aboutsummaryrefslogtreecommitdiffstats
AgeCommit message (Collapse)AuthorFilesLines
2022-09-15nat: fix nat44-ed port range with multiple workersVladislav Grishenko5-9/+207
The number of available dynamic ports is set to (0xffff - 1024) = 64511, which is not divisable by the pow2 number of workers - the only integer divisors are 31 and 2081. So, total dynamic port range of all workers will be less than it: 1 wrk: n = (port_per_thread = 64511/1)*1 = 64511 + 1025 = 65536 2 wrk: n = (port_per_thread = 64511/2)*2 = 64510 + 1025 = 65535 4 wrk: n = (port_per_thread = 64511/4)*4 = 64508 + 1025 = 65533 8 wrk: n = (port_per_thread = 64511/8)*8 = 64504 + 1025 = 65529 ... As seen, with multiple workers there are unused trailing ports for every nat pool address and that is the reason of out-of-bound index in the worker array on out2in path due (port - 1024) / port_per_thread math. This was fixed in 5c9f9968de63fa627b4a72b344df36cdc686d18a, so packets to unused ports will go to existing worker and dropped there. Per RFC 6335 https://www.rfc-editor.org/rfc/rfc6335#section-6: 6. Port Number Ranges o the System Ports, also known as the Well Known Ports, from 0-1023 (assigned by IANA) o the User Ports, also known as the Registered Ports, from 1024- 49151 (assigned by IANA) o the Dynamic Ports, also known as the Private or Ephemeral Ports, from 49152-65535 (never assigned) According that let's allocate dynamic ports from 1024 and have full port range with a wide range of the workers number - 64 integer divisors in total, including pow2 ones: 1 wrk: n = (port_per_thread = 64512/1)*1 = 64512 + 1024 = 65536 2 wrk: n = (port_per_thread = 64512/2)*2 = 64512 + 1024 = 65536 3 wrk: n = (port_per_thread = 64512/3)*3 = 64512 + 1024 = 65536 4 wrk: n = (port_per_thread = 64512/4)*4 = 64512 + 1024 = 65536 5 wrk: n = (port_per_thread = 64512/5)*5 = 64510 + 1024 = 65534 6 wrk: n = (port_per_thread = 64512/6)*6 = 64512 + 1024 = 65536 7 wrk: n = (port_per_thread = 64512/7)*7 = 64512 + 1024 = 65536 8 wrk: n = (port_per_thread = 64512/8)*8 = 64512 + 1024 = 65536 ... Modulo from 5c9f9968de63fa627b4a72b344df36cdc686d18a is still required when the numbers of workers is not the integer divisor of 64512. Type: fix Fixes: 5c9f9968de63fa627b4a72b344df36cdc686d18a Change-Id: I9edaea07e58ff4888812b0d86cbf41a3784b189e Signed-off-by: Vladislav Grishenko <themiron@yandex-team.ru>
2022-09-15ip-neighbor: fix debug log format outputluoyaozu1-4/+3
Type: fix Signed-off-by: luoyaozu <luoyaozu@foxmail.com> Change-Id: Ibfebe4da0197d1f60bf9edd3873fe1f776b680a4
2022-09-14ip: show fib index in ip4 reassembly traceDamjan Marion1-28/+25
Type: improvement Change-Id: I371237803e2c3cb0e1b42b94f422867465e2bff6 Signed-off-by: Damjan Marion <dmarion@me.com>
2022-09-14ipsec: make chacha20-poly1305 available via APIVladimir Ratnikov4-14/+27
Type: feature Signed-off-by: Vladimir Ratnikov <vratnikov@netgate.com> Change-Id: I4e03f60f34acd7809ddc5a743650bedbb95b2e98
2022-09-12vlib: add vlib_frame_bitmap_is_bit_setDamjan Marion1-0/+8
Type: improvement Change-Id: I2f3fab893a10b060f91b07ee17b8727d241830ea Signed-off-by: Damjan Marion <dmarion@me.com>
2022-09-12ipsec: introduce fast path ipv4 inbound matchingPiotr Bronowski10-164/+1472
This patch introduces fast path matching for inbound traffic ipv4. Fast path uses bihash tables in order to find matching policy. Adding and removing policies in fast path is much faster than in current implementation. It is still new feature and further work needs and can be done in order to improve perfromance. Type: feature Signed-off-by: Piotr Bronowski <piotrx.bronowski@intel.com> Change-Id: Ifbd5bfecc21b76ddf8363f5dc089d77595196675
