aboutsummaryrefslogtreecommitdiffstats
AgeCommit message (Collapse)AuthorFilesLines
2022-04-14ipsec: perf improvement of ipsec4_input_node using flow cacheZachary Leaf11-60/+1011
Adding flow cache support to improve inbound IPv4/IPSec Security Policy Database (SPD) lookup performance. By enabling the flow cache in startup conf, this replaces a linear O(N) SPD search, with an O(1) hash table search. This patch is the ipsec4_input_node counterpart to https://gerrit.fd.io/r/c/vpp/+/31694, and shares much of the same code, theory and mechanism of action. Details about the flow cache: Mechanism: 1. First packet of a flow will undergo linear search in SPD table. Once a policy match is found, a new entry will be added into the flow cache. From 2nd packet onwards, the policy lookup will happen in flow cache. 2. The flow cache is implemented using a hash table without collision handling. This will avoid the logic to age out or recycle the old flows in flow cache. Whenever a collision occurs, the old entry will be overwritten by the new entry. Worst case is when all the 256 packets in a batch result in collision, falling back to linear search. Average and best case will be O(1). 3. The size of flow cache is fixed and decided based on the number of flows to be supported. The default is set to 1 million flows, but is configurable by a startup.conf option. 4. Whenever a SPD rule is added/deleted by the control plane, all current flow cache entries will be invalidated. As the SPD API is not mp-safe, the data plane will wait for the control plane operation to complete. Cache invalidation is via an epoch counter that is incremented on policy add/del and stored with each entry in the flow cache. If the epoch counter in the flow cache does not match the current count, the entry is considered stale, and we fall back to linear search. The following configurable options are available through startup conf under the ipsec{} entry: 1. ipv4-inbound-spd-flow-cache on/off - enable SPD flow cache (default off) 2. ipv4-inbound-spd-hash-buckets %d - set number of hash buckets (default 4,194,304: ~1 million flows with 25% load factor) Performance with 1 core, 1 ESP Tunnel, null-decrypt then bypass, 94B (null encrypted packet) for different SPD policy matching indices: SPD Policy index : 2 10 100 1000 Throughput : Mbps/Mbps Mbps/Mbps Mbps/Mbps Mbps/Mbps (Baseline/Optimized) ARM TX2 : 300/290 230/290 70/290 8.5/290 Type: improvement Signed-off-by: Zachary Leaf <zachary.leaf@arm.com> Signed-off-by: mgovind <govindarajan.Mohandoss@arm.com> Tested-by: Jieqiang Wang <jieqiang.wang@arm.com> Change-Id: I8be2ad4715accbb335c38cd933904119db75827b
2022-04-13crypto-openssl: use getrandom syscallGuillaume Solignac1-2/+2
The sys/random.h header, which provides the getrandom syscall wrapper, was only added in glibc2.25. To make it compatible with older version, we can directly call the syscall. Type: improvement Signed-off-by: Guillaume Solignac <gsoligna@cisco.com> Change-Id: I93c5f8a49c0323511a4e34273f0b3c0e24663bfd
2022-04-13vppinfra: fix GCC 7.3 build error with asm inlineGuillaume Solignac1-4/+4
GCC added asm inline in 8.3, so we change asm inline to asm volatile. Type: fix Fixes: d5045e68a782 ("vppinfra: introduce clib_perfmom") Signed-off-by: Guillaume Solignac <gsoligna@cisco.com> Change-Id: I9f7781ba9de66211404348ff477a17059b408a78
2022-04-13build: fix rpm build nasm not foundTianyu Li1-0/+1
Type: make Signed-off-by: Tianyu Li <tianyu.li@arm.com> Change-Id: I7ac1d0472edf8d48eac21a7b580a06456bf60c30
