Age | Commit message (Collapse) | Author | Files | Lines |
|
Type: fix
This patch re-enables libIPSec_MB build for the ipsecmb crypto engine
plugin.
Also since DPDK meson build relies on system installed libIPSec_MB.so
that may be inconsistent with VPP compiled one (system installed
version vs VPP locally compiled version for example), this patch also
disables all libIPSec_MB dependant PMDs from DPDK build.
Also ipsec-mb version is incresed to 0.54.
Signed-off-by: PiotrX Kleski <piotrx.kleski@intel.com>
Reviewed-by: Fan Zhang <roy.fan.zhang@intel.com>
Change-Id: I2ff9e7cd0c35cff9fa642895301a26a5350ea94e
|
|
clang-11 complains:
error: field 'buffer_template' with variable sized type 'vlib_buffer_t' not at the end of a struct or class is a GNU extension [-Werror,-Wgnu-variable-sized-type-not-at-end]
Type: improvement
Change-Id: I2cb6b4fde723a05b42cf33dd8130df074f0362ab
Signed-off-by: Damjan Marion <damarion@cisco.com>
|
|
Type: fix
Fixes: ed04407829728c5d258b6600155edabd5198d971
Signed-off-by: Vladimir Ratnikov <vratnikov@netgate.com>
Change-Id: I5aebcba7b97db758310042fd446328ee8f691641
|
|
Type: fix
Since DPDK is now compiled by meson but some compiles in VPP is
missing. This patch fixes that.
- Fixes QAT PMD not compiled. QAT meson compile, even for sym
crypto PMD, is happened in drive/compress/qat. Originally all
PMDs in compressdev is disabled by default. This patch fixes
that.
- Fixes DPDK plugin version detection. DPDK meson build
generates rte_build_config.h, which containing all version
information in build-dpdk instead of rte_config.h in make.
This patch uses the file to detect version data.
- Removed SW crypto PMD auto-creation in cryptodev engine. In
case the AESNI-MB PMD required shared library is missing.
Signed-off-by: Fan Zhang <roy.fan.zhang@intel.com>
Change-Id: I7cd91abb5de303ff5e4c55cd05e011b57f883524
|
|
Type: improvement
Change-Id: Iab623a2e11bd5787f4cae549143f49888e0dd9c4
Signed-off-by: Damjan Marion <damarion@cisco.com>
|
|
Type: improvement
Change-Id: I381fc3dec8580208d0e24637d791af69011aa83b
Signed-off-by: Damjan Marion <damarion@cisco.com>
|
|
Type: fix
Signed-off-by: Chenmin Sun <chenmin.sun@intel.com>
Change-Id: Ie328834159687cdb4314c37d36697f2fb9081fbd
|
|
Type: feature
This patch updateds cryptodev engine uses new DPDK Cryptodev
API planned to be upstreamed in DPDK 20.11.
Signed-off-by: Fan Zhang <roy.fan.zhang@intel.com>
Signed-off-by: Piotr Bronowski <piotrX.bronowski@intel.com>
Change-Id: I8dd1a8ac643f1e952deb787e466b76ea7aa5f420
|
|
This patch adds the RSS steering queues set interface, and it's
implementation in DPDK device:
/* Interface to set rss queues of the interface */
typedef clib_error_t *(vnet_interface_rss_queues_set_t)
(struct vnet_main_t * vnm, struct vnet_hw_interface_t * hi,
clib_bitmap_t *bitmap);
This patch also introduces a command line to set the RSS queues:
set interface rss queues <interface> <list <queue-list>>
To display the rss queues, use "show hardware-interfaces"
Below is the example to configure rss queues for interface Gig0:
vpp# set interface rss queues Gig0 list 0,2,4-7
vpp# show hardware-interfaces brief
Name Idx Link Hardware
VirtualFunctionEthernet18/1/0 1 down VirtualFunctionEthernet18/1/0
Link speed: unknown
RSS queues: 0 2 4 5 6 7
local0 0 down local0
Link speed: unknown
vpp#
Users can also configure the rss queues on a dpdk interface in
startup.conf:
dpdk {
dev 0000:18:01.0 {
rss-queues 0,2,5-7
}
}
Type: feature
Signed-off-by: Chenmin Sun <chenmin.sun@intel.com>
Change-Id: I1835595a1c54016a84eabee9fd62ce137935385d
|
|
Type: fix
Signed-off-by: Christian Hopps <chopps@labn.net>
Change-Id: I4dee2ea723631e1bd95b33a74b9431d984565aef
|
|
- These were displaying blank, apparently dpdk extended stat strings
must be within the heap so they are identified as vectors by
format_c_identifier even though they are not.
