Age | Commit message (Collapse) | Author | Files | Lines |
|
update the glean adj on a local interface MAC change
Change-Id: Ia5c5cde424ed0fea3431532cc5abf22b364bbab5
Signed-off-by: Neale Ranns <nranns@cisco.com>
|
|
17.11 is still default.
Change-Id: I524d232579db8a59c717c5d760398b6b7f811d03
Signed-off-by: Damjan Marion <damarion@cisco.com>
|
|
Change GRE tunnel to use the interface type where the same encap
node is used as output node for all GRE tunnels, instead of having
dedicated output and tx node for each tunnel. This allows for more
efficient tunnel creation and deletion at scale tested at 1000's
of GRE tunnels.
Add support for ERSPAN encap as another tunnel type, in addition
to the existing L3 and TEB types. The GRE ERSPAN encap supported
is type 2 thus GRE encap need to include sequence number and GRE-
ERSPAN tunnel can be created with user secified ERSPAN session ID.
The GRE tunnel lookup hash key is updated to inclue tunnel type
and session ID, in addition to SIP/DIP and FIB index.
Thus, GRE-ERSPAN tunnel can be created, with the appropriate
session ID, to be used as output interface for SPAN config to
send mirrored packets.
Change interface naming so that all GRE tunnels, irrespective of
tunnel type, uses "greN" where N is the instance number. Removed
interface reuse on tunnel creation and deletion to enable unfied
tunnel interface name.
Add support of user specified instance on GRE tunnel creation.
Thus, N in the "greN" interface name can optionally be specified
by user via CLI/API.
Optimize GRE tunnel encap DPO stacking to bypass load-balance DPO
node since packet output on GRE tunnel always belong to the same
flow after 5-tupple hash.
Change-Id: Ifa83915744a1a88045c998604777cc3583f4da52
Signed-off-by: John Lo <loj@cisco.com>
|
|
Change-Id: I7f5a3b8d92ef07d60315bab6e560eba49ea07249
Signed-off-by: Florin Coras <fcoras@cisco.com>
|
|
The issue observed in the output-node was actually
caused by one of the input-node pushing buffers to
the output node when not required. That is the case
with the parsing/handling of incoming packets like
the COOKIE_ACK, HEARTBEAT_ACK, DATA, SACK which do
not require a response to be sent to the other peer.
In all the mentioned cases the packets (buffers) need
to be consumed and dropped instead of heading to the
output-node.
Change-Id: I3dcbe5de1cedb2ab8b06fff4364749b525cc7ac6
Signed-off-by: Marco Varlese <marco.varlese@suse.com>
|
|
This patch takes care of some refactoring, including the initialization
of the timestamp to calculate the RTO, the output state-machine
validation which can be enabled (disabled by default) when debugging and
some clean-up of unused fields.
It also addresses the requirement of Karn's algorithm when computing the
RTO.
Change-Id: I6b875152369bff23cad085708cec1f7e1151cfa8
Signed-off-by: Marco Varlese <marco.varlese@suse.com>
|
|
We disable the client detect feature when we bind a DHCP address. Turn
it back on again when the lease expires. Otherwise, if the DHCP
server replies after an outage, we'll never see the reply.
Add dhcp packet tx counters, by packet type
Change-Id: Id54b05647d5d7bd8d3ab99e6584ee86d9e4ff7f9
Signed-off-by: Dave Barach <dave@barachs.net>
|
|
Memfd backed shared memory segments can only be negotiated over sockets.
For such scenarios, the existing redirect mechanism that establishes
cut-through sessions does not work anymore as the two peer application
do not share such a socket.
This patch adds support for local sessions, as opposed to sessions
backed by a transport connection, in a way that is almost transparent to
the two applications by reusing the existing binary api messages.
Moreover, all segment allocations are now entirely done through the
segment manager valloc, so segment overlaps due to independent
allocations previously required for redirects are completely avoided.
