305a470f55a1f885 Signed-off-by: Klement Sekera <ksekera@cisco.com>
2018-02-13VOM: ACL: Add Object Model for acl ethertypeMohsin Kazmi8-0/+763
Change-Id: I2b572ebd4b7bb26381f127912a4cc0825c04fc34 Signed-off-by: Mohsin Kazmi <sykazmi@cisco.com>
2018-02-12Fix the order of RFC2685 fields in the output.Igor Mikhailov (imichail)1-2/+2
Also, output VSS info with names according to RFC6607 (3.5). Change-Id: I27a383515aca1a74dced2363a0c407b2791e5f05 Signed-off-by: Igor Mikhailov (imichail) <imichail@cisco.com>
2018-02-12Fix DHCP client crash with worker threadsMatthew Smith3-51/+56
Crash occurring With a worker thread configured and dhcp client active on an interface. When a DHCP reply packet is received, call to ethernet_get_main() from dhcp_proxy_to_client_input() was causing a crash. Replaced with a call to vnet_get_ethernet_main(). Once that was resolved, calling dhcp_client_acquire_address() from a worker thread also caused a crash. Changed so the main thread will do the address/route configuration. Change-Id: Ib23984787102dea8cf6cfcde86188a751f15c1e1 Signed-off-by: Matthew Smith <mgsmith@netgate.com>
2018-02-12SCTP: fix build errors on ubuntu bionicMarco Varlese1-4/+2
Change-Id: I070771794be92fd9a6e800ca0022e52d592cd1a4 Signed-off-by: Marco Varlese <marco.varlese@suse.com>
2018-02-12Improve MTU handlingNeale Ranns11-28/+142
- setting MTU on an interface updates the L3 max bytes too - value cached in the adjacency is also updated - MTU exceeded generates ICMP to sender Change-Id: I343ec71d8e903b529594c4bd0543f04bc7f370b3 Signed-off-by: Neale Ranns <neale.ranns@cisco.com>
2018-02-12dpdk:fix trace to follow feature arcEyal Bari3-87/+66
Change-Id: Icd2184dec16d30cdcc689ca37c834b5df2f0a1a3 Signed-off-by: Eyal Bari <ebari@cisco.com>
2018-02-09vppapigen: simplify JSON format for servicesMarek Gradzki1-2/+2
Use "services": { "foo_request": { "reply": "foo_request_reply" }, "foo_dump": { "reply": "foo_details", "stream": true } }, instead of: "services": [ { "foo_request": { "reply": "foo_request_reply" } }, { "foo_dump": { "reply": "foo_details", "stream": true } } ], Change-Id: I1d8e6bb4d41541b7f7f63242935f2ed4467fc52b Signed-off-by: Marek Gradzki <mgradzki@cisco.com>
2018-02-09LD_PRELOAD: Refactor nomenclature (vcom -> ldp).Dave Wallace6-432/+432
Change-Id: Id3891fe2873b631f8f69c1ca2905968130678561 Signed-off-by: Dave Wallace <dwallacelf@gmail.com>
2018-02-09acl-plugin: Stale classify table after deleting macip ACLSteve Shin1-0/+22
Classify table for output node should be cleaned up after deleting macip ACL. Change-Id: Ibbc46c8465bec02fe6fa6a8d33a1f06bcf28e9ad Signed-off-by: Steve Shin <jonshin@cisco.com>
2018-02-09GBP pluginNeale Ranns23-3/+3102
Group Base Policy (GBP) defines: - endpoints: typically a VM or container that is connected to the virtual switch/router (i.e. to VPP) - endpoint-group: (EPG) a collection of endpoints - policy: rules determining which traffic can pass between EPGs a.k.a a 'contract' Here, policy is implemented via an ACL. EPG classification for transit packets is determined by: - source EPG: from the packet's input interface - destination EPG: from the packet's destination IP address. Change-Id: I7b983844826b5fc3d49e21353ebda9df9b224e25 Signed-off-by: Neale Ranns <neale.ranns@cisco.com>
2018-02-09ip4_forward: set pkt error in case potential memory corruptChun Li1-0/+2
Change-Id: Ib9eb65d2ba166f5883a8ce8d37298c696113f2be Signed-off-by: Chun Li <chunl2@cisco.com>
2018-02-09memif: fix crash caused by zero pkt len in memif and clear dirty cache while ↵Chun Li5-12/+102
interface reconnect. Change-Id: Ifc7eb2494a22c334d8899422545fca1a4bba4d05 Signed-off-by: Chun Li <chunl2@cisco.com>
2018-02-08classifier-based ACL: testcases for L2 ACLs + fix the enabling of outbound ↵Andrew Yourtchenko2-3/+639
L2 ACL There was no test coverage for the L2 ACL (other than indirect by means of ACL plugin tests), so the enabling of the outbound ACL got fumbled throughout the revisions of the refactoring. Fix both issues - the error and the lack of test coverage for L2 ACL. Change-Id: Ib7f42780ef84b4a4f70bd88d7319aeeda866cf06 Signed-off-by: Andrew Yourtchenko <ayourtch@gmail.com>
2018-02-08Geneve - reduce unit-test run timeGabriel Ganne1-2/+2
Reduce the number of tunnels created/destroyed to reduce the load of the tests without changing the code covered. These are functional tests, not performance tests. This reduced the test time down to 10s from 4 minutes on my machine. Change-Id: Ifcaddc0b0628a21392c5cb247196f56bc28a53a2 Signed-off-by: Gabriel Ganne <gabriel.ganne@enea.com>
2018-02-08virtio: reset vnet header on txDamjan Marion1-0/+3
Change-Id: Ib04a8787038fb536470a04d99fdc165102edfb5a Signed-off-by: Damjan Marion <damarion@cisco.com>
2018-02-08vhostuser: Fix vhostuser file descriptor leakHaiyang Tan1-4/+13
In the case that vhostuser server accepted more than one client connection, 'vui->clib_file_index' will be overwritten directly without release the possible existed resource, so file descriptor leak occurs Change-Id: I89d08133dae31a12a815df2631334dbf0aefeb1e Signed-off-by: Haiyang Tan <haiyang.tan.dev@gmail.com>
