summaryrefslogtreecommitdiffstats
AgeCommit message (Collapse)AuthorFilesLines
2022-05-03ipsec: support per next-header next-nodesBenoît Ganne3-36/+100
Type: feature Change-Id: I940b6c9d206e407f3e17d66c97233cd658984e61 Signed-off-by: Benoît Ganne <bganne@cisco.com>
2022-05-03tests: handle removed interfaceKlement Sekera3-22/+29
Catch exception if sw_if_index is invalid when querying interface binding config. If the interface is not there, it's surely not bound to any table ... Type: improvement Change-Id: I1f3e04a631653feb5c2350662b6a041adccefa1f Signed-off-by: Klement Sekera <klement.sekera@gmail.com>
2022-05-02vapi: support api clients within vpp processOle Troan9-58/+673
Add vapi_connect_from_vpp() and vapi_disconnect_from_vpp() calls to allow API clients from within VPP process. Add a new memclnt_create version that gives the user a knob to enable or disable dead client scans (keepalive). Type: feature Signed-off-by: Ole Troan <ot@cisco.com> Change-Id: Id0b7bb89308db3a3aed2d3fcbedf4e1282dcd03f Signed-off-by: Ole Troan <ot@cisco.com>
2022-05-02dhcp: fix dhcp_compl_eventJing Peng1-3/+5
This patch fixes two problems: 1. The lease field in the dhcp_compl_event message can include a list of vl_api_domain_server_t structs, but no memory is allocated for it. 2. The DNS server address is not copied properly, resulting in wrong IP4 addresses in the event message. Type: fix Signed-off-by: Jing Peng <pj.hades@gmail.com> Change-Id: I42c533e7af697568c69714011d983f88368a7e15
2022-04-29build: use env to find bash pathDamjan Marion1-1/+1
Type: make Change-Id: I9f87134ac05d99051888024f889f05dae8e3feec Signed-off-by: Damjan Marion <damarion@cisco.com>
2022-04-29vppinfra: fix clib_mem_destroyDamjan Marion1-2/+1
Passing wrong pointer to clib_mem_vm_unmap... Type: fix Change-Id: I1f695d77bc45d9a6de3a4a3da1fbe6faebdad15e Signed-off-by: Damjan Marion <damarion@cisco.com>
2022-04-29tests: fix handling failed test caseKlement Sekera1-1/+2
Add missing parameter where required. Type: fix Signed-off-by: Klement Sekera <klement.sekera@gmail.com> Change-Id: I8cd7c31848836e3233cb79d1dd21884167db4354
2022-04-29tests: fix assert_nothing_capturedKlement Sekera4-33/+33
Type: fix Fixes: 26cd0242c95025e0d644db3a80dfe8dee83b6d7a Change-Id: I9a88221af65f170dc6b1f0dc0992df401e489fa2 Signed-off-by: Klement Sekera <klement.sekera@gmail.com>
2022-04-28build: remove mbedtls from rpm dependenciesFlorin Coras1-4/+3
Type: improvement Signed-off-by: Florin Coras <fcoras@cisco.com> Change-Id: I50dfed0fba3c8547f5c52998cf777f2ed1d2e4a5
2022-04-28wireguard: Document wireguard async mode defaultJon Loeliger1-2/+2
Type: improvement Signed-off-by: Jon Loeliger <jdl@netgate.com> Change-Id: I446eb86c097d1bf99f05ee47f1c550689d70ced2
2022-04-28af_xdp: more meaningful frame_size error messageBenoît Ganne1-0/+14
Type: improvement Change-Id: If3a83848ae0741334887c654b65e424b99caa73c Signed-off-by: Benoît Ganne <bganne@cisco.com>
2022-04-28session: fix coverity warningFlorin Coras1-1/+1
Type: fix Signed-off-by: Florin Coras <fcoras@cisco.com> Change-Id: I67f5a2c8902dd14c09472c25599b3b1b493a6948
2022-04-27vapi: Fix build when directory contains @Renato Botelho do Couto2-2/+3
During build some header guards are created based on full path where build is happening. If one directory contains @ character build breaks because compiler believes it's a macro declaration. Jenkins adds `@${EXECUTOR_NUMBER}` suffix to workspace directory when it uses more than one executor for that job, breaking the build. Replace any @ character on guard name by _ to get it fixed. Type: fix Change-Id: Id0f4cfc33fda95e168541aa4e353a0d08aa3b664 Signed-off-by: Renato Botelho do Couto <renato@netgate.com>