The one notable characteristic of local sessions (cut-through from app
perspective) notification messages is that they carry pointers to two
event queues, one for each app peer, instead of one. For
transport-backed sessions one of the queues can be inferred but for
local session they cannot.
Change-Id: Ia443fb63e2d9d8e43490275062a708f039038175
Signed-off-by: Florin Coras <fcoras@cisco.com>
|
|
Change-Id: I1384d16deb3fa38b988dd2fc98f436124e381536
Signed-off-by: Neale Ranns <neale.ranns@cisco.com>
|
|
Change-Id: I3908cc112b40d4bb52da18e7c3ac5ae0af455f87
Signed-off-by: Mohsin Kazmi <sykazmi@cisco.com>
|
|
- Reduce log size by using "api trace custom-dump" instead
of "api trace dump".
- Fix custom-dump output of cli_inband_t api message to include
cli command being executed.
New output:
DBGvpp# api trace custom-dump /tmp/test
vl_api_memclnt_delete_t:
index: 2
handle: 0x301d8e10
SCRIPT: memclnt_create name vpp_api_test
SCRIPT: sw_interface_dump all
SCRIPT: control_ping
SCRIPT: exec show run
Old output:
DBGvpp# api trace dump /tmp/test
---------- trace 0 -----------
vl_api_memclnt_delete_t:
index: 33554432
handle: 0x108e1d3000000000
---------- trace 1 -----------
vl_api_memclnt_create_t:
name: vpp_api_test
input_queue: 0x808e1d3000000000
context: 0
ctx_quota: 0
---------- trace 2 -----------
vl_api_sw_interface_dump_t:
_vl_msg_id: 61
client_index: 33554432
context: 0
name_filter_valid: 0
---------- trace 3 -----------
vl_api_control_ping_t:
_vl_msg_id: 712
client_index: 33554432
context: 0
---------- trace 4 -----------
vl_api_cli_inband_t:
_vl_msg_id: 715
client_index: 33554432
context: 0
length: 9
Change-Id: If740c861649a3a59b8cc7a777c23c3cf94b8ff87
Signed-off-by: Dave Wallace <dwallacelf@gmail.com>
|
|
Call vnet_feature_next() for DHCP replies instead of using
default ip4-lookup. This allows DHCP replies to reach an
outside interface if it's configured as a DHCP client.
Change-Id: Icce1cd68b21256fcd6b1fad6792c06578b0e4e36
Signed-off-by: Matthew Smith <mgsmith@netgate.com>
|
|
vxlan interfaces no longer create tx nodes and are "cheap" to create and delete
Change-Id: I7628d8ce86ec88609ed08162c94f5bc95df0d9f4
Signed-off-by: Eyal Bari <ebari@cisco.com>
|
|
NAT input features run after acl-plugin-in-ip4-fa
NAT output features run after acl-plugin-out-ip4-fa
Change-Id: I1e4487a0d6fdb99a90b8db640d9ad0e0eb7347a5
Signed-off-by: Matus Fabian <matfabia@cisco.com>
|
|
Change-Id: I0ee18df69d5fe833c746d0d1e14aac14338a6e42
Signed-off-by: Eyal Bari <ebari@cisco.com>
|
|
This makes it possible to add BFD commands to scripts executed via
`exec' CLI.
Change-Id: Id0ed6c09baee6f8ac9ff183d305a470f55a1f885
Signed-off-by: Klement Sekera <ksekera@cisco.com>
|
|
Change-Id: I2b572ebd4b7bb26381f127912a4cc0825c04fc34
Signed-off-by: Mohsin Kazmi <sykazmi@cisco.com>
|
|
Also, output VSS info with names according to RFC6607 (3.5).
Change-Id: I27a383515aca1a74dced2363a0c407b2791e5f05
Signed-off-by: Igor Mikhailov (imichail) <imichail@cisco.com>
|
|
Crash occurring With a worker thread configured and dhcp
client active on an interface. When a DHCP reply packet
is received, call to ethernet_get_main() from
dhcp_proxy_to_client_input() was causing a crash.
Replaced with a call to vnet_get_ethernet_main().