2018-02-08add CLIB_HAVE_VEC128 with NEON intrinsics (VPP-1127)Gabriel Ganne3-9/+65
Enable CLIB_HAVE_VEC128 if both aarch64 and __ARM_NEON ie. armv8 only, not armv7 Add more neon compare intrinsics wrappers. I only add simple intrinsics wrappers. More complex ones can be added later as they are needed, with performance tests on the corresponding feature to back them up. Remove wrongly added 128bits definitions defined on both armv7 and armv8 without concern for NEON instructions presence. Notable correspondinf code activations: * MHEAP_FLAG_SMALL_OBJECT_CACHE in mheap.c * ip4 fib mtrie leaves access * enable ixge plugin compilation for aarch64 (conf still disables it by default) Change-Id: I99953823627bdff6f222d232c78aa7b655aaf77a Signed-off-by: Gabriel Ganne <gabriel.ganne@enea.com>
2018-02-08acl-plugin: add whitelisted ethertype mode (VPP-1163)Andrew Yourtchenko7-12/+411
Currently, ACL plugin largely does not care about the ethertypes other than 0x0800 (IPv4) and 0x86dd (IPv6), the only exception being 0x0806 (ARP), which is dealt with by the MACIP ACLs. The other ethertypes in L2 mode are just let through. This adds a new API message acl_interface_set_etype_whitelist, which allows to flip the mode of a given interface into "ethertype whitelist mode": the caller of this message must supply the two lists (inbound and outbound) of the ethertypes that are to be permitted, the rest of the ethertypes are dropped. The whitelisting for a given interface and direction takes effect only when a policy ACL is also applied. This operates on the same classifier node as the one used for dispatching the policy ACL, thus, if one wishes for most of the reasonable IPv4 deployments to continue to operate within the whitelist mode, they must permit ARP ethertype (0x0806) The empty list for a given direction resets the processing to allow the unknown ethertypes. So, if one wants to just permit the IPv4 and IPv6 and nothing else, one can add their ethertypes to the whitelist. Add the "show acl-plugin interface" corresponding outputs about the whitelists, vat command, and unittests. Change-Id: I4659978c801f36d554b6615e56e424b77876662c Signed-off-by: Andrew Yourtchenko <ayourtch@gmail.com>
2018-02-08SCTP: shutdown phaseMarco Varlese3-67/+92
This patch addresses some bugs discovered with the shutdown phase which were causing the actual chunks not to leave the output_node. While fixing the issue some minor refactoring was also performed to align the internal functions to a 'common' design. Change-Id: Ieac4f6e78cffad2e6982536f8e9f190a66f328f7 Signed-off-by: Marco Varlese <marco.varlese@suse.com>
2018-02-08VCL: remove vrf from vppcom api.Dave Wallace5-36/+14
Change-Id: I6d91c8051de786fb8781cd0750ea9c350036b306 Signed-off-by: Dave Wallace <dwallacelf@gmail.com>
2018-02-08Minimize bihash memory consumptionDave Barach3-118/+207
Reference-count the number of entries in each bucket. If the reference count goes to zero, free the backing store. Add long-term churn-testing to test_bihash_template.c, thanks to Andrew Yourtchenko for the initial implementation. Change-Id: I4fbd9229cacfaba8027a85cbf87b74afdead6e39 Signed-off-by: Dave Barach <dave@barachs.net>
2018-02-08acl-plugin: VPP-1088: add support for egress filter in macip ACLsAndrew Yourtchenko2-16/+244
This is the second patch, using the new functionality from the change 10002 in order to implement the egress filtering on the MACIP ACLs. This adds an action "2" which means "add also egress filtering rules for this MACIP ACL. The reason for having the two choices is that the egress filtering really takes care of a fairly corner case scenario, and I am not convinced that always adding the performance cost of the egress lookup check is worth it. Also, of course, not breaking the existing implementations is a nice plus, too. Change-Id: I3d7883ed45b1cdf98d7303771bcc75951dff38f0 Signed-off-by: Andrew Yourtchenko <ayourtch@gmail.com>
2018-02-08acl-plugin: an elog-based tracing implementation for troubleshooting the ↵Andrew Yourtchenko5-32/+156
conn cleaner threads interactions This replaces some of the early-stage commented-out printf()s with an elog-based debug collector. It is aimed to be "better than nothing" initial implementation to be available in the field. It will be refined/updated based on use. This initial code is focused on the main/worker threads interactions, hence uses just the worker tracks. This code adds a developer debug CLI "set acl-plugin session table event-trace 1", which allows to gather the events pertaining to connection cleaning. The CLI is deliberately not part of the online help, as the express declaration that the semantics/trace levels, etc. are subject to change without notice. Change-Id: I3536309f737b73e50639cd5780822dcde667fc2c Signed-off-by: Andrew Yourtchenko <ayourtch@gmail.com>
2018-02-08ip: move lookup inline functions to header fileVijayabhaskar Katamreddy4-648/+759
Needed to allow other code paths to reuse them. Change-Id: I9e469527c6b2e9a6fec7af5f17d8b400a2e85826 Signed-off-by: Vijayabhaskar Katamreddy <vkatamre@cisco.com>