2022-04-26linux-cp: sync addr and neigh only for lcp interfacesStanislav Zaikin5-7/+38
Type: fix Signed-off-by: Stanislav Zaikin <zstaseg@gmail.com> Change-Id: I792467b73449074e59c4232b1f82d134c399624c
2022-04-26libmemif: timer causes spin at 100% cpuDaniel Béreš1-0/+10
In case of timer is set and expires: 1. timer_fd is readable and stay readable. 2. timer_fd is part of epoll_fd set. This makes epoll_pwait() calls return immediately instead of sleeping. Type: fix Signed-off-by: Daniel Béreš <dberes@cisco.com> Change-Id: I9b228464fe45b83def9b182c885d6febf428049c
2022-04-26flow: enable RSS queue group action for 5G enhancementTing Xu3-1/+45
Enable the flow action for RSS queue group. Packets can be distributed among queues in group based on specific fields. Queues must be continous in the group. This feature is to support 5G enhancement requirement. Type: feature Signed-off-by: Ting Xu <ting.xu@intel.com> Change-Id: I74fdc617659bcb61f00b3b1934c95ab1c73bb8f3
2022-04-26session: export session counts to stats segmentFlorin Coras1-0/+40
Type: improvement Signed-off-by: Florin Coras <fcoras@cisco.com> Change-Id: I02aec410eaa7ccb999159b6967414fbaf4e76a3f
2022-04-26stats: string vector and node collector improvementsDamjan Marion5-135/+161
Type: improvement Change-Id: Ibdadeb4e685f45a93f45504a84709391489abb6a Signed-off-by: Damjan Marion <damarion@cisco.com>
2022-04-25build: add option to build only for native CPUDamjan Marion3-1/+23
Significantly reduces compilation time for uses who are interested to run binaries only on the build machine. Type: make Change-Id: I431f6f7374b6dfa8b3f7c72dc69f3d5cafd1f6bb Signed-off-by: Damjan Marion <damarion@cisco.com>
2022-04-24build: fix 16-8-8 mtrie build optionBenoît Ganne1-1/+1
VPP_IP_FIB_MTRIE_16 should be defined only if the option is enabled instead of being defined as "ON" or "OFF". Type: fix Change-Id: Ib4e29a827bcbd84c8012f05ad264c1408ffccee7 Signed-off-by: Benoît Ganne <bganne@cisco.com>
2022-04-21hsa: vcl test client epoll worker loopFlorin Coras3-15/+301
Supports more connections and track connect time. Can be used to measure CPS. Only works in unidirectional mode for now. Type: improvement Signed-off-by: Florin Coras <fcoras@cisco.com> Change-Id: I70bc6a271996407dd16a96115f509bd680a0f302
2022-04-22session: fix ctrl evt rpc elt pool reallocFlorin Coras1-5/+10
Type: fix Signed-off-by: Florin Coras <fcoras@cisco.com> Change-Id: I79bfe91e81983b619c61a32285d8e038c2654147
2022-04-21session svm: fix mq producer wait on q and ringFlorin Coras4-12/+51
Make sure producer drops lock when it waits for empty ring slot. Type: fix Signed-off-by: Florin Coras <fcoras@cisco.com> Change-Id: Id77d54ee8c01bed20c9eaf5ad372ed4b1e9fa712
2022-04-21nat: tweak rfc7857 tcp connection trackingOle Troan5-316/+81
The RFC7857 state machine introduced in 56c492a is a trade-off. It tries to retain sessions as much as possible and also offers some protection against spurious RST by re-establishing sessions if data is received after the RST. From experience in the wild, this algorithm is a little too liberal, as it leaves too many spurious established sessions in the session table. E.g. a oberserved pattern is: client server <- FIN, ACK ACK -> ACK -> RST, ACK -> With the current state machine this would leave the session in established state. These proposed changes do: - require 3-way handshake to establish session. (current requires only to see SYNs from both sides) - RST will move session to transitory without recovery if data is sent after - Only a single FIN is needed to move to transitory Fixes: 56c492aa0502751de2dd9d890096a82c5f04776d Type: fix Signed-off-by: Ole Troan <ot@cisco.com> Change-Id: I92e593e00b2efe48d04997642d85bd59e0eaa2ea Signed-off-by: Ole Troan <ot@cisco.com>