2022-09-09fib: fix path copy function to deal with provided DPO in exclusive pathDamjan Marion1-0/+6
DPO in the new copy was not locked ... Type: fix Fixes: 0bfe5d8 Change-Id: I39f1368de459af91c4bb857d98a4b531bd5692a6 Signed-off-by: Damjan Marion <dmarion@me.com>
2022-09-09vlib: don't leak node frames on reforkDmitry Valter10-16/+129
Free node frames in worker mains on refork. Otherwise these frames are never returned to free pool and it causes massive memory leaks if performed under traffic load Type: fix Signed-off-by: Dmitry Valter <d-valter@yandex-team.ru> Change-Id: I15cbf024a3f4b4082445fd5e5aaa10bfcf77f363
2022-09-09vppinfra: add clib_array_mask_set_u32()Damjan Marion1-0/+33
Type: improvement Change-Id: Idf1fb054d5ff495d772d01a79cbc6cd1b409d377 Signed-off-by: Damjan Marion <damarion@cisco.com>
2022-09-09nat: fix nat44-ed-in2out fast path next nodeJing Peng1-1/+1
When a session is found expired, the next node of in2out fast path should be in2out slow path instead of out2in slow path. Type: fix Signed-off-by: Jing Peng <jing@meter.com> Change-Id: If1dd920502089c25b33bea5434823b0496a44499
2022-09-09fib: missing headersDamjan Marion1-0/+2
Type: improvement Change-Id: I7f52222706200c31a731fadfb84513549ccb532d Signed-off-by: Damjan Marion <dmarion@me.com>
2022-09-08wireguard: eliminate some calls to main threadMatthew Smith1-4/+10
Type: improvement Roaming functionality allows the peer address to change. The main thread was being called to update a peer's address if necessary after processing a received packet. Check in the worker whether this is necessary before incurring the overhead of the RPC to the main thread. Signed-off-by: Matthew Smith <mgsmith@netgate.com> Change-Id: I02184b92dc658e0f57dd39993a3b2f9944187b45
2022-09-08avf: check for VLAN_TOGGLE capabilityMohammed Hawari1-0/+6
The ability to modify the vlan setting must be checked prior to using VIRTCHNL_OP_DISABLE_VLAN_STRIPPING_V2 both for inner and outer vlan stripping Change-Id: Iffe306c34b81a6077ad6ba5deb3f5b61b5475897 Type: fix Signed-off-by: Mohammed Hawari <mohammed@hawari.fr>
2022-09-07dpdk-cryptodev: reduce request to enable asyncGabriel Oginski1-1/+0
Originally initialization cryptodev device(s) calls double request to enabled async mode and increased ref count twice for async mode. Due to this cannot be change any assigned async handlers to other async crypto engine. The fixes reduce double request to enable async mode in initialization cryptodev device(s) and VPP can be change assigned async handlers to other crypto engine after disabled all async feature, for example: ipsec, wireguard. Type: fix Signed-off-by: Gabriel Oginski <gabrielx.oginski@intel.com> Change-Id: If22e682c3c10de781d05c2e09b5420f75be151c3
2022-09-07build: Cleanup python2 from suse build and uplift opensuse versionLaszlo Kiraly3-21/+13
- default to opensuse-leap 15.4, no python2 support in this version - deprecate version openSUSE 15.0, openSUSE 15.3 still supported Type: make Signed-off-by: Laszlo Kiraly <laszlo.kiraly@est.tech> Change-Id: Ic7178ff5238e2669bc45166c1f13d3f077f6069b Signed-off-by: Laszlo Kiraly <laszlo.kiraly@est.tech>
2022-09-06vrrp: fix cli functions according to short_helpluoyaozu1-0/+6
