aboutsummaryrefslogtreecommitdiffstats
AgeCommit message (Collapse)AuthorFilesLines
2021-10-20nat: NAT44-ED api fix and improvementFilip Varga4-16/+14
This patch fixes issue with NAT_API_IS_TWICE_NAT and NAT_API_IS_ADDR_ONLY flags. Because of control plane code change - move from boolean parameters to flags in https://gerrit.fd.io/r/c/vpp/+/32796 patch these api flags weren't correctly set. Type: fix Change-Id: Ieec5fe6bdcca314da027f2d23e3a24f174391a6f Signed-off-by: Filip Varga <fivarga@cisco.com>
2021-10-19bfd: fix bfd_key_id updateAlexander Skorichenko1-4/+8
Type: fix Currently, auth activation CLI command "bfd upd session auth activate ... conf-key-id <cki> bfd-key-id <bki>" allows to change both key-ids to new values at once. But if only bfd-key-id should be corrected, e.g. as a result of mistyping, we can't do that in a single operation, and have to deactivate auth first and then reactivate it with a correctly entered pair of ids. Currently, backend's bfd_auth_activate() function returns immediately, with no action, if it finds that submitted conf-key-id matches the current record. No check on bfd-key-id value is made. With this fix, bfd_auth_activate() checks if session's bfd-key-id has to be changed to a new value, and if so, it updates and logs appropriately. Change-Id: I3b915a936cb1721707860bb503f70e7dd29e0ddd Signed-off-by: Alexander Skorichenko <askorichenko@netgate.com>
2021-10-19bfd: fix desired_min_tx_nsec updateAlexander Skorichenko1-0/+2
Type: fix Currently, the change in desired_min_tx value initiated locally doesn't result in actual update of the transmission interval. bfd_session_t structure has two fields for each of protocol's local time parameters desired_min_tx, required_min_rx In a case of a parameter update, "config_" prefixed fields store new values sent to remote bs.config_desired_min_tx_nsec, bs.config_required_min_rx_nsec Those prefixed "effective_", keep old values, still in charge, until new ones are being negotiated between peers: bs.effective_desired_min_tx_nsec, bs.effective_required_min_rx_nsec Currently, upon termination of the Poll Sequence (negotiation) only bfd_set_effective_required_min_rx() is called to update effective RX value. TX value remains unchanged. With this fix, add a call to bfd_set_effective_desired_min_tx() to set new, acknowledged TX value in effect. Signed-off-by: Alexander Skorichenko <askorichenko@netgate.com> Change-Id: I80b6746533839c9572598f1ad9dabb33e621a525
2021-10-18api: remove legacy pd msg handlersKlement Sekera5-48/+0
While looking at a coverity warning it was discovered that it's caused by return value modified by pd msg handlers. As these are legacy, it's a good time to remove them and also fix the warning this way. Type: fix Signed-off-by: Klement Sekera <ksekera@cisco.com> Change-Id: Ic72ab8b2b7a2e55188d1c31cfd18a74b7cf82c43
2021-10-18interface: add api test fileFilip Tehlar21-164/+1484
Type: improvement Signed-off-by: Filip Tehlar <ftehlar@cisco.com> Change-Id: Ib07029204ecf12bf2adb5a39afa54bc98fb81f34
2021-10-16interface: fix offload flag checkNathan Skrzypczak1-1/+4
We should compute offloads in interface_ouput.c in the case when any of the UDP, TCP or IP offload flags is not present in the interface capabilities. e.g. if the interface supports IP cksum offload but not tcp/udp we should still compute cksums here. Type: fix Change-Id: Ibaa3a56dbc92938dca45311c38f079d040052194 Signed-off-by: Nathan Skrzypczak <nathan.skrzypczak@gmail.com>
2021-10-16memif: Enhance show memif descriptors to display regionSteven Luong1-14/+13