2022-04-13vppinfra: fix clang-10 build error with asm inlineTianyu Li1-1/+1
clang start to support parse asm inline from clang-11, Use asm volatile instead. Type: fix Fixes: d5045e68a782 ("vppinfra: introduce clib_perfmom") Signed-off-by: Tianyu Li <tianyu.li@arm.com> Change-Id: I00e5e19856caaed94e22f8fa6cf4f918483976a4
2022-04-12vppinfra: vector perf improvementsDamjan Marion15-139/+326
Type: improvement Change-Id: I37c187af80c21b8fb1ab15af112527a837e0df9e Signed-off-by: Damjan Marion <damarion@cisco.com>
2022-04-12ip: fix arc start in ip46-local for local mfib entriesAlexander Chernavin3-27/+47
Type: fix After changes made in f840880, VRRP IPv6 cannot reply for neighbor solicitations requesting the link layer address of the configured virtual address. VRRP IPv6 enables the vrrp6-nd-input feature in the ip6-local feature arc for an interface on which a virtual router is configured. When neighbor solicitations arrive on that interface, ip6-local should start feature arc walk for that interface and the messages should be processed by vrrp6-nd-input. The problem is that currently, the feature arc is started for the interface obtained from the receive DPO that has interface unset (i.e. max u32) for local mfib entries. Thus, the feature arc is started not on the interface the messages were received on and vrrp6-nd-input is not traversed. With this fix, if interface obtained from the receive DPO is unset, use RX interface from the buffer to start the ip46-local feature arc. Also, enable tests of this case for both IPv4 and IPv6 address families that are currently tagged as extended and not run on every change. They configure VRRP with priority 255 and are expected to be stable. Signed-off-by: Alexander Chernavin <achernavin@netgate.com> Change-Id: I11ef3d5a7a986e04431e8613d1510b8666094bd7
2022-04-12hsa: fix coverity warningFlorin Coras1-0/+1
Type: fix Signed-off-by: Florin Coras <fcoras@cisco.com> Change-Id: I9cf21ee7ad363dd1af5ca75f07bfe38d8fe749f9
2022-04-12hsa: vcl test client option to close only clientFlorin Coras2-2/+12
Type: improvement Signed-off-by: Florin Coras <fcoras@cisco.com> Change-Id: I45c63e0a7d7179a0f27ca3f093bd3cf7458a12d3
2022-04-12tcp: limit persist segment size if window availableFlorin Coras1-1/+3
Type: improvement Signed-off-by: Florin Coras <fcoras@cisco.com> Change-Id: Ie1ae401d5105aa42761d3cac5dfbe523f3995c87
2022-04-12tests: fix bihash unit test threads countJing Peng1-4/+4
In test_bihash_threads, if a test thread fails to be created, it is still counted towards the total thread count, which could lead to never-ending test loop. This patch fixes the issue. Type: fix Signed-off-by: Jing Peng <pj.hades@gmail.com> Change-Id: Ic0f1d4dde9c5ea672b52f0e2e49f16d42f982b77
2022-04-11teib: use nexthop table idBenoît Ganne1-3/+0
Use the specified nexthop table id instead of the interface table id. Type: fix Change-Id: I61bf61d50d2716fcd9a6e35df4d60222dc4f36d5 Signed-off-by: Benoît Ganne <bganne@cisco.com>
2022-04-11interface: fix the offloadsMohsin Kazmi1-0/+2
Type: fix Signed-off-by: Mohsin Kazmi <sykazmi@cisco.com> Change-Id: I9f3d1a8574b15f09a458baad98c815e087fd60b8
2022-04-11tls: fix connected notifications with no app wrkFlorin Coras2-6/+14
Type: fix Signed-off-by: Florin Coras <fcoras@cisco.com> Change-Id: I805131b4e3d0cb2fab1d3bf76db659c67522c2e8
2022-04-11tests: fix bihash unittest error reportingJing Peng1-15/+21
