Age | Commit message (Collapse) | Author | Files | Lines |
|
Adding acl with incorrect arguments like 1.1.1.1/24 (instead of 1.1.1.0/24)
don't cause a disaster, but doesn't match either, as some might expect.
Add an explicit sanity check which returns an error.
Type: fix
Change-Id: Id1601f4b9c9887d3e7e70aac419d1f1de0c0e012
Signed-off-by: Andrew Yourtchenko <ayourtch@gmail.com>
|
|
- Relocate plugin tests for 'make test' into
src/plugins/*/test so that plugin test cases
are co-located with the plugin source code.
Type: refactor
Ticket: VPP-1754
Signed-off-by: Dave Wallace <dwallacelf@gmail.com>
Change-Id: I503e6a43528e14981799b735fa65674155713f67
(cherry picked from commit a43c93f8554ad7418e31be3791b3fb71232f60ac)
|
|
The stats-segment validation/clear logic for acl counters was wrong,
fix it. Also add the code to the unittests to cover that case,
add a vat command to enable/disable counters, clean up
the unnecessary endian conversion and remove the stray clib_warning()
Change-Id: I421297a92e4aeb885c468c72a97cec25981df615
Type: fix
Ticket: VPP-1744
Fixes: f995c7122ba0d024b17bc3232e8edd18d5e25088
Signed-off-by: Andrew Yourtchenko <ayourtch@gmail.com>
|
|
Type: refactor
Change-Id: I40518ccddcb78e58f7e6a098c27d9ec53e5a1146
Signed-off-by: Paul Vinciguerra <pvinci@vinciconsulting.com>
|
|
implement per-acl-number counters in the stats segment.
They are created during the ACL creation,
the counters are incremented in the dataplane using
the new inline function with the extra parameter being
the packet size. Counting in shared segment adds
a noticeable overhead, so add also an API to
turn the counters on.
Type: feature
Change-Id: I8af7b0c31a3d986b68089eb52452aed45df66c7b
Signed-off-by: Andrew Yourtchenko <ayourtch@gmail.com>
|
|
Some users tend to call registration routine long before they need
that service - which triggers an immediate initialization of
the ACL heap, which is rather big. This commit defers this process
by keeping the registrations in the global heap.
Change-Id: I5825871bd836851942b55184b6ee2657c7a9cc33
Type: fix
Signed-off-by: Andrew Yourtchenko <ayourtch@gmail.com>
|
|
If the corresponding vpp plugin is absent, return a non-zero
clib_error_t * from vat_plugin_register ("xxx plugin not loaded"). The
vat plugin calls dlclose on the vat plugin, and it disappears.
Depending on the plugin configuration, this can reduce the vpp virtual
size by several gigabytes.
Added a VAT_PLUGIN(<plugin-name>) macro to vat_helper_macros, clean up
boilerplate vat_plugin_register() implementations. Fixed a number of
non-standard vat_plugin_register methods.
Type: refactor
Change-Id: Iac908e5af7d5497c78d6aa9c3c51cdae08374045
Signed-off-by: Dave Barach <dave@barachs.net>
|
|
- Make plugin descriptions more consistent
so the output of "show plugin" can be
used in the wiki.
Change-Id: I4c6feb11e7dcc5a4cf0848eed37f1d3b035c7dda
Signed-off-by: Dave Wallace <dwallacelf@gmail.com>
|
|
Some API action handlers called vl_msg_ai_send_shmem()
directly. That breaks Unix domain socket API transport.
A couple (bond / vhost) also tried to send a sw_interface_event
directly, but did not send the message to all that had
registred interest. That scheme never worked correctly.
Refactored and improved the interface event code.
Change-Id: Idb90edfd8703c6ae593b36b4eeb4d3ed7da5c808
Signed-off-by: Ole Troan <ot@cisco.com>
|
|
With collision match vector, the doubly-linked list is not needed anymore.
Change-Id: Iaf667ebe6ce0bdd78306bec31d3949e6acb8d401
Signed-off-by: Andrew Yourtchenko <ayourtch@gmail.com>
|
|
Reload the hash-ready ACE vector pointer during the partition split
with each iteration, since the ACL# may change.
Change-Id: I1b001e06b52ff02ef59ca1d890f8462ca99e6634
Signed-off-by: Andrew Yourtchenko <ayourtch@gmail.com>
|
|
Long time ago, the linear array of rules in the ACL structure was not
a vector. Now it is, so get rid of the extraneous "count" member.