Once that was resolved, calling dhcp_client_acquire_address()
from a worker thread also caused a crash. Changed so the main
thread will do the address/route configuration.
Change-Id: Ib23984787102dea8cf6cfcde86188a751f15c1e1
Signed-off-by: Matthew Smith <mgsmith@netgate.com>
|
|
Change-Id: I070771794be92fd9a6e800ca0022e52d592cd1a4
Signed-off-by: Marco Varlese <marco.varlese@suse.com>
|
|
- setting MTU on an interface updates the L3 max bytes too
- value cached in the adjacency is also updated
- MTU exceeded generates ICMP to sender
Change-Id: I343ec71d8e903b529594c4bd0543f04bc7f370b3
Signed-off-by: Neale Ranns <neale.ranns@cisco.com>
|
|
Change-Id: Icd2184dec16d30cdcc689ca37c834b5df2f0a1a3
Signed-off-by: Eyal Bari <ebari@cisco.com>
|
|
Use
"services": {
"foo_request": {
"reply": "foo_request_reply"
},
"foo_dump": {
"reply": "foo_details",
"stream": true
}
},
instead of:
"services": [
{
"foo_request": {
"reply": "foo_request_reply"
}
},
{
"foo_dump": {
"reply": "foo_details",
"stream": true
}
}
],
Change-Id: I1d8e6bb4d41541b7f7f63242935f2ed4467fc52b
Signed-off-by: Marek Gradzki <mgradzki@cisco.com>
|
|
Change-Id: Id3891fe2873b631f8f69c1ca2905968130678561
Signed-off-by: Dave Wallace <dwallacelf@gmail.com>
|
|
Classify table for output node should be cleaned up
after deleting macip ACL.
Change-Id: Ibbc46c8465bec02fe6fa6a8d33a1f06bcf28e9ad
Signed-off-by: Steve Shin <jonshin@cisco.com>
|
|
Group Base Policy (GBP) defines:
- endpoints: typically a VM or container that is connected to the
virtual switch/router (i.e. to VPP)
- endpoint-group: (EPG) a collection of endpoints
- policy: rules determining which traffic can pass between EPGs a.k.a
a 'contract'
Here, policy is implemented via an ACL.
EPG classification for transit packets is determined by:
- source EPG: from the packet's input interface
- destination EPG: from the packet's destination IP address.
Change-Id: I7b983844826b5fc3d49e21353ebda9df9b224e25
Signed-off-by: Neale Ranns <neale.ranns@cisco.com>
|
|
Change-Id: Ib9eb65d2ba166f5883a8ce8d37298c696113f2be
Signed-off-by: Chun Li <chunl2@cisco.com>
|
|
interface reconnect.
Change-Id: Ifc7eb2494a22c334d8899422545fca1a4bba4d05
Signed-off-by: Chun Li <chunl2@cisco.com>
|
|
L2 ACL
There was no test coverage for the L2 ACL (other than indirect by
means of ACL plugin tests), so the enabling of the outbound ACL
got fumbled throughout the revisions of the refactoring.
Fix both issues - the error and the lack of test coverage for L2 ACL.
Change-Id: Ib7f42780ef84b4a4f70bd88d7319aeeda866cf06
Signed-off-by: Andrew Yourtchenko <ayourtch@gmail.com>
|
|
Reduce the number of tunnels created/destroyed to reduce the load of the tests
without changing the code covered.
These are functional tests, not performance tests.
This reduced the test time down to 10s from 4 minutes on my machine.
Change-Id: Ifcaddc0b0628a21392c5cb247196f56bc28a53a2
Signed-off-by: Gabriel Ganne <gabriel.ganne@enea.com>
|
|
Change-Id: Ib04a8787038fb536470a04d99fdc165102edfb5a
Signed-off-by: Damjan Marion <damarion@cisco.com>
|
|
In the case that vhostuser server accepted more than one client connection,
'vui->clib_file_index' will be overwritten directly without release the possible
existed resource, so file descriptor leak occurs
Change-Id: I89d08133dae31a12a815df2631334dbf0aefeb1e
Signed-off-by: Haiyang Tan <haiyang.tan.dev@gmail.com>
|
|
Enable CLIB_HAVE_VEC128 if both aarch64 and __ARM_NEON
ie. armv8 only, not armv7
Add more neon compare intrinsics wrappers.