2022-04-19devices: remove redundant access in af-packet inputMohsin Kazmi1-5/+5
Type: fix current_data is set to 0 for each packet in af-packet input node. It is not required to include it to calculate the headers offset. Signed-off-by: Mohsin Kazmi <sykazmi@cisco.com> Change-Id: I538d8c04e24c758155b3f8d6a1532472ef549459
2022-04-18session: add support for listen proxiesFlorin Coras2-5/+27
Listener proxies are allowed to listen on IPs that are not local. Configurable only by builtin apps for now. Type: improvement Signed-off-by: Florin Coras <fcoras@cisco.com> Change-Id: Idb380ee3584a088878a03d45fd85e7bb0deeb590
2022-04-18nat: fix deleting nat ei out interface featureAlexander Skorichenko1-2/+2
Type: fix Set is_add function argument to 0 when deleting interface role. Change-Id: I6ca88d6511e1c88285e51b3750eb501fde2b341b Signed-off-by: Alexander Skorichenko <askorichenko@netgate.com>
2022-04-18rpm-packaging: remove mbedtls dependencyFlorin Coras1-4/+2
Type: improvement Signed-off-by: Florin Coras <fcoras@cisco.com> Change-Id: Idf325b7f1ce75e973dbea4d5836609590c85dc38
2022-04-16hsa: vcl test client allow non-blocking connectsFlorin Coras3-45/+66
Type: improvement Signed-off-by: Florin Coras <fcoras@cisco.com> Change-Id: If7dd56e76efc31ed66b865e2c7231d22ec2322b4
2022-04-15hsa: support configurable vcl client wrk loopFlorin Coras1-69/+128
Type: refactor Signed-off-by: Florin Coras <fcoras@cisco.com> Change-Id: I5e49f43b18ff011ce0b7259ed58854d81f910826
2022-04-15stats: store heap in the directory_entry vectorDamjan Marion2-15/+2
Type: improvement Change-Id: I878803d14d1070ef5a00ed9d3f72022906d55191 Signed-off-by: Damjan Marion <damarion@cisco.com>
2022-04-15build: c compiler version warningsDamjan Marion2-14/+37
Type: make Change-Id: I9455da47f03383df822436d1adc4c4b5e58c7cf9 Signed-off-by: Damjan Marion <damarion@cisco.com>
2022-04-15api: fix infinite loop in show api dump CLIAndrew Yourtchenko1-1/+1
The following illustrates the problem: ./build-root/install-vpp_debug-native/vpp/bin/vpp api-trace { on } unix { cli-listen /tmp/vpp-api-cli.sock } plugins { plugin dpdk_plugin.so { disable } } sleep 5 ./build-root/install-vpp_debug-native/vpp/bin/vppctl -s /tmp/vpp-api-cli.sock show version ./build-root/install-vpp_debug-native/vpp/bin/vppctl -s /tmp/vpp-api-cli.sock show api dump file /tmp/api-table.master-api-baseline compare The last CLI hangs in an infinite loop. Fix the typo which got in during the conversion of _vec_len to read-only: .@@ -1285,7 +1285,7 @@ extract_name (u8 * s) . rv = vec_dup (s); . . while (vec_len (rv) && rv[vec_len (rv)] != '_') .- _vec_len (rv)--; .+ vec_dec_len (rv, 0); . Type: fix Fixes: 8bea589cfe0fca1a6f560e16ca66a4cf199041a2 Signed-off-by: Andrew Yourtchenko <ayourtch@gmail.com> Change-Id: I4f895348ae0ebaaba9da97c3a440912d38210f10
2022-04-14vlib: disable cpu pinning if not configuredBenoît Ganne3-23/+24
In some environment like when running a lot of functional tests, it can be useful to run more VPP instances than CPU and let the Linux scheduler decide what to do. This change disable cpu pinning altogether in the single-threaded case, provided that no main-core is explicitely specified in the config Type: improvement Change-Id: I8c2f36fdd49c00f9adaaeb4c81aefb27c3420a9b Signed-off-by: Benoît Ganne <bganne@cisco.com> Signed-off-by: Mohammed Hawari <mohammed@hawari.fr>
2022-04-14gtpu: fix memory leakLeung Lai Yung1-0/+1