memif descriptors table may have more than one shared memory region. To see whether a descriptor's memory address is valid or not, it is beneficial to also display the descriptor's region. While at it, fix the truncation problem for the offset field. Type: improvement Signed-off-by: Steven Luong <sluong@cisco.com> Change-Id: Ia3b7062ac0323c39ade6f3a58333c6405889148f
2021-10-16perfmon: topdown lvl 2 support on sapphire rapidsRay Kinsella3-11/+168
Added topdown level 2 support on sapphire rapids, including ability to indentify a sapphire rapids cpu. Type: improvement Signed-off-by: Ray Kinsella <mdr@ashroe.eu> Change-Id: I9f99a92fa0886b98bb5185cff32bebd5a094f329
2021-10-16perfmon: additional perf counters on icelakeRay Kinsella2-1/+31
The Intel Icelake uArch supports measuring up to 12 counters, comprised of 4 fixed and 8 general counters. Type: improvement Signed-off-by: Ray Kinsella <mdr@ashroe.eu> Change-Id: I68369ea55a0c95d6a4a280a464e69502bbf5474f
2021-10-15vcl: narrow the scope of the restriction of vlsh_bit_valwanghanlin1-3/+4
The restriction of vlsh_bit_val only effect select/pselect, so move the check to select/pselect function. Type: fix Signed-off-by: wanghanlin <wanghanlin@corp.netease.com> Change-Id: I3585c83cfc2f0a2fd834450be650dccda67e3faa
2021-10-14pppoe: fix coverity warningKlement Sekera1-6/+12
Initialise variable used in tracing code in case of early error so that tracing doesn't use this uninitialised variable. Type: fix Signed-off-by: Klement Sekera <ksekera@cisco.com> Change-Id: I6b1cef07e1f126cee56e1116606869dd667274d2
2021-10-14nat: static mappings in flow hashKlement Sekera31-1485/+1324
Put static mappings in flow hash, drop existing hash tables used for static mappings. Drop refcount variables and use hash table as a single point of truth. Allow creating a static mapping conflicting with dynamic mapping, which will take precedence after dynamic mapping is freed, so that the existing flow can finish transferring data. Type: fix Signed-off-by: Klement Sekera <ksekera@cisco.com> Change-Id: Idfde8efabc09971be38921d4b0ca5ccf4e9fe412
2021-10-14ip6-nd: fix coverity warningKlement Sekera1-0/+4
Add a missing return statement in case there are no parameters supplied to 'set ip6 nd proxy' CLI to avoid calling code with uninitialised parameters. Type: fix Signed-off-by: Klement Sekera <ksekera@cisco.com> Change-Id: Ie4fdb4df5d1af49471c421e5e7a6c2f885d2e8d2
2021-10-14tests: fix coverity warningsKlement Sekera1-6/+2
Fix coverity warnings by initialising variables and removing dead code. Type: fix Signed-off-by: Klement Sekera <ksekera@cisco.com> Change-Id: I0254b81020cdc3d7075df003309065438526918f
2021-10-14misc: fix coverity warning in ila pluginKlement Sekera1-1/+1
Remove non-null check for a pointer which cannot be null to avoid dead code warning. Type: fix Signed-off-by: Klement Sekera <ksekera@cisco.com> Change-Id: I5ff40a4f80db7bb0dff9928c90ff757b763902fd
2021-10-13docs: C & C++ apis examplesNathan Skrzypczak6-0/+346
Type: docs Change-Id: I5b6c388332bdd3a29777d728c3357816c8411ea2 Signed-off-by: Nathan Skrzypczak <nathan.skrzypczak@gmail.com>
2021-10-13docs: better docs, mv doxygen to sphinxNathan Skrzypczak388-26305/+23361