I only add simple intrinsics wrappers. More complex ones can be added
later as they are needed, with performance tests on the corresponding
feature to back them up.
Remove wrongly added 128bits definitions defined on both armv7 and armv8
without concern for NEON instructions presence.
Notable correspondinf code activations:
* MHEAP_FLAG_SMALL_OBJECT_CACHE in mheap.c
* ip4 fib mtrie leaves access
* enable ixge plugin compilation for aarch64
(conf still disables it by default)
Change-Id: I99953823627bdff6f222d232c78aa7b655aaf77a
Signed-off-by: Gabriel Ganne <gabriel.ganne@enea.com>
|
|
Currently, ACL plugin largely does not care about the
ethertypes other than 0x0800 (IPv4) and 0x86dd (IPv6),
the only exception being 0x0806 (ARP), which is
dealt with by the MACIP ACLs.
The other ethertypes in L2 mode are just let through.
This adds a new API message acl_interface_set_etype_whitelist,
which allows to flip the mode of a given interface
into "ethertype whitelist mode": the caller of this message
must supply the two lists (inbound and outbound) of the ethertypes
that are to be permitted, the rest of the ethertypes are
dropped.
The whitelisting for a given interface and direction takes
effect only when a policy ACL is also applied.
This operates on the same classifier node as the one used for
dispatching the policy ACL, thus, if one wishes for most of the
reasonable IPv4 deployments to continue to operate within
the whitelist mode, they must permit ARP ethertype (0x0806)
The empty list for a given direction resets the processing
to allow the unknown ethertypes. So, if one wants to just
permit the IPv4 and IPv6 and nothing else, one can add
their ethertypes to the whitelist.
Add the "show acl-plugin interface" corresponding outputs
about the whitelists, vat command, and unittests.
Change-Id: I4659978c801f36d554b6615e56e424b77876662c
Signed-off-by: Andrew Yourtchenko <ayourtch@gmail.com>
|
|
This patch addresses some bugs discovered with the shutdown phase which
were causing the actual chunks not to leave the output_node.
While fixing the issue some minor refactoring was also performed to
align the internal functions to a 'common' design.
Change-Id: Ieac4f6e78cffad2e6982536f8e9f190a66f328f7
Signed-off-by: Marco Varlese <marco.varlese@suse.com>
|
|
Change-Id: I6d91c8051de786fb8781cd0750ea9c350036b306
Signed-off-by: Dave Wallace <dwallacelf@gmail.com>
|
|
Reference-count the number of entries in each bucket. If the reference
count goes to zero, free the backing store.
Add long-term churn-testing to test_bihash_template.c, thanks to
Andrew Yourtchenko for the initial implementation.
Change-Id: I4fbd9229cacfaba8027a85cbf87b74afdead6e39
Signed-off-by: Dave Barach <dave@barachs.net>
|
|
This is the second patch, using the new functionality from the change 10002
in order to implement the egress filtering on the MACIP ACLs.
This adds an action "2" which means "add also egress filtering rules for this
MACIP ACL.
The reason for having the two choices is that the egress filtering really takes
care of a fairly corner case scenario, and I am not convinced that
always adding the performance cost of the egress lookup check is worth it.
Also, of course, not breaking the existing implementations is a nice plus,
too.
Change-Id: I3d7883ed45b1cdf98d7303771bcc75951dff38f0
Signed-off-by: Andrew Yourtchenko <ayourtch@gmail.com>
|
|
conn cleaner threads interactions
This replaces some of the early-stage commented-out printf()s with
an elog-based debug collector.
It is aimed to be "better than nothing" initial implementation to be available
in the field. It will be refined/updated based on use. This initial code
is focused on the main/worker threads interactions, hence uses just
the worker tracks.