This patch fixes test_bihash_unittest in two ways: 1. The number of searches, namely tm->search_iter, defaults to 0, thus disabling the test. This patch changes the default to 1. 2. Test errors are reported by clib_warning() instead of being returned, thus the caller test/test_bihash.py is never aware of them. This patch returns the errors constructed by clib_error_return(). Type: fix Signed-off-by: Jing Peng <pj.hades@gmail.com> Change-Id: I60e99a829ebe6aa2a56e7a9332cf973afa100311
2022-04-11devices: refactor fanout supportMohsin Kazmi3-27/+37
Type: refactor Signed-off-by: Mohsin Kazmi <sykazmi@cisco.com> Change-Id: I9e68ecb91f6433f68a8a87dd066f3e369f25a3c9
2022-04-10build: add clang-14Damjan Marion1-0/+1
clang-14 is default for Upcoming Ubuntu 22.04 LTS... Type: make Change-Id: I65328d0e90a4c13d5766e51da8b90a8899b773d9 Signed-off-by: Damjan Marion <dmarion@me.com>
2022-04-08devices: fix the offset for af-packetMohsin Kazmi1-14/+7
Type: fix Signed-off-by: Mohsin Kazmi <sykazmi@cisco.com> Change-Id: I12b2e53ddb797cc809a2d742d17a1a60edde385d
2022-04-08linux-cp: fix setting mtu on hardware interfacesMatthew Smith1-1/+1
Type: fix Fixes: 616447c39231 In lcp_router_link_mtu(), either vnet_hw_interface_set_mtu() or vnet_sw_interface_set_mtu() is called, based on whether this appears to be a physical interface. The test to determine whether this is true was incorrect and probably never worked right so vnet_sw_interface_set_mtu() was always being called. This causes some breakage with Recent changes to code which manages interface MTUs. Fix the test so the right function is called. Change-Id: I1ecccbce37d5a1e53b2349ed40f3d0d27eb03569 Signed-off-by: Matthew Smith <mgsmith@netgate.com>
2022-04-08dpdk: add multi-txq supportMohsin Kazmi4-13/+31
Type: improvement Signed-off-by: Mohsin Kazmi <sykazmi@cisco.com> Change-Id: I9f061a05d947bc2867e1b962bf0522ad344bcc1a
2022-04-08build: opensuse: remove nasm, change to clangLaszlo Kiraly3-7/+6
Type: make Signed-off-by: Laszlo Kiraly <laszlo.kiraly@est.tech> Change-Id: I3951be5be95a7fb76f54c4ce0daab0748cb8419c
2022-04-08stats: fix vector overrun in expend checkDmitry Valter1-2/+2
Do not access allocated elements beyond the end of the vector. They are allocated, but not yet valid both logically (they are at best NULLs) and according to ASAN. Type: fix Change-Id: Iaf43767d6d3bd4c24c7c5a0ba9b3410bbeeb0556 Signed-off-by: Dmitry Valter <d-valter@yandex-team.ru>
2022-04-08vppinfra: introduce clib_perfmomDamjan Marion11-216/+530
Type: improvement Change-Id: I85a90774eb313020435c9bc2297c1bdf23d52efc Signed-off-by: Damjan Marion <damarion@cisco.com>
2022-04-08vppinfra: clib_interrupt_get_next reading unallocated memoryPaul Atkins2-1/+82
The clib interrupt structure has a couple of fields at the start of the cacheline, and then in the next cacheline it has a bitmap, which is then followed by an atomic bitmap. The size of the bitmaps is based on the number of interrupts, and when the memory is allocated the number of interrupts needed is used to size the overall block of memory. The interrupts typically map to pool entries, so if we want to store 512 entries then we store them in indices 0..511. This would then take 8 6 4bit words, so each bitmap would be this size when the struct is allocated. It is possible to walk over the end of the allocated data with certain sizes, one of which is 512. The reason this happens with 512 is that the check to see when to exit the loop is returning when offset is greater than the value needed to fit all the values. In this case 512 >> 6 = 8. If there had only been 511 entries