Do so in a manner that would ease potential the MP-safe manipulation of
ACL rules in the future.
Change-Id: Ib9c0731e4f21723c9ec4d7f00c3e5ead8e1e97bd
Signed-off-by: Andrew Yourtchenko <ayourtch@gmail.com>
|
|
Change-Id: I00618f12dfd5ab4a2baf6c8ec1f53b4c7179aed7
Signed-off-by: Andrew Yourtchenko <ayourtch@gmail.com>
|
|
-fno-common makes sure we do not have multiple declarations of the same
global symbol across compilation units. It helps debug nasty linkage
bugs by guaranteeing that all reference to a global symbol use the same
underlying object.
It also helps avoiding benign mistakes such as declaring enum as global
objects instead of types in headers (hence the minor fixes scattered
across the source).
Change-Id: I55c16406dc54ff8a6860238b90ca990fa6b179f1
Signed-off-by: Benoît Ganne <bganne@cisco.com>
|
|
Change-Id: I2f81ec95de55ad2355f82550451ad825c228e5cd
Signed-off-by: Khers <s3m2e1.6star@gmail.com>
|
|
Fix the trivial use-before-check copypaste error.
There was a more subtle issue with that patch that Coverity didn't notice:
namely, vec_validate(v, len-1) is a terrible idea if len happens to be == 0.
Fix that.
Change-Id: I0fab8b1750e9e9973eefb5d39f35e4c3a13fc66f
Signed-off-by: Andrew Yourtchenko <ayourtch@gmail.com>
|
|
memory sizes [VPP-1502]
In a couple of places vec_add1()-style was repeatedly called in a loop for
smallish vectors where the number of additions was known in advance.
With a test with large number of ACEs these numbers contribute to heap
fragmentation noticeably.
Minimize the number of allocations by preallocating the known size and
then resetting the length accordingly, and then calling vec_add1()
Also unify the parsing of the memory-related startup config parameters.
Change-Id: If8fba344eb1dee8f865ffe7b396ca3b6bd9dc1d0
Signed-off-by: Andrew Yourtchenko <ayourtch@gmail.com>
|
|
Change-Id: Id5b7429ca7cce10ce8022c9b8a223bd02f6c3b5f
Signed-off-by: Andrew Yourtchenko <ayourtch@gmail.com>
|
|
The assignment was redundant with a one just a dozen lines above
in the case of the ACL loaded being non-empty, so its only
apparent purpose in life was make coverity unhappy...
Thus fix by deletion.
Change-Id: I573308cb9c212bdfdca2551aa381720dbbcb006e
Signed-off-by: Andrew Yourtchenko <ayourtch@gmail.com>
|
|
Change-Id: Id4f37f5d4a03160572954a416efa1ef9b3d79ad1
Signed-off-by: Dave Barach <dave@barachs.net>
|
|
Using bitfield struct for 5tuple proved to be fragile from
the performance standpoint - the zeroizing of the entire
structure and then setting the separate pieces of it
triggers increased memory latency. So, move to using
flags byte.
Also, use the direct object copies rather than memcpy.
Change-Id: Iad8faf9de050ff1256e40c950dee212cbd3e5267
Signed-off-by: Andrew Yourtchenko <ayourtch@gmail.com>
|
|
Thanks to Damjan for rewriting my previous patch into
not-to-be-deprecated soon form!
Change-Id: I595a13c44ed07d4c6d60e2aef0f0bd807a76cbba
Signed-off-by: Andrew Yourtchenko <ayourtch@gmail.com>
|
|
I was expecting "%4d" format string to exhibit the same behavior as
the one in C standard library, but rather than specifying _minimal_
width and expanding as necessary, it actually truncates the output.
Changing that to "%9d" should take care of pushing this surprising
difference in behavior into the domain of impossible.
Change-Id: Ia687137ca765bf9c1575af998ff11314010e81ad
Signed-off-by: Andrew Yourtchenko <ayourtch@gmail.com>
|
|
Abstracting out the internal format function
for L4 session key type makes the other
acl plugin format/print functions more maintainable.