This code adds a developer debug CLI "set acl-plugin session table event-trace 1",
which allows to gather the events pertaining to connection cleaning.
The CLI is deliberately not part of the online help, as the express
declaration that the semantics/trace levels, etc. are subject to change
without notice.
Change-Id: I3536309f737b73e50639cd5780822dcde667fc2c
Signed-off-by: Andrew Yourtchenko <ayourtch@gmail.com>
|
|
Needed to allow other code paths to reuse them.
Change-Id: I9e469527c6b2e9a6fec7af5f17d8b400a2e85826
Signed-off-by: Vijayabhaskar Katamreddy <vkatamre@cisco.com>
|
|
Change-Id: I0b8ebe2c47fdd1e23a91723a7b454a0c1c8b996e
Signed-off-by: Keith Burns (alagalah) <alagalah@gmail.com>
|
|
Change-Id: Icd50432a60e194c0526a7d28b93e99ceb6f2013b
Signed-off-by: Keith Burns (alagalah) <alagalah@gmail.com>
|
|
If one is not selected by the user, the next available id
will be allocated, thus maintaining backward compatibility.
Change-Id: I4691ed0638b8072f9cfa9f20b9fe4f981e708800
Signed-off-by: Jon Loeliger <jdl@netgate.com>
|
|
The thread0 in some configurations can handle the traffic.
Some of the previous fixes accomodated for that, but
the interrupt sending for connection clearing
was not adapted to that, resulting in a deadlock
during clearing of all connections...
Change-Id: I32b4c7bac09c91c22b796baab843bdaf41f7045c
Signed-off-by: Andrew Yourtchenko <ayourtch@gmail.com>
|
|
(VPP-1085)
The NEON implementation searches particular address in
VHOST_MEMORY_MAX_NREGIONS regions. Searching two regions at a
time.
Change-Id: Icc3c6746bc98e3a1fa71424e51b64f62efbfdc74
Signed-off-by: Nitin Saxena <nitin.saxena@cavium.com>
|
|
In multi-worker cases, af-packet tx was subject to a pretty
serious race condition as the device lock was obtained
after some queue values were read from queue.
Result could go from packet loss to queue inconsistency, leading
to tx being stuck for 'some time'.
The fix is really simple. Finding the problem was not...
Change-Id: Ib18967b7459a8609428a56de934c577cea87b165
Signed-off-by: Pierre Pfister <ppfister@cisco.com>
|
|
For implementation of MACIP ACLs enhancement (VPP-1088), an outbound
classifier-based ACL would be needed. There was an existing incomplete
code for outbound ACLs, it looked almost exact copy of input ACLs, minus
the various enhancements, trying to sync that code seemed error-prone
and cumbersome to maintain in the longer run.
This change refactors the input+output ACLs processing into a unified
routine (thus any changes will have effect on both), and also adds
the API to set the output interface ACL, with the same format
and semantics as the existing input one (except working on output
ACL of course).
WARNING: IP outbound ACL in L3 mode clobbers the ip.* fields
in the vnet_buffer_opaque_t, since the code is using l2_classify.*
The net_buffer (p0)->ip.save_rewrite_length is rescued into
l2_classify.pad.l2_len, and used to rewind the header in case of
drop, so that ipX_drop prints something sensible.
Change-Id: I62f814f1e3650e504474a3a5359edb8a0a8836ed
Signed-off-by: Andrew Yourtchenko <ayourtch@gmail.com>
|
|
Change-Id: I853386aebfe488ebb10328435b81b6e3403c5dd0
Signed-off-by: Damjan Marion <damarion@cisco.com>
|
|
Change-Id: Iba7c398a398e24b96eb536bbcefa841bd153a205
Signed-off-by: Marco Varlese <marco.varlese@suse.com>
|
|
Change-Id: I4265fd0606f87f80f43f7f59ced1c3a73de82776
Signed-off-by: Chun Li <chunl2@cisco.com>
|