then the size would have been 511 >> 6 = 7, and so it would have fitted in the space. Therefore modify the check to also check that we are not looking into the memory beyond what we have allocated in the case where the number of interrupt is one of the boundary values like 512. Also add a similar check first time round the loop as it is possible we could have ate same problem there too. Add a new test file to verify the new code works. The old version of the code made this test fail when run with the address sanitizer. Without the sanitiser it tended to pass because the following memory was typically set to 0 even though it was uninitialised. Type: fix Signed-off-by: Paul Atkins <patkins@graphiant.com> Change-Id: I2ec4afae43d296a5c30299bd7694c072ca76b9a4
2022-04-08vppinfra: add bright colors to format_tableDamjan Marion2-2/+20
Type: improvement Change-Id: I21de21af6dea9e39df5e912e20e56d878a40659f Signed-off-by: Damjan Marion <damarion@cisco.com>
2022-04-08api: Do not assert of short message lengthsNeale Ranns1-1/+0
Type: improvement Short message lengths are correctly handled by the code, asserting makes unit tests that verify this behaviour (e.g. test_ip_punt_api_validation) fail/crash with a debug image. Signed-off-by: Neale Ranns <neale@graphiant.com> Change-Id: Ib3a377e5d49fde0eee252b92f0e58a8a0d0d83ec
2022-04-07tls http: run config fns after init onesFlorin Coras2-2/+2
Type: fix Signed-off-by: Florin Coras <fcoras@cisco.com> Change-Id: Ia4d8aaafeb3629f421601edffefe9c61c3e69dba
2022-04-07tls: fix session pool realloc on acceptFlorin Coras1-0/+3
Type: fix Signed-off-by: Florin Coras <fcoras@cisco.com> Change-Id: I68ada775810bb4a4f280962a979605b211562a52
2022-04-07devices: add cli support for checksum and gso disableMohsin Kazmi5-20/+29
Type: improvement Signed-off-by: Mohsin Kazmi <sykazmi@cisco.com> Change-Id: I33a29cf11998736347eca5016eee112619d847c1
2022-04-06vppinfra: add vec_new_heap()Damjan Marion2-5/+15
Type: improvement Change-Id: Iab3d65b6276829ad1e522e66380d1797e37579b8 Signed-off-by: Damjan Marion <damarion@cisco.com>
2022-04-06devices: add cli support to disable qdisc bypassMohsin Kazmi5-12/+39
Type: improvement Signed-off-by: Mohsin Kazmi <sykazmi@cisco.com> Change-Id: Ie5f2bdb8fb559680bab863a7c24a49360e005b58
2022-04-06stats: avoid linear search for empty entryDamjan Marion3-10/+16
Type: improvement Change-Id: Ie4cdc6d8906da3d1cd18a8f1d7076283546d3003 Signed-off-by: Damjan Marion <damarion@cisco.com>
2022-04-06interface: unregister node counters on interface deleteDamjan Marion3-7/+21
Type: fix Change-Id: I2562ae5833b542c29bcd5025a9a6756e5de95a42 Signed-off-by: Damjan Marion <damarion@cisco.com>
2022-04-06vppinfra: add MAX macros for clib typesDamjan Marion1-0/+18
Type: improvement Change-Id: I1bca733d2a35733275efa46ee0a23bf572365c74 Signed-off-by: Damjan Marion <damarion@cisco.com>
2022-04-06vlib: clear frame flags on freeStanislav Zaikin1-0/+2
Type: fix Change-Id: If4a7ac244832ef72d82c71b0277bc110b9500537 Signed-off-by: Stanislav Zaikin <zstaseg@gmail.com>
2022-04-06build: remove nasmDamjan Marion6-52/+3
Type: make Change-Id: I5ee34e9d7156ccdc7a8310e8332347d850459495 Signed-off-by: Damjan Marion <damarion@cisco.com>
2022-04-05wireguard: prevent segfault on non-adj packetsJon Loeliger2-0/+7