This patch refactors the VPP sphinx docs in order to make it easier to consume for external readers as well as VPP developers. It also makes sphinx the single source of documentation, which simplifies maintenance and operation. Most important updates are: - reformat the existing documentation as rst - split RELEASE.md and move it into separate rst files - remove section 'events' - remove section 'archive' - remove section 'related projects' - remove section 'feature by release' - remove section 'Various links' - make (Configuration reference, CLI docs, developer docs) top level items in the list - move 'Use Cases' as part of 'About VPP' - move 'Troubleshooting' as part of 'Getting Started' - move test framework docs into 'Developer Documentation' - add a 'Contributing' section for gerrit, docs and other contributer related infos - deprecate doxygen and test-docs targets - redirect the "make doxygen" target to "make docs" Type: refactor Change-Id: I552a5645d5b7964d547f99b1336e2ac24e7c209f Signed-off-by: Nathan Skrzypczak <nathan.skrzypczak@gmail.com> Signed-off-by: Andrew Yourtchenko <ayourtch@gmail.com>
2021-10-13docs: convert plugins doc md->rstNathan Skrzypczak56-3184/+3706
Type: improvement Change-Id: I7e821cce1feae229e1be4baeed249b9cca658135 Signed-off-by: Nathan Skrzypczak <nathan.skrzypczak@gmail.com>
2021-10-13nat: fix coverity warningKlement Sekera1-1/+1
Fix coverity warning by initialising proto variable to a dummy value. This value is never used because consuming function uses this parameter value only if is_addr_only flag is not set and this flag is always set if proto value is not provided by user. Type: fix Signed-off-by: Klement Sekera <ksekera@cisco.com> Change-Id: I9b5e8c08346bea1e2b460bb09e962c4b8d3b6947
2021-10-13docs: convert vpp doc md->rstNathan Skrzypczak31-2272/+2848
Type: improvement Change-Id: If453321785b04f9c16e8cea36fb1910efaeb2c59 Signed-off-by: Nathan Skrzypczak <nathan.skrzypczak@gmail.com>
2021-10-13docs: convert extras doc md->rstNathan Skrzypczak24-1659/+1922
Type: improvement Change-Id: Ie3b25a86b99098d2b3a21a11fc73234c8ed589d6 Signed-off-by: Nathan Skrzypczak <nathan.skrzypczak@gmail.com>
2021-10-13libmemif: docs md->rstNathan Skrzypczak10-494/+652
Type: improvement Change-Id: Ibebd2d47a4268189f11601d004073e4858548f25 Signed-off-by: Nathan Skrzypczak <nathan.skrzypczak@gmail.com>
2021-10-13libmemif: update documentationJakub Grajciar4-331/+157
Type: refactor Signed-off-by: Jakub Grajciar <jgrajcia@cisco.com> Change-Id: I0094ea8627cd8bcd5ea119c2fd48f077c8e2e4bb
2021-10-13session: app name should format with %vXiaoming Jiang1-1/+1
Type: fix Signed-off-by: Xiaoming Jiang <jiangxiaoming@outlook.com> Change-Id: I2c77066cc9f1d3063373cc9559cc5b369906cc24
2021-10-13nat: fix static mapping segvJoshua Roys1-1/+1
Adding a nat44 static mapping during startup on a DHCP interface leads to a segv via this path: - dhcp_client_acquire_address - ip4_add_del_interface_address - ip4_add_del_interface_address_internal - nat44_ed_add_del_interface_address_cb - nat44_ed_add_static_mapping - ip4_interface_first_address Type: fix Signed-off-by: Joshua Roys <roysjosh@gmail.com> Change-Id: I38dac8a096b052550f2b87b4e13a950d2cd868b0
2021-10-13dpdk: fix vmbus device name parsingBenoît Ganne3-5/+7
unformat_init_vector() expects a vector, not a NULL-terminated C-string. Type: fix Change-Id: I20a266243f63d94b0c6fe24e25ee8346c08c8ff2 Signed-off-by: Benoît Ganne <bganne@cisco.com>
2021-10-13vapi: fix vapi test coverity warningFlorin Coras1-0/+1
Type: fix Signed-off-by: Florin Coras <fcoras@cisco.com> Change-Id: I5ecb73009c6ebb00b5d9e14bd09b4b3e80ab5601
2021-10-13vppinfra: fix socket init netns coverityFlorin Coras1-0/+3
Type: fix Signed-off-by: Florin Coras <fcoras@cisco.com> Change-Id: I4f37c6601ace08ae886b08d2284b413d457e4eae
2021-10-13vppinfra: fix format_table coverity warningFlorin Coras1-1/+1
Type: fix Signed-off-by: Florin Coras <fcoras@cisco.com> Change-Id: Ida114ba35227f70ddd87cad791a21f186be1cba8