test output before fix: DBGvpp# vrrp proto start sw_if_index 1 vr_id 1 vrrp proto: unknown input `sw_if_index 1 vr_id 1' DBGvpp# vrrp vr track-if add sw_if_index 1 vr_id 1 track-index 1 priority 30 vrrp vr track-if: Please specify an interface Type: fix Signed-off-by: luoyaozu <luoyaozu@foxmail.com> Change-Id: Ib8ba67e920b23008d9246318ec8f8f17bf0bea95
2022-09-05ip: fix punt socket overflowBenoît Ganne1-3/+6
client_pathname is usually smaller than pc->caddr.sun_path. snprint() ensures we stop at the NULL character or sizeof(sun_path) whichever comes 1st. It also guarantees NULL character termination. Type: fix Change-Id: I9fc2a706beab931d50d32d03f7fafca7c6c2fb0b Signed-off-by: Benoît Ganne <bganne@cisco.com>
2022-09-01build: set OS_ID_LIKE only if unsetBenoît Ganne1-1/+1
cmake MATCHES directive with the empty regex "" always match, including non-empty strings. Type: fix Fixes: 534dfc1f18db74f4a2c78d62fe6893daba56dc86 Change-Id: If085b29da15a6d7fc680cebb823183fd3c7eea68 Signed-off-by: Benoît Ganne <bganne@cisco.com>
2022-08-31ipsec: fix coverity 249212Andrew Yourtchenko1-2/+2
zero-initialize the variables Type: fix Signed-off-by: Andrew Yourtchenko <ayourtch@gmail.com> Change-Id: I51c3856865eab037f646a0d184e82ecb3b5b3216
2022-08-31build: remove lto flags in dpdk buildDave Wallace1-0/+3
- Ubuntu 22.04 enables LTO by default and dpdk adds lto flags to CFLAGS. This CI jobs to fail with OOM-Kill (especially on ARM64) due to lto consuming large amounts of memory. Type: make Signed-off-by: Dave Wallace <dwallacelf@gmail.com> Change-Id: I5a3d3a08e2caddb4790b281b80b16081567aed5b
2022-08-31udp: store mss and sw_if_index to udp_connection_tSteven Luong4-4/+11
Store mss and sw_if_index to udp_connection_t and display them via show sessipn verbose 2 Type: fix Signed-off-by: Steven Luong <sluong@cisco.com> Change-Id: I32928f3f4195b178873dc1bada702e035d99c464
2022-08-31nat: fix coverity 249194Andrew Yourtchenko1-1/+1
Zero-initialize a variable. Type: fix Signed-off-by: Andrew Yourtchenko <ayourtch@gmail.com> Change-Id: Iccf2eb4bf26755d6cd93fc70df3c5481d69ce7eb
2022-08-31nat: fix coverity 249178Andrew Yourtchenko1-1/+1
Zero-initialize the variable Type: fix Signed-off-by: Andrew Yourtchenko <ayourtch@gmail.com> Change-Id: I4ee127ac3e2a3beffa11bbc96db1f3254b3f7c5d
2022-08-31pppoe: fix coverity 218437, 218401Andrew Yourtchenko1-0/+3
Initialize the session index in case of error to ~0, so is defined in case trace needs to copy it. Type: fix Signed-off-by: Andrew Yourtchenko <ayourtch@gmail.com> Change-Id: Iddf6df42c09d2abc11e5821944eb4f41692e6e3e
2022-08-31gso: zero-initialize gho structVladislav Grishenko2-0/+6
It may contain garbage in debug builds resulting in wrong gho detected flags and offsets. Type: fix Signed-off-by: Vladislav Grishenko <themiron@yandex-team.ru> Change-Id: Ia79633262185016f527e7dc6c67334cda6f055f2
2022-08-31devices: fix coverity warningMohsin Kazmi1-1/+1
Type: fix Signed-off-by: Mohsin Kazmi <sykazmi@cisco.com> Change-Id: I0a58c0f54d8be31a0a78bef00152fb2cc193840e
2022-08-31devices: add support for polling modeMohsin Kazmi3-6/+45
Type: improvement Signed-off-by: Mohsin Kazmi <sykazmi@cisco.com> Change-Id: I8d84dc8b7f5c5e863c32838cfafc3d366e2a7e00
2022-08-30dpdk: fix arm iavf rx vector path on 22.03Tianyu Li1-0/+486
dpdk 22.03 introduces iavf driver but misses rx vector path on Arm. This causes VF fail to receive packet when running VPP device test with no-multi-seg configuration. Add iavf basic Neon RX support to fix this. Type: fix Fixes: 2f132efc3caf ("dpdk: bump to DPDK v22.03") Signed-off-by: Tianyu Li <tianyu.li@arm.com> Change-Id: I75ae74c8060428cee0e1c235feab1246c014801e