Type: fix
Change-Id: I2b153b100203b9856ce3af6d5ecb2daae410fb5b
Signed-off-by: Christian Hopps <chopps@labn.net>
|
|
Was seeing imissed counter become negative. Reuse the RX_ERROR code for all
three error counters to avoid the problem.
Type: fix
Change-Id: I99a69c8816326682745785ecd30e18a131ac2969
Signed-off-by: Christian Hopps <chopps@labn.net>
|
|
Use VLIB_MAIN_LOOP_ENTER_FUNCTION to do post init initialization for
dpdk crypto rather than create a one-time process to do the same.
Type: fix
Signed-off-by: Christian Hopps <chopps@labn.net>
Change-Id: I06e480b028c8e1fc1b0024a66b2338eb21a797ca
|
|
Fix the shown crypto inflight counts which were reversed. Also improve a
couple error descriptions to tell them apart when viewed.
Type: fix
Signed-off-by: Christian Hopps <chopps@labn.net>
Change-Id: I6d4054c64aa842658cfcde8969c7aa48f6d21207
|
|
Type: feature
This patch adds new sw_scheduler async crypto engine.
The engine transforms async frames info sync crypto ops and
delegates them to active sync engines. With the patch it
is possible to increase the single worker crypto throughput
by offloading the crypto workload to multiple workers.
By default all workers in the system will attend the crypto
workload processing. However a worker's available cycles
are limited. To avail more cycles to one worker to process
other workload (e.g. the worker core that handles the RX/TX
and IPSec stack processing), a useful cli command is added
to remove itself (or add it back later) from the heavy
crypto workload but only let other workers to process the
crypto. The command is:
- set sw_scheduler worker <idx> crypto <on|off>
It also adds new interrupt mode to async crypto dispatch node.
This mode signals the node when new frames are enqueued
as opposed to polling mode that continuously calls dispatch node.
New cli commands:
- set crypto async dispatch [polling|interrupt]
- show crypto async status (displays mode and nodes' states)
Signed-off-by: PiotrX Kleski <piotrx.kleski@intel.com>
Signed-off-by: DariuszX Kazimierski <dariuszx.kazimierski@intel.com>
Reviewed-by: Fan Zhang <roy.fan.zhang@intel.com>
Change-Id: I332655f347bb9e3bc9c64166e86e393e911bdb39
|
|
Type: fix
Signed-off-by: jiangxiaoming <jiangxiaoming@outlook.com>
Change-Id: I87c6f423ea8fdd9fb764693055eb1509f994d6f1
|
|
This is the code refactor for vnet/flow infra and the dpdk_plugin flow
implementation. The main works of the refactor are:
1. Added two base flow type: VNET_FLOW_TYPE_IP4 and VNET_FLOW_TYPE_IP6
as the base the flow type
2. All the other flows are derived from the base flow types
3. Removed some flow types that are not currently supported by
the hardware, and VPP won't leverage them either:
IP4_GTPU_IP4, IP4_GTPU_IP6, IP6_GTPC, IP6_GTPU,
IP6_GTPU_IP4, IP6_GTPU_IP6
4. Re-implemented the vnet/flow cli as well as the dpdk_plugin
implementation
5. refine cli prompt
6. refine display info in command "show flow entry"
Type: refactor
Signed-off-by: Chenmin Sun <chenmin.sun@intel.com>
Change-Id: Ica5e61c5881adc73b28335fd83e36ec1cb420c96
|
|
When we have both format blacklisted devices like:
blacklist 1234:5678
blacklist 1234:56:78.0
unformat with fmt=%x:%x matches for both strings
and the rest 78.0 substring is kept in input
and it can't be parsed for init args
This patch checks first if device format matches PCI address and
just then if it matches Vendor and Product
Type: fix
Change-Id: If111762c0e0a424b052e4f6dc0f67731bf89dc2a
Signed-off-by: Vladimir Ratnikov <vratnikov@netgate.com>
|
|
By default, VPP automatically assignes for each tunnel
next available QAT device by order dev_id-que-pair.