Type: fix Free the old rewrite string before assigning a new rewrite string for the updated new tteid value. Signed-off-by: Leung Lai Yung <benkerbuild@gmail.com> Change-Id: I1ec19bce6afda3dfdc31c8724b32ac7b9bc84e89
2022-04-14build: Ignore buildinfo fileRenato Botelho do Couto1-0/+1
During deb package build, a .buildinfo file is created at build-root. Add this to .gitignore. Type: make Signed-off-by: Renato Botelho do Couto <renato@netgate.com> Change-Id: Id86c21e22aa2b9e4b559cfc0bc662de835fa1621
2022-04-14ipsec: perf improvement of ipsec4_input_node using flow cacheZachary Leaf11-60/+1011
Adding flow cache support to improve inbound IPv4/IPSec Security Policy Database (SPD) lookup performance. By enabling the flow cache in startup conf, this replaces a linear O(N) SPD search, with an O(1) hash table search. This patch is the ipsec4_input_node counterpart to https://gerrit.fd.io/r/c/vpp/+/31694, and shares much of the same code, theory and mechanism of action. Details about the flow cache: Mechanism: 1. First packet of a flow will undergo linear search in SPD table. Once a policy match is found, a new entry will be added into the flow cache. From 2nd packet onwards, the policy lookup will happen in flow cache. 2. The flow cache is implemented using a hash table without collision handling. This will avoid the logic to age out or recycle the old flows in flow cache. Whenever a collision occurs, the old entry will be overwritten by the new entry. Worst case is when all the 256 packets in a batch result in collision, falling back to linear search. Average and best case will be O(1). 3. The size of flow cache is fixed and decided based on the number of flows to be supported. The default is set to 1 million flows, but is configurable by a startup.conf option. 4. Whenever a SPD rule is added/deleted by the control plane, all current flow cache entries will be invalidated. As the SPD API is not mp-safe, the data plane will wait for the control plane operation to complete. Cache invalidation is via an epoch counter that is incremented on policy add/del and stored with each entry in the flow cache. If the epoch counter in the flow cache does not match the current count, the entry is considered stale, and we fall back to linear search. The following configurable options are available through startup conf under the ipsec{} entry: 1. ipv4-inbound-spd-flow-cache on/off - enable SPD flow cache (default off) 2. ipv4-inbound-spd-hash-buckets %d - set number of hash buckets (default 4,194,304: ~1 million flows with 25% load factor) Performance with 1 core, 1 ESP Tunnel, null-decrypt then bypass, 94B (null encrypted packet) for different SPD policy matching indices: SPD Policy index : 2 10 100 1000 Throughput : Mbps/Mbps Mbps/Mbps Mbps/Mbps Mbps/Mbps (Baseline/Optimized) ARM TX2 : 300/290 230/290 70/290 8.5/290 Type: improvement Signed-off-by: Zachary Leaf <zachary.leaf@arm.com> Signed-off-by: mgovind <govindarajan.Mohandoss@arm.com> Tested-by: Jieqiang Wang <jieqiang.wang@arm.com> Change-Id: I8be2ad4715accbb335c38cd933904119db75827b
2022-04-13crypto-openssl: use getrandom syscallGuillaume Solignac1-2/+2
The sys/random.h header, which provides the getrandom syscall wrapper, was only added in glibc2.25. To make it compatible with older version, we can directly call the syscall. Type: improvement Signed-off-by: Guillaume Solignac <gsoligna@cisco.com> Change-Id: I93c5f8a49c0323511a4e34273f0b3c0e24663bfd
2022-04-13vppinfra: fix GCC 7.3 build error with asm inlineGuillaume Solignac1-4/+4