2022-08-30l2: skip arp term for locally originated packetsStanislav Zaikin3-0/+6
Mark arp packet as locally originated when probing/replying and don't apply any arp-term logic against it. Type: fix Signed-off-by: Stanislav Zaikin <zstaseg@gmail.com> Change-Id: I305ff5cac8cac456decf92f21b961aa4ce286079
2022-08-30tcp: do not overcount ooo bytesFlorin Coras1-1/+3
Type: fix Signed-off-by: Florin Coras <fcoras@cisco.com> Change-Id: Ic81702bffb5b3189db48efe1ab3b237fa2bf75f2
2022-08-30dma_intel: fix the wrong unformat typeHaiyue Wang1-1/+1
The unformat type for "%d" should be u32 or int, otherwise the 'did' in high stack address will be overflow to zero by the 'qid' which is in the low stack address. Like input "dev wq3.2" will return "did=0, qid=2". Type: fix Signed-off-by: Haiyue Wang <haiyue.wang@intel.com> Change-Id: I0fe1d5b03e2c47e0a7925193e2c2f1ccc31d3e90
2022-08-30memif: Process bad descriptors correctly in memif_process_descSteven Luong1-10/+35
When there is a bad descriptor, it may in the beginning, in the middle, or at the end of the batch if the batch has more than 3 descriptors. When processing a bad descriptor is encountered in the batch, we need to rollback n_buffers in memif_process_desc(), or the statement in the same function memif_add_copy_op (ptd, mb0 + src_off, bytes_to_copy, dst_off, n_buffers - 1); is wrong because it picks up the wrong buffer_vec_index of the bad descriptor while parsing a good descriptor immediately following the bad descriptor. n_buffers was incremented in the beginning of while (n_left) loop. The other problem is we should count the number of bad packets and reduce ptd->n_packets to get the correct number of packets for subsequent processing in device_input. The last fix is to check if n_buffers == 0 in device_input and skip doing any descriptor copy. This case can happen when all the descriptors are bad in the batch. Type: fix Signed-off-by: Steven Luong <sluong@cisco.com> Change-Id: I28ed1d87236b045657006755747b5750a9a733be
2022-08-30ethernet: fix coverity 214973Andrew Yourtchenko1-15/+14
Ensure that the ethernet_input_inline_dmac_check which directly derefererences ei, is called only if ei is set. Type: fix Change-Id: I2d3bce63ee457825a5d375a6102225f3abf67703 Signed-off-by: Andrew Yourtchenko <ayourtch@gmail.com>
2022-08-30vlib: fix coverity 274750, part 2Andrew Yourtchenko1-1/+1
Add another missing null check. Type: fix Change-Id: Iec4de548810efe369a6e61b8787131230506cff6 Signed-off-by: Andrew Yourtchenko <ayourtch@gmail.com>
2022-08-30vlib: fix coverity 277203Andrew Yourtchenko1-1/+1
Fix integer overflow. Type: fix Signed-off-by: Andrew Yourtchenko <ayourtch@gmail.com> Change-Id: I72de6f88be064f188204d0f6d3167a3a8d7de58d
2022-08-30dpdk: bump to 22.07Fan Zhang1-1/+2
Type: feature This patch bumps DPDK version to 22.07. Signed-off-by: Fan Zhang <roy.fan.zhang@intel.com> Change-Id: I72ecb31ca15774aed4453778042120610020a0c1
2022-08-30ethernet: refactor the redundant codeAndrew Yourtchenko1-8/+7
Following the discussion during the review of b46a4e69e5db18ef792415439d04a0ab22c59386, remove the redundant ei0. This resulted in realization that in order for this code to do anything useful, the ei must be always non-zero, so rewrite the logical condition for it. Also, make it a conjunction which seems simpler to understand. Type: improvement Change-Id: Ibd7b2a63e4aeaf97eb1a98af8e69aed2ff7dd577 Signed-off-by: Andrew Yourtchenko <ayourtch@gmail.com>
2022-08-29vlib: use error description when dropping packetsArthur de Kerhor1-1/+1