In most cases we have more than one device and it can
greatly increase ipsec perfomance without any actions
with configuration from user if we use all the
devices first and first que-pairs
Type: feature
Signed-off-by: Vladimir Ratnikov <vratnikov@netgate.com>
Change-Id: Iac9fe74768775459e22f69bb3706b542090a9375
|
|
CID 211153
Type: fix
Signed-off-by: Chenmin Sun <chenmin.sun@intel.com>
Change-Id: Ic4d518d047c3ff36d9a7b72477c3efcb554d05bb
|
|
- Fixes coverity issue #210160.
- Fixes the possible issue in cryptodev when input node does
not update mbuf, such as avf-input.
- Fixes GCM ESN packet incorrect tag.
- Code clean up to reduce binary size.
Type: fix
Signed-off-by: Fan Zhang <roy.fan.zhang@intel.com>
Signed-off-by: Dariusz Kazimierski <dariuszx.kazimierski@intel.com>
Signed-off-by: Piotr Kleski <piotrx.kleski@intel.com>
Change-Id: Ic05ae29855ac1f7a62e4af5831a4ed9faa8f561a
|
|
In case of vector, we must check length before trying to access element.
Also fix wrong DPDK plugin workaround.
Type: fix
Change-Id: I2ecef1c88ebef2362f48cab0d462699aa43cd4b9
Signed-off-by: Benoît Ganne <bganne@cisco.com>
|
|
This introduces a txq structure mirroring the rxq structure.
This fixes the case when #txq > #rxq, because lock must be per txq.
Type: fix
Fixes: dfb19cabe20ccf1cbd1aa714f493ccd322839b91
Change-Id: Ic1bce64d2b08b9a98c8242a1ba1bfcdbda322bec
Signed-off-by: Benoît Ganne <bganne@cisco.com>
|
|
This patch adds the IPSec ESP/AH type flow support
Have tested on E810 with Intel iAVF driver
Type: feature
Signed-off-by: Chenmin Sun <chenmin.sun@intel.com>
Change-Id: I6ab8e69f67c423cc4e33f3c363881a97cdb98c30
|
|
Type: fix
Change-Id: Ib6f423e24f1a8d8439cd7e8893e4605e10984d48
Signed-off-by: Benoît Ganne <bganne@cisco.com>
|
|
Type: improvement
Change-Id: I3defde103ab245404de42d2be7abcb2c43d49a60
Signed-off-by: Damjan Marion <damarion@cisco.com>
|
|
Fix and optimize DMAC check in ethernet-input node to utilize NIC or
driver which support L3 DMAC-filtering mode so that DMAC check can be
bypassed safely for interfaces/sub-interfaces in L3 mode.
Checking of interface in L3-DMAC-filtering state to avoid DMAC check
require the following:
a) Fix interface driver init sequence for devices which supports L3
DMAC-filtering to indicate its capability and initialize interface
to L3 DMAC-filtering state.
b) Fix ethernet_set_flags() function and its associated callback
flags_change() functions registered by various drivers in interface
infra to provide proper L3 DMAC filtering status.
Maintain interface/sub-interface L3 config count so DMAC checks can be
bypassed if L3 forwarding is not setup on any main/sub-interfaces.
Type: fix
Ticket: VPP-1868
Signed-off-by: John Lo <loj@cisco.com>
Change-Id: I204d90459c13e9e486cfcba4e64e3d479bc9f2ae
|
|
Type: improvement
Change-Id: I5f89fc3d994bd85d2c5138069ea2c58661814228
Signed-off-by: Damjan Marion <damarion@cisco.com>
|
|
Type: improvement
Change-Id: I51cbe5c76a88d7fa65fa24dc1528e4f991eba534
Signed-off-by: Alexander Chernavin <achernavin@netgate.com>
|
|
Netvsc devices have the port type determined from their link speed.
The link speed between reboots of an Azure VM does not always end
up at the same value, so an interface that was FortyGigabitEthernet0
earlier may be FiftyGigabitEthernet0 now. That makes it difficult
to maintain a persistent store of configurations and apply those at
startup.
Change the port type to be VF so the name will always be generated
as VirtualFunctionEthernetX.