2021-10-13vlib: fix vmbus error logBenoît Ganne1-3/+3
struct dirent *e is freed when calling closedir(). Use ifname instead. Type: fix Change-Id: Icc9ca52c33ecc1dee7a9e28802149e4e3e4c8ac0 Signed-off-by: Benoît Ganne <bganne@cisco.com>
2021-10-13interface: handle error during admin-up correctlyMatthew Smith1-3/+0
Type: fix In vnet_sw_interface_set_flags_helper(), the variable old_flags is set to the original value of vnet_sw_interface_t.flags for an interface. If an error occurs during the process of bringing an interface up, old_flags is used to restore the original value. Before the dev class or hw class admin_up_down_function can be called, but after modifying vnet_sw_interface_t.flags to it's new value, old_flags is set to the value of vnet_sw_interface_t.flags a second time. This discards the original flags that were being preserved. As a result, if an interface is being brought up and the dev class or hw class function fails, at the end VPP believes that interface is up. This can cause a crash if packets are routed through the interface and some RX/TX initialization was not completed because of the error while bringing the interface up. Change-Id: Ica6b6bac13c24e88c4136bf084cd392e6217e7d9 Signed-off-by: Matthew Smith <mgsmith@netgate.com>
2021-10-12dhcp: fix coverity warningFlorin Coras1-1/+1
Type: fix Signed-off-by: Florin Coras <fcoras@cisco.com> Change-Id: I2367e86fb22176881d118342f6e991dbc708b1f2
2021-10-12vppinfra: use unaligned non-vector load/stores in x86 memcpyDamjan Marion4-21/+28
Type: fix Change-Id: I54ef23a52f05cc95210a736f84b927dd69b8a6f7 Signed-off-by: Damjan Marion <damarion@cisco.com>
2021-10-12fib: fix the drop counter for ipv6 RPF failuresNeale Ranns3-24/+36
Type: fix the only change to the mfib forwarding node is to set the error code, the rest is checkstyle formatting. The traces previously showed some bogus reason: 00:04:27:325550: ip6-mfib-forward-rpf entry 10 itf -1 flags 00:04:27:325551: ip6-drop fib:0 adj:10 flow:0 UDP: fe80::b203:eaff:fe02:604 -> ff02::1:2 tos 0x00, flow label 0x651ed, hop limit 1, payload length 64 UDP: 546 -> 547 length 64, checksum 0xec9a 00:04:27:325551: error-drop rx:GigabitEthernet6/0/0 00:04:27:325553: drop ip6-input: drops due to concurrent reassemblies limit Signed-off-by: Neale Ranns <neale@graphiant.com> Change-Id: I294684c36edc346b4ebdd83ba66888b3b2197704
2021-10-12unittest: fix crypto key len coverity warningFlorin Coras1-1/+1
Type: fix Signed-off-by: Florin Coras <fcoras@cisco.com> Change-Id: Id41e22345be3ec401813ba43ddc7d92666784eb4
2021-10-12api: cli coverity fixesFlorin Coras1-2/+2
Type: fix Signed-off-by: Florin Coras <fcoras@cisco.com> Change-Id: I515be7ea213250fe89a2b2be06f3636fe8f493a8
2021-10-12ipsec: Performance improvement of ipsec4_output_node using flow cacheGovindarajan Mohandoss10-17/+1060
Adding flow cache support to improve outbound IPv4/IPSec SPD lookup performance. Details about flow cache: Mechanism: 1. First packet of a flow will undergo linear search in SPD table. Once a policy match is found, a new entry will be added into the flow cache. From 2nd packet onwards, the policy lookup will happen in flow cache. 2. The flow cache is implemented using bihash without collision handling. This will avoid the logic to age out or recycle the old flows in flow cache. Whenever a collision occurs, old entry will be overwritten by the new entry. Worst case is when all the 256 packets in a batch result in collision and fall back to linear search. Average and best case will be O(1). 