Using the error name makes it less explicit in the packet trace than the error description when a packet is dropped. Example of the trace when the TTL is <=1: 01:03:17:015278: drop ip4-input: time_expired We should have "ip4 ttl <= 1" instead of "time_expired" Type: fix Change-Id: Ic9decf10d609cc938e39d0f449359e41c406267e Signed-off-by: Arthur de Kerhor <arthurdekerhor@gmail.com>
2022-08-29ethernet: fix mac address increment errorJieqiang Wang1-2/+2
Using "ip neighbor <ip-addr> <mac-addr> static count <count>" to add static ARP entries will output wrong mac addresses due to lack of big/little endian conversion. Fix this error by converting mac address from big endian to little endian before doing the self-increment. Before patched: vpp# ip neighbor rdma-0 198.18.1.1 01:aa:bb:cc:dd:e0 static count 5 vpp# show ip neighbor Time IP Flags Ethernet Interface 4.4400 198.18.1.5 S 05:aa:bb:cc:dd:e0 rdma-0 4.4399 198.18.1.4 S 04:aa:bb:cc:dd:e0 rdma-0 4.4399 198.18.1.3 S 03:aa:bb:cc:dd:e0 rdma-0 4.4399 198.18.1.2 S 02:aa:bb:cc:dd:e0 rdma-0 4.4399 198.18.1.1 S 01:aa:bb:cc:dd:e0 rdma-0 After patched: vpp# ip neighbor rdma-0 198.18.1.1 01:aa:bb:cc:dd:e0 static count 5 vpp# show ip neighbor Time IP Flags Ethernet Interface 4.4528 198.18.1.5 S 01:aa:bb:cc:dd:e4 rdma-0 4.4528 198.18.1.4 S 01:aa:bb:cc:dd:e3 rdma-0 4.4528 198.18.1.3 S 01:aa:bb:cc:dd:e2 rdma-0 4.4527 198.18.1.2 S 01:aa:bb:cc:dd:e1 rdma-0 4.4527 198.18.1.1 S 01:aa:bb:cc:dd:e0 rdma-0 Type: fix Signed-off-by: Jieqiang Wang <jieqiang.wang@arm.com> Change-Id: Iec1e00e381e4aba96639f831e7e42e070be3f278
2022-08-29fib: fix coverity 249175Andrew Yourtchenko1-0/+1
Add an assert to express the constraint to coverity without incurring the overhead in release builds. Type: fix Signed-off-by: Andrew Yourtchenko <ayourtch@gmail.com> Change-Id: I2c22f8b2565c645d95c9c0be37381060e151420f
2022-08-29fib: fix coverity 253539Andrew Yourtchenko1-0/+1
Add an ASSERT so coverity is aware of the assumption taken, without incurring any penalty in release build. Type: fix Signed-off-by: Andrew Yourtchenko <ayourtch@gmail.com> Change-Id: I3e7e1e77059492315409efbed47657f9e56d167c Signed-off-by: Andrew Yourtchenko <ayourtch@gmail.com>
2022-08-29ethernet: fix coverity 218549Andrew Yourtchenko1-1/+1
Check that the pointer is non-null before dereferencing it. Type: fix Signed-off-by: Andrew Yourtchenko <ayourtch@gmail.com> Change-Id: I611a1042d08bbe455dd09a4fa5711fe86c440240
2022-08-29nat: fix coverity 249202Benoît Ganne1-2/+2
In case of a bad packet, the bihash kv is not initialized before being copied in the trace. Make sure it is initialized to 0. Type: fix Change-Id: I22fcfe99f3586d0fa128493059547a56557b8fb5 Signed-off-by: Benoît Ganne <bganne@cisco.com>
2022-08-29libmemif: fix the buffer sizeMohsin Kazmi1-6/+4
Type: fix Previously, libmemif can only use buffer size which have to be power of 2. memif protocol does not enforce this. This patch fixes this issue. Signed-off-by: Mohsin Kazmi <sykazmi@cisco.com> Change-Id: Ic71e6a51685e2c2228c744920797064d4c7c65c9
2022-08-29libmemif: add support for custom buffer-size and headroom in icmp example appMohsin Kazmi3-11/+27
Type: improvement Signed-off-by: Mohsin Kazmi <sykazmi@cisco.com> Change-Id: I2bdaee7938a3747e3217d6901ec3c66f1ee3da61
2022-08-26linux-cp: fix coverity 216937Andrew Yourtchenko1-1/+1
Initialize the host_sw_if_index to ~0 so in the error cases the variable is set to something predictable. Type: fix Change-Id: Ic55e4f0cbfa286e85dfb54b89b5321af18a439a1 Signed-off-by: Andrew Yourtchenko <ayourtch@gmail.com>