Type: improvement
Change-Id: I58cab852b87c0bcd9f73afe239803f38dab5c159
Signed-off-by: Matthew Smith <mgsmith@netgate.com>
|
|
Type: fix
Change-Id: I7349840af48eec209532dab43a8ad0bd68993268
Signed-off-by: Benoît Ganne <bganne@cisco.com>
|
|
cxgbe PMD initializes its control channel as part of dev_configure(),
and trying to get link status prior to it will lead to a crash.
DPDK documentation loosely hints that we should not call any device
function before dev_start(), call link_state() only for the relevant
PMDs.
From DPDK API documentation:
The functions exported by the application Ethernet API to setup a device
designated by its port identifier must be invoked in the following
order:
rte_eth_dev_configure()
rte_eth_tx_queue_setup()
rte_eth_rx_queue_setup()
rte_eth_dev_start()
Then, the network application can invoke, in any order, the functions
exported by the Ethernet API to get the MAC address of a given device,
to get the speed and the status of a device physical link, to
receive/transmit [burst of] packets, and so on.
Type: fix
Change-Id: I12d2ab4d84e6bd72a9f695447e86f3222929c804
Signed-off-by: Benoît Ganne <bganne@cisco.com>
|
|
Fix coverity issues in crypto framework and cryptodev
engine.
Type: fix
Signed-off-by: Fan Zhang <roy.fan.zhang@intel.com>
Change-Id: Ib261da0163c8182c803600db22c5a6dad5a19999
|
|
explicitly convert RSS function types from vnet_rss_function_t to
rte_eth_hash_function to avoid these two types go out of sync in the future...
Type: fix
Signed-off-by: Chenmin Sun <chenmin.sun@intel.com>
Change-Id: Ic09f6bb7f2cfbcf7cc4d380e51554b7f2b7a3b90
|
|
Type: improvement
- inline some common encap fixup functions into the midchain
rewrite node so we don't incur the cost of the virtual function call
- change the copy 'guess' from ethernet_header (which will never happen) to an ip4 header
- add adj-midchain-tx to multiarch sources
- don't run adj-midchain-tx as a feature, instead put this node as the
adj's next and at the end of the feature arc.
- cache the feature arc config index (to save the cache miss going to fetch it)
- don't check if features are enabled when taking the arc (since we know they are)
the last two changes will also benefit normal adjacencies taking the arc (i.e. for NAT, ACLs, etc)
for IPSec:
- don't run esp_encrypt as a feature, instead when required insert this
node into the adj's next and into the end of the feature arc. this
implies that encrypt is always 'the last feature' run, which is
symmetric with decrypt always being the first.
- esp_encrpyt for tunnels has adj-midchain-tx as next node
Change-Id: Ida0af56a704302cf2d7797ded5f118a781e8acb7
Signed-off-by: Neale Ranns <nranns@cisco.com>
|
|
This patch adds the l2tpv3oip type flow support
Have tested on E810 with Intel iAVF driver
Type: feature
Signed-off-by: Chenmin Sun <chenmin.sun@intel.com>
Change-Id: Icb5114b5f70dd7a63f681e7c6ac802fade8b8cf1
|
|
Type: feature
Signed-off-by: Damjan Marion <damarion@cisco.com>
Signed-off-by: Filip Tehlar <ftehlar@cisco.com>
Signed-off-by: Fan Zhang <roy.fan.zhang@intel.com>
Signed-off-by: Piotr Bronowski <piotrx.bronowski@intel.com>
Signed-off-by: Dariusz Kazimierski <dariuszx.kazimierski@intel.com>
Signed-off-by: Piotr Kleski <piotrx.kleski@intel.com>
Change-Id: I4c3fcccf55c36842b7b48aed260fef2802b5c54b
|
|
Type: improvement
Change-Id: Iebf77a63c0c19b130a3fbd26b5293304a9fed4c1
Signed-off-by: Damjan Marion <damarion@cisco.com>
|
|
Type: fix
Signed-off-by: Florin Coras <fcoras@cisco.com>
Change-Id: I8c0eb5b5b12ffac1ff5dc89cab10bdb8e4be4322
|
|
This patch enables the RSS configuration through vnet/flow interface
With this RSS feature, users can config the RSS functions for specific flows
Currently, it supports:
default, toeplitz and symmetric_toeplitz rss function, and
ipv4-tcp/ipv4-udp/ipv6-tcp/ipv6-ucp flow types
Users can use the following options to combine with above flow
types for more specific hash input set selection:
l3-src-only, l3-dst-only, l4-src-only, l4-dst-only
Command line:
test flow add dst-ip any proto udp rss function default rss types ipv4-tcp use l3-dst-only
test flow add dst-ip any proto udp rss function toeplitz rss types ipv4-udp use l4-src-only
test flow add dst-ip any proto udp rss function symmetric_toeplitz rss types ipv6-udp use l3-src-only and l3-dst-only
Type: feature
Signed-off-by: Chenmin Sun <chenmin.sun@intel.com>
Change-Id: I213efc76dc8af37f2f63605884f353e05b0f5d2a
|
|
i2c follows its only use case - the original 82599 driver - into
extras/deprecated.