Change-Id: Ica1302263a42981555462b5338d18d9a9f9c8342
Signed-off-by: Andrew Yourtchenko <ayourtch@gmail.com>
|
|
Change-Id: Ied34720ca5a6e6e717eea4e86003e854031b6eab
Signed-off-by: Dave Barach <dave@barachs.net>
|
|
for plumbing
This makes ACL plugin use the new feature arcs, which slightly increases performance.
Since for ethertype whitelisting we were using the L2 classifier, to retain
the functionality, make a simple node doing that, and plug it into non-ip
L2 feature arc whenever needed.
Change-Id: I3add377a6c790117dd3fd056e5615cb4c4438cf4
Signed-off-by: Andrew Yourtchenko <ayourtch@gmail.com>
|
|
This is first part of addition of atomic macros with only macros for
__sync builtins.
- Based on earlier patch by Damjan (https://gerrit.fd.io/r/#/c/10729/)
Additionally
- clib_atomic_release macro added and used in the absence
of any memory barrier.
- clib_atomic_bool_cmp_and_swap added
Change-Id: Ie4e48c1e184a652018d1d0d87c4be80ddd180a3b
Original-patch-by: Damjan Marion <damarion@cisco.com>
Signed-off-by: Sirshak Das <sirshak.das@arm.com>
Reviewed-by: Honnappa Nagarahalli <honnappa.nagarahalli@arm.com>
Reviewed-by: Ola Liljedahl <ola.liljedahl@arm.com>
Reviewed-by: Steve Capper <steve.capper@arm.com>
|
|
each collision in split_partition() (VPP-1458)
A pointer to hash-ready ACL rules is only set once, which might cause a crash if there are colliding entries
from more than one ACL applied.
Solution: reload the pointer based on the element being processed.
Change-Id: I7a701c2c3b4236d67293159f2a33c4f967168953
Signed-off-by: Andrew Yourtchenko <ayourtch@gmail.com>
(cherry picked from commit 84112dd4f98e5a31a8c7340a741f89e77fd03363)
|
|
Change-Id: Ie8380cb39424548bf64cb19aee59ec20e29d1e39
Signed-off-by: Andrew Yourtchenko <ayourtch@gmail.com>
|
|
VPP-1352
If the number of rules within a given partition exceeds the limit,
the split_partition() might get called, in which we calculate
the relaxed mask, create a new partition with that mask and
attempt to reallocate some entries from the overcrowded partition.
The non-TM code was pre-expanding the vector with rules by
the number of rules in the new ACL being applied - which
caused the split_partition() to iterate over the rules
filled with zeroes. Most of the time it is benign, but
if a newly created relaxed partition is such that these
entries can be "relocated", then the code attempts to
do so, which does not end well.
Change-Id: I2dbf3ccd29ff97277b21cdb11c4424ff0915c3b7
Signed-off-by: Andrew Yourtchenko <ayourtch@gmail.com>
|
|
The stateful ICMP/ICMPv6 handling got broken.
Fix that and introduce testcases to catch in the future.
Change-Id: Ie602e72d6ac613d64ab0bf6693b6d75afb1a9552
Signed-off-by: Andrew Yourtchenko <ayourtch@gmail.com>
|
|
This commit adds explicit signaling from a non-owning thread to the owning thread
to restart the session timer as necessary.
Consequently, we now can sweep the session lists at their respective timeouts,
rather than sweeping all the lists at the pace of the shortest timeout value,
just taking care to wake up if the session requeue to a different list results
in needing to wake up earlier.
Change-Id: Ifc8c500f6988748f4cd3dc184dd7824321aaaaca
Signed-off-by: Andrew Yourtchenko <ayourtch@gmail.com>
|
|
Change-Id: I085615fde1f966490f30ed5d32017b8b088cfd59
Signed-off-by: Paul Vinciguerra <pvinci@vinciconsulting.com>
|
|
Just do a regular increment, since we are not contending for these counters.
This also makes the tests pass on ARM ThunderX (VPP-1395).
Change-Id: I333aaa11d4145d13d322868900bc114df85a020d
Signed-off-by: Andrew Yourtchenko <ayourtch@gmail.com>
|
|
bihash deletion operation may in turn do underlying memory operations,
so ensure it is using the correct (private) heap.