GCC added asm inline in 8.3, so we change asm inline to asm volatile. Type: fix Fixes: d5045e68a782 ("vppinfra: introduce clib_perfmom") Signed-off-by: Guillaume Solignac <gsoligna@cisco.com> Change-Id: I9f7781ba9de66211404348ff477a17059b408a78
2022-04-13build: fix rpm build nasm not foundTianyu Li1-0/+1
Type: make Signed-off-by: Tianyu Li <tianyu.li@arm.com> Change-Id: I7ac1d0472edf8d48eac21a7b580a06456bf60c30
2022-04-13vppinfra: fix clang-10 build error with asm inlineTianyu Li1-1/+1
clang start to support parse asm inline from clang-11, Use asm volatile instead. Type: fix Fixes: d5045e68a782 ("vppinfra: introduce clib_perfmom") Signed-off-by: Tianyu Li <tianyu.li@arm.com> Change-Id: I00e5e19856caaed94e22f8fa6cf4f918483976a4
2022-04-12vppinfra: vector perf improvementsDamjan Marion15-139/+326
Type: improvement Change-Id: I37c187af80c21b8fb1ab15af112527a837e0df9e Signed-off-by: Damjan Marion <damarion@cisco.com>
2022-04-12ip: fix arc start in ip46-local for local mfib entriesAlexander Chernavin3-27/+47
Type: fix After changes made in f840880, VRRP IPv6 cannot reply for neighbor solicitations requesting the link layer address of the configured virtual address. VRRP IPv6 enables the vrrp6-nd-input feature in the ip6-local feature arc for an interface on which a virtual router is configured. When neighbor solicitations arrive on that interface, ip6-local should start feature arc walk for that interface and the messages should be processed by vrrp6-nd-input. The problem is that currently, the feature arc is started for the interface obtained from the receive DPO that has interface unset (i.e. max u32) for local mfib entries. Thus, the feature arc is started not on the interface the messages were received on and vrrp6-nd-input is not traversed. With this fix, if interface obtained from the receive DPO is unset, use RX interface from the buffer to start the ip46-local feature arc. Also, enable tests of this case for both IPv4 and IPv6 address families that are currently tagged as extended and not run on every change. They configure VRRP with priority 255 and are expected to be stable. Signed-off-by: Alexander Chernavin <achernavin@netgate.com> Change-Id: I11ef3d5a7a986e04431e8613d1510b8666094bd7
2022-04-12hsa: fix coverity warningFlorin Coras1-0/+1
Type: fix Signed-off-by: Florin Coras <fcoras@cisco.com> Change-Id: I9cf21ee7ad363dd1af5ca75f07bfe38d8fe749f9
2022-04-12hsa: vcl test client option to close only clientFlorin Coras2-2/+12
Type: improvement Signed-off-by: Florin Coras <fcoras@cisco.com> Change-Id: I45c63e0a7d7179a0f27ca3f093bd3cf7458a12d3
2022-04-12tcp: limit persist segment size if window availableFlorin Coras1-1/+3
Type: improvement Signed-off-by: Florin Coras <fcoras@cisco.com> Change-Id: Ie1ae401d5105aa42761d3cac5dfbe523f3995c87
2022-04-12tests: fix bihash unit test threads countJing Peng1-4/+4
In test_bihash_threads, if a test thread fails to be created, it is still counted towards the total thread count, which could lead to never-ending test loop. This patch fixes the issue. Type: fix Signed-off-by: Jing Peng <pj.hades@gmail.com> Change-Id: Ic0f1d4dde9c5ea672b52f0e2e49f16d42f982b77
2022-04-11teib: use nexthop table idBenoît Ganne1-3/+0
Use the specified nexthop table id instead of the interface table id. Type: fix Change-Id: I61bf61d50d2716fcd9a6e35df4d60222dc4f36d5 Signed-off-by: Benoît Ganne <bganne@cisco.com>
2022-04-11interface: fix the offloadsMohsin Kazmi1-0/+2
Type: fix Signed-off-by: Mohsin Kazmi <sykazmi@cisco.com> Change-Id: I9f3d1a8574b15f09a458baad98c815e087fd60b8
2022-04-11tls: fix connected notifications with no app wrkFlorin Coras2-6/+14
Type: fix Signed-off-by: Florin Coras <fcoras@cisco.com> Change-Id: I805131b4e3d0cb2fab1d3bf76db659c67522c2e8