cj is/was an emergency debug tool unused in several years. Move to
extras/deprecated/vlib
Type: refactor
Signed-off-by: Dave Barach <dave@barachs.net>
Change-Id: Ib55b65373f62630db295c562974bd8f2456c3107
|
|
Type: fix
Ticket: VPP-1837
Signed-off-by: Dave Barach <dave@barachs.net>
Change-Id: I9ec87d2293d8f92c3e488a0f61083cf815ac496c
|
|
Type: fix
Change-Id: I3c7ebbe91e7dffe9fd6851e5334fe920f2187cf0
Signed-off-by: Amir Zeidner <amirzei@mellanox.com>
|
|
Now UDP encapsulation doesn't work in transport mode because:
- the encrypt node misses filling of UDP header and it gets sent with
all zeros;
- the decrypt node misses filling of new IP header and it contains
garbage data.
With this commit, fill UDP header during encryption and fill IP header
during decryption.
Change-Id: I87a7bd594f0e312b16d3e5eb19e568b4e3164d36
Type: fix
Signed-off-by: Alexander Chernavin <achernavin@netgate.com>
|
|
DPDK recently added a check in the virtio driver to make sure that
rxmode->mq_mode == ETH_MQ_RX_NONE. We were passing ETH_MQ_RX_RSS
and the device initialization was not accepted.
The reason for the change in DPDK was that there is no controls
(algorithm, redirection table, hash function). So they thought ETH_MQ_RX_NONE
was the best choice for the value of mq_mode.
Type: fix
Ticket: VPP-1853
Signed-off-by: Steven Luong <sluong@cisco.com>
Change-Id: Ifa0fc4206cedc56a851f94f6434a2a7500bbd419
|
|
This patch adds support for the DPDK iAVF PMD
Type: feature
Signed-off-by: Chenmin Sun <chenmin.sun@intel.com>
Change-Id: I7bb0f621774e4c55b9b7309462e6591ce1b88fb6
|
|
Type: fix
fetch the sa_index from the correct location
Change-Id: I351035ee0226c47585995ff9122320fd5c73ec53
Signed-off-by: Neale Ranns <nranns@cisco.com>
|
|
DPDK provides two new APIs to retrieve information about the Tx/Rx
packet burst mode:
rte_eth_tx_burst_mode_get
rte_eth_rx_burst_mode_get
This patch leverages these two APIs to describe the tx/rx mode.
Currently, Intel X710/E810 and Mellanox Mlx5 support the new APIs.
For NICs that don't support the new APIs, still use the original way
to print their tx/rx function name
Type: refactor
Signed-off-by: Chenmin Sun <chenmin.sun@intel.com>
Change-Id: Ibe47f5debe3b3f17f462fbf9834394e22845cc08
|
|
Add new flow type IP4_N_TUPLE_TAGGED and IP6_N_TUPLE_TAGGED
for vlan tag sensitive flows
The original IP4_N_TUPLE and IP6_N_TUPLE will not match VLAN anymore
Type: feature
Signed-off-by: Chenmin Sun <chenmin.sun@intel.com>
Change-Id: Ie511e9a64126440fe81f29665a56ca060061662d
|
|
Type: improvement
Signed-off-by: Florin Coras <fcoras@cisco.com>
Change-Id: I5a3e3a41dcc60c0d9b291e51bb112e7701f73050
|