Change-Id: Ibef7ad7f9db6fa83da02316bf7509072ce579bc0
Signed-off-by: Andrew Yourtchenko <ayourtch@gmail.com>
(cherry picked from commit f74b4d2b559b1d5697fd625d9c8e0f76ba5a4463)
|
|
applied ACLs
The partition_split() did not increment the refcount when using a mask type index,
thus subsequent modifications potentially resulted in double frees and in the best case
immediate crash, in the worst case delayed crash in another place.
Introduce the lock_mask_type_index() and call it, move the mask type index
related functions closer to the top of the file.
Make the assignment of the new mask type indices
for the tuplemerge case to use the assign_mask_type_index().
Keep some debugs in case we need to investigate this further at some point.
Change-Id: Iae370f5cd92e1fe1442480db34656a8a3442dbc0
Signed-off-by: Andrew Yourtchenko <ayourtch@gmail.com>
(cherry picked from commit 1edc406da3d4f6e63de2f278360b5753f55c00df)
|
|
Change-Id: I634971f6376a7ea49de718ade9139e67eeed48e5
Signed-off-by: Andrew Yourtchenko <ayourtch@gmail.com>
(cherry picked from commit d039281e11cfc4580fe140e72390c1c48688c722)
|
|
Change-Id: I90600d000afb02e8969f3c01bcf9e4b5c10a7d39
Signed-off-by: Mohsin Kazmi <sykazmi@cisco.com>
|
|
Change-Id: Ib61f0299c17c0f021408ab0a44c5b54f55f8a8ec
Signed-off-by: Damjan Marion <damarion@cisco.com>
|
|
Change-Id: Iffd5c45ab242a919592a1f686f7f880936b68a1a
Signed-off-by: Damjan Marion <damarion@cisco.com>
|
|
Change-Id: Ibc59323e849810531dd0963e85493efad3b86857
Signed-off-by: Damjan Marion <damarion@cisco.com>
|
|
This significantly reduces need for
...
in multiarch code. Simply constructor macros will jost create static unused
entry if CLIB_MARCH_VARIANT is defined and that will be optimized out by
compiler.
Change-Id: I17d1c4ac0c903adcfadaa4a07de1b854c7ab14ac
Signed-off-by: Damjan Marion <damarion@cisco.com>
|
|
Commit 1c7bf5d41737984907e8bad1dc832eb6cb1d6288 added the poisoning
of the newly freed memory in debug builds, exposing a logic
error in mask assignment code - it passed a pointer to
within a pool to a function which might potentially expand the pool.
This resulted in a failure of the test in the debug version.
Fix that by making a local copy of the value before passing
a pointer to it.
Change-Id: I73f3670672c3d86778aad0f944d052d0480cc593
Signed-off-by: Andrew Yourtchenko <ayourtch@gmail.com>
|
|
This change avoids the long-read-after-short-write, resulting
in a small performance improvement.
Change-Id: Ic01d1fd19182e96100ccaf441d7ab5e5898b9734
Signed-off-by: Andrew Yourtchenko <ayourtch@gmail.com>
|
|
Change-Id: Ifc8b3d30d66c7ade1e3584844ce3f82d42d2fb94
Signed-off-by: Andrew Yourtchenko <ayourtch@gmail.com>
|
|
Change-Id: I63c36644c9d93f2c3ec6606ca0205b407499de4e
Signed-off-by: Eyal Bari <ebari@cisco.com>
|
|
Change-Id: Ieb8b53977fc8484c19780941e232ee072b667de3
Signed-off-by: Damjan Marion <damarion@cisco.com>
|
|
Configure w/ --enable-dlmalloc, see .../build-data/platforms/vpp.mk
src/vppinfra/dlmalloc.[ch] are slightly modified versions of the
well-known Doug Lea malloc. Main advantage: dlmalloc mspaces have no
inherent size limit.
Change-Id: I19b3f43f3c65bcfb82c1a265a97922d01912446e
Signed-off-by: Dave Barach <dave@barachs.net>
|
|
Fix the copypaste-triggered errors in load-from-file ACL test code.
Also, add an explicit exit(1) after clib_error() to convince coverity
that code path is terminal indeed.
Change-Id: I1deedb49144559c9183449005ada0433c24db18a
Signed-off-by: Andrew Yourtchenko <ayourtch@gmail.com>
|
|
Change-Id: Ie899ccbaae4df7cce4ebbba47ed6c3cce5269bdb
Signed-off-by: Florin Coras <fcoras@cisco.com>
|