An unexpected packet that shows up on a Wireguard interace that happens not to have a forwarding peer will cause a segfault trying to index the vector of peers by adjacency. Rather than segfaulting, recognize a non-adjacent packet and drop it instead. This leaves open the question of what _should_ be happening to, say, IPv6 multicast packets. Signed-off-by: Jon Loeliger <jdl@netgate.com> Type: fix Fixes: edca1325cf296bd0f5ff422fc12de2ce7a7bad88 Change-Id: Ic0a29e6cf6fe812a4895ec11bedcca86c62e590b
2022-04-05dpdk: bump to DPDK v22.03Dastin Wilski2-1/+59
This patch bumps dpdk version from 21.11 to 22.03. Type: feature Signed-off-by: Dastin Wilski <dastin.wilski@gmail.com> Change-Id: I152a7857378371d3fd26d7473421c2b3113cd3ee
2022-04-05dpdk: macros changes for dpdk 22.03Dastin Wilski4-60/+62
New dpdk version deprecates some macros used by VPP. This patch changes them to 22.03 version. Type: improvement Signed-off-by: Dastin Wilski <dastin.wilski@gmail.com> Change-Id: Ic362ed318dc1ad88bb682ef13fbd6159171fbaef
2022-04-05dpdk: compatibility layer for dpdk 22.03 bumpDastin Wilski2-26/+87
New version of dpdk changes some macros names. This patch ensures VPP will be compatible with older dpdk versions. Type: improvement Signed-off-by: Dastin Wilski <dastin.wilski@gmail.com> Change-Id: I3d9736278e70064610a1dcad5f2d2f6eb26e0d4b
2022-04-05dpdk: fix max frame sizeDamjan Marion2-11/+11
Type: fix Change-Id: I70f9ec2eb6c9c1494a4ecd56e06898f6162a0e0e Signed-off-by: Damjan Marion <damarion@cisco.com>
2022-04-05nat: nat44 cli bug fixFilip Varga5-42/+38
Two similar CLI paths "nat44" and "nat44 add interface address" caused unexpected behavior. If "nat44 add interface address" command would fail the vlib cli processing function would call "nat44" handler. This would also clean any previously set errors from the first command and basically return same error returned by "nat44" handler for every failed command that starts with the same path string. Fixes nat44-ed and nat44-ei plugin. Change-Id: I1aac85c8ae2932da582a2b78243521d1bf8a0653 Ticket: VPP-2021 Type: fix Signed-off-by: Filip Varga <fivarga@cisco.com>
2022-04-05vppinfra: refactor address sanitizerDamjan Marion25-247/+121
Type: refactor Change-Id: I5ca142ec1557d5b5c3806b43553ad9d3b5ea1112 Signed-off-by: Damjan Marion <damarion@cisco.com>
2022-04-05tap: fix the coverity warningMohsin Kazmi1-1/+1
Type: fix Signed-off-by: Mohsin Kazmi <sykazmi@cisco.com> Change-Id: I609fb28e58286ff490d12384b03dd713830379b3
2022-04-05devices: remove redundant code af-packetMohsin Kazmi2-23/+3
Type: refactor Signed-off-by: Mohsin Kazmi <sykazmi@cisco.com> Change-Id: Id485f525057163582dc7a83f7dab7a8b2e759270
2022-04-05devices: fix the received blocks countersMohsin Kazmi1-5/+4
Type: fix Signed-off-by: Mohsin Kazmi <sykazmi@cisco.com> Change-Id: If7d9c94dcdc32fa66763e18bd3be7d28b2d17946
2022-04-05crypto-openssl: use getrandom to reseed opensslBenoît Ganne1-13/+8
Type: improvement Change-Id: I84d594d8baaf18056580455f3b2790d0f31b7b0f Signed-off-by: Benoît Ganne <bganne@cisco.com>
2022-04-05rdma: bump to rdma-core 39.1Benoît Ganne1-2/+2
Type: improvement Change-Id: I638b67cddf2d1b573002b494a555c0b1ab94181f Signed-off-by: Benoît Ganne <bganne@cisco.com>
2022-04-05vppinfra: use AVX512 compare for equality testingBenoît Ganne1-45/+59
This commit only update is_equal flavours to use _mm512_cmpneq_epi64_mask() but clang-format decided to also reformat the whole block. Type: improvement Change-Id: I530cf91e8bceaf15022556f803b27de4f8583217 Signed-off-by: Benoît Ganne <bganne@cisco.com>
2022-04-05devices: fix the coverity warnings for af-packet v3Mohsin Kazmi1-9/+14
Type: fix Signed-off-by: Mohsin Kazmi <sykazmi@cisco.com> Change-Id: Ie647fb280831af23925c4b5f659f1dade6d37eff