2022-08-26nsh: fix coverity 249201Andrew Yourtchenko1-1/+1
Zero-initialize the temporary struct, else a->map.adj_index is being used unset. Type: fix Signed-off-by: Andrew Yourtchenko <ayourtch@gmail.com> Change-Id: Ia02636ea1e911250d6aa5e413de48e1e09863880
2022-08-25build: disable gcc warning stringop-overflow for gcc-10 or greaterDave Wallace1-0/+4
- this warning causes build errors with gcc on ubuntu 22.04 Type: make Change-Id: Id8f6ab44b2315ce8a4564ea924d799ecb6f57fdf Signed-off-by: Dave Wallace <dwallacelf@gmail.com>
2022-08-25vlib: introduce DMA infrastructureMarvin Liu14-0/+1349
This patch introduces DMA infrastructure into vlib. This is well known that large amount of memory movements will drain core resource. Nowadays more and more hardware accelerators were designed out for freeing core from this burden. Meanwhile some restrictions still remained when utilizing hardware accelerators, e.g. cross numa throughput will have a significant drop compared to same node. Normally the number of hardware accelerator instances will less than cores number, not to mention that applications number will even beyond the number of cores. Some hardware may support share virtual address with cores, while others are not. Here we introduce new DMA infrastructure which can fulfill the requirements of vpp applications like session and memif and in the meantime dealing with hardware limitations. Here is some design backgrounds: Backend is the abstract of resource which allocated from DMA device and can do some basic operations like configuration, DMA copy and result query. Config is the abstract of application DMA requirement. Application need to request an unique config index from DMA infrastructure. This unique config index is associated with backend resource. Two options cpu fallback and barrier before last can be specified in config. DMA transfer will be performed by CPU when backend is busy if cpu fallback option is enabled. DMA transfer callback will be in order if barrier before last option is enabled. We constructs all the stuffs that DMA transfer request needed into DMA batch. It contains the pattern of DMA descriptors and function pointers for submission and callback. One DMA transfer request need multiple times batch update and one time batch submission. DMA backends will assigned to config's workers threads equally. Lock will be used for thread-safety if same backends assigned to multiple threads. Backend node will check all the pending requests in worker thread and do callback with the pointer of DMA batch if transfer completed. Application can utilize cookie in DMA batch for selves usage. DMA architecture: +----------+ +----------+ +----------+ +----------+ | Config1 | | Config2 | | Config1 | | Config2 | +----------+ +----------+ +----------+ +----------+ || || || || +-------------------------+ +-------------------------+ | DMA polling thread A | | DMA polling thread B | +-------------------------+ +-------------------------+ || || +----------+ +----------+ | Backend1 | | Backend2 | +----------+ +----------+ Type: feature Signed-off-by: Marvin Liu <yong.liu@intel.com> Change-Id: I1725e0c26687985aac29618c9abe4f5e0de08ebf
2022-08-25wireguard: fix ipv6 payload_length computationAloys Augustin1-4/+3
The ipv6 header length should not be counted in the ipv6 payload length. This is similar to https://gerrit.fd.io/r/c/vpp/+/36945. Type: fix Change-Id: I22de0ff828175829102a85288513ee3f55709108 Signed-off-by: Aloys Augustin <aloaugus@cisco.com>