3. The size of flow cache is fixed and decided based on the number of flows to be supported. The default is set to 1 million flows. This can be made as a configurable option as a next step. 4. Whenever a SPD rule is added/deleted by the control plane, the flow cache entries will be completely deleted (reset) in the control plane. The assumption here is that SPD rule add/del is not a frequent operation from control plane. Flow cache reset is done, by putting the data plane in fall back mode, to bypass flow cache and do linear search till the SPD rule add/delete operation is complete. Once the rule is successfully added/deleted, the data plane will be allowed to make use of the flow cache. The flow cache will be reset only after flushing out the inflight packets from all the worker cores using vlib_worker_wait_one_loop(). Details about bihash usage: 1. A new bihash template (16_8) is added to support IPv4 5 tuple. BIHASH_KVP_PER_PAGE and BIHASH_KVP_AT_BUCKET_LEVEL are set to 1 in the new template. It means only one KVP is supported per bucket. 2. Collision handling is avoided by calling BV (clib_bihash_add_or_overwrite_stale) function. Through the stale callback function pointer, the KVP entry will be overwritten during collision. 3. Flow cache reset is done using BV (clib_bihash_foreach_key_value_pair) function. Through the callback function pointer, the KVP value is reset to ~0ULL. MRR performance numbers with 1 core, 1 ESP Tunnel, null-encrypt, 64B for different SPD policy matching indices: SPD Policy index : 1 10 100 1000 Throughput : MPPS/MPPS MPPS/MPPS MPPS/MPPS KPPS/MPPS (Baseline/Optimized) ARM Neoverse N1 : 5.2/4.84 4.55/4.84 2.11/4.84 329.5/4.84 ARM TX2 : 2.81/2.6 2.51/2.6 1.27/2.6 176.62/2.6 INTEL SKX : 4.93/4.48 4.29/4.46 2.05/4.48 336.79/4.47 Next Steps: Following can be made as a configurable option through startup conf at IPSec level: 1. Enable/Disable Flow cache. 2. Bihash configuration like number of buckets and memory size. 3. Dual/Quad loop unroll can be applied around bihash to further improve the performance. 4. The same flow cache logic can be applied for IPv6 as well as in IPSec inbound direction. A deeper and wider flow cache using bihash_40_8 can replace existing bihash_16_8, to make it common for both IPv4 and IPv6 in both outbound and inbound directions. Following changes are made based on the review comments: 1. ON/OFF flow cache through startup conf. Default: OFF 2. Flow cache stale entry detection using epoch counter. 3. Avoid host order endianness conversion during flow cache lookup. 4. Move IPSec startup conf to a common file. 5. Added SPD flow cache unit test case 6. Replaced bihash with vectors to implement flow cache. 7. ipsec_add_del_policy API is not mpsafe. Cleaned up inflight packets check in control plane. Type: improvement Signed-off-by: mgovind <govindarajan.Mohandoss@arm.com> Signed-off-by: Zachary Leaf <zachary.leaf@arm.com> Tested-by: Jieqiang Wang <jieqiang.wang@arm.com> Change-Id: I62b4d6625fbc6caf292427a5d2046aa5672b2006
2021-10-12session: set actual lcl ip on accepted ctFlorin Coras1-1/+1
Type: improvement Signed-off-by: Florin Coras <fcoras@cisco.com> Change-Id: Ic2ba5fa234a394acb524b61573fc49f2d58c2dea
2021-10-12memif: fix the memif crash when slave disconnectMohsin Kazmi1-1/+2
Type: fix Fixes: 3effb4e63068 ("memif: integrate with new tx infra") memif is recently integrated with new tx infra. But it introduces a crash when slave disconnect from master but interface is not deleted. Disconnect routine was missing unregister of all tx queues. This patch fixes it. Signed-off-by: Mohsin Kazmi <sykazmi@cisco.com> Change-Id: I81c59cc1a03561248ec8595d5e3caa54f421833e
2021-10-12Revert "nat: static mappings in flow hash"Ole Troan31-1298/+1468
This reverts commit 69b7599e4b061a8996205f0304232ede84cb70d4. Type: fix Signed-off-by: Ole Troan <ot@cisco.com> Change-Id: If531b122ae5a9f91c2fe6eaa0da69922a91f16d3
2021-10-12nat: static mappings in flow hashKlement Sekera31-1468/+1298
Put static mappings in flow hash, drop existing hash tables used for static mappings. Drop refcount variables and use hash table as a single point of truth. Allow creating a static mapping conflicting with dynamic mapping, which will take precedence after dynamic mapping is freed, so that the existing flow can finish transferring data. Type: fix Signed-off-by: Klement Sekera <ksekera@cisco.com> Change-Id: Ieeba691d83a83887d0a0baccd5f3832f66126096
2021-10-11api: set missing handlersFilip Tehlar1-0/+3
Type: fix Signed-off-by: Filip Tehlar <ftehlar@cisco.com> Change-Id: I1fdefeaa4661c03e819b2f2f25762c633f9ab42c
2021-10-11vat: move memset after initFilip Tehlar2-2/+2
Type: fix Signed-off-by: Filip Tehlar <ftehlar@cisco.com> Change-Id: Ia65fd2f99dfe6538411c247aeb9691c590c2e00b
2021-10-11l3xc: skip load balancing if not multipathBenoît Ganne1-5/+5
Type: improvement Change-Id: I3d8e1c7a83530bbc4b1751358ad7d034476ff13f Signed-off-by: Benoît Ganne <bganne@cisco.com>
2021-10-11ip: fix fib and mfib locksNathan Skrzypczak14-96/+126
This patches fixes an issue that could cause fib locks to underflow: if an API user deletes a fib and quickly recreates it, the fib may not have been actually deleted. As a result, the lock would not be incremented on the create call leading to the fib potentially disappearing afterwards - or to the lock to underflow when the fib is deleted again. In order to keep the existing API semantics, we use the locks with API and CLI source as flags. This means we need to use a different counter for the interface-related locks. This also prevents an issue where an interface being bound to a vrf via API and released via CLI could mess up the lock counter. Finally, this will help with cleaning up the interface-related locks on interface deletion in a later patch. Type: fix Change-Id: I93030a7660646d6dd179ddf27fe4e708aa11b90e Signed-off-by: Nathan Skrzypczak <nathan.skrzypczak@gmail.com> Signed-off-by: Aloys Augustin <aloaugus@cisco.com>
2021-10-11docs: nitfixes in FEATURE.yamlNathan Skrzypczak8-9/+9
Type: improvement Change-Id: Iec585880085b12b08594a0640822cd831455d594 Signed-off-by: Nathan Skrzypczak <nathan.skrzypczak@gmail.com>
2021-10-11af_xdp: ensure at least one queue is createdJoshua Roys1-1/+4
Attempting to create an af_xdp interface with zerocopy where the underlying driver didn't support it would lead to a crash due to queue creation silently failing. Type: fix Signed-off-by: Joshua Roys <roysjosh@gmail.com> Change-Id: Ifd9070b8c2b3023d71120c5cf20f7e89d04e4cb3
2021-10-08tls: shutdown openssl context on app closeFlorin Coras1-0/+2
Type: improvement Signed-off-by: Florin Coras <fcoras@cisco.com> Change-Id: Ie0fde16fb4e41637169474628808fddf343884f3
2021-10-08vxlan-gpe: add udp-port configuration supportArtem Glazychev10-395/+687
similar behavior as here: 839dcc0fb7313638d9b8f52a9db81350dddfe461 Type: improvement Signed-off-by: Artem Glazychev <artem.glazychev@xored.com> Change-Id: I1b0a8f8f3dab48839e27df7065cf5f786cf0b5e9
2021-10-08ikev2: lazy initializationBenoît Ganne4-52/+111
- do not initialize resources if ikev2 is not used. - process IKE packets only if we have profile(s) configured Type: improvement Change-Id: I57c95a888532eafd70989096c0555ebb1d7bef25 Signed-off-by: Benoît Ganne <bganne@cisco.com>