Age | Commit message (Collapse) | Author | Files | Lines |
|
Type: fix
Several Fixes:
1 - Anti-replay did not work with GCM becuase it overwrote the sequence
number in the ESP header. To fix i added the seq num to the per-packet
data so it is preserved
2 - The high sequence number was not byte swapped during ESP encrypt.
3 - openssl engine was the only one to return FAIL_DECRYPT for bad GCM
the others return BAD_HMAC. removed the former
4 - improved tracing to show the low and high seq numbers
5 - documented the anti-replay window checks
6 - fixed scapy patch for ESN support for GCM
7 - tests for anti-reply (w/ and w/o ESN) for each crypto algo
Change-Id: Id65d96b6d1d4dd821b2ab557e87468fff6d70e5b
Signed-off-by: Neale Ranns <nranns@cisco.com>
|
|
The fast path almost always has to deal with the real
pointers. Deriving the frame pointer from a frame_index requires a
load of the 32bit frame_index from memory, another 64bit load of the
heap base pointer and some calculations.
Lets store the full pointer instead and do a single 64bit load only.
This helps avoiding problems when the heap is grown and frames are
allocated below vm->heap_aligned_base.
Type: refactor
Change-Id: Ifa6e6e984aafe1e2755bff80f0a4dfcddee3623c
Signed-off-by: Andreas Schultz <andreas.schultz@travelping.com>
Signed-off-by: Dave Barach <dave@barachs.net>
|
|
If the corresponding vpp plugin is absent, return a non-zero
clib_error_t * from vat_plugin_register ("xxx plugin not loaded"). The
vat plugin calls dlclose on the vat plugin, and it disappears.
Depending on the plugin configuration, this can reduce the vpp virtual
size by several gigabytes.
Added a VAT_PLUGIN(<plugin-name>) macro to vat_helper_macros, clean up
boilerplate vat_plugin_register() implementations. Fixed a number of
non-standard vat_plugin_register methods.
Type: refactor
Change-Id: Iac908e5af7d5497c78d6aa9c3c51cdae08374045
Signed-off-by: Dave Barach <dave@barachs.net>
|
|
Print the SPI in hexadecimal and decimal.
Type: feature
Change-Id: I012e94f9147058064e06c6bb4622ab6b6507957d
Signed-off-by: Guillaume Solignac <gsoligna@cisco.com>
|
|
Check the returned pointer, report error and return in case of failure.
This avoids crashing without any useful clues or debug messages.
Type: fix
Change-Id: I15d0735a531c2d9a8b6f67b7d6fe326b98c963c3
Signed-off-by: Lijian Zhang <Lijian.Zhang@arm.com>
Reviewed-by: Honnappa Nagarahalli <Honnappa.Nagarahalli@arm.com>
|
|
.. and remove helper stat struct for keeping last cleared stats.
This is not needed anymore as dpdk lib provides rte_eth_dev_reset().
Change-Id: I78076e689aac7ca70836ce688dfa8e704f64cd84
Signed-off-by: Filip Tehlar <ftehlar@cisco.com>
|
|
Change-Id: I421192e1921d4c9c5486a6dcca745582aebf4e3e
Signed-off-by: Filip Tehlar <ftehlar@cisco.com>
|
|
Explains a variety of hard-to-diagnose problems with certain Atom and
Denverton NIC types.
I finally tripped over a highly-repeatable failure: home gateway
use-case bitten by refusal to negotiate a DHCP lease for the trunk
port.
The dhcp client won't send pkts unless VNET_HW_INTERFACE_FLAG_LINK_UP
is set on the tx hw interface:
/* Interface(s) down? */
if ((hw->flags & VNET_HW_INTERFACE_FLAG_LINK_UP) == 0)
return;
Change-Id: I17ef2ba7b39078555fa27d2d874a60c67e1530ee
Signed-off-by: Dave Barach <dave@barachs.net>
|
|
This patch enables bonding numa awareness on multi-socket
server working in active-backeup mode.
The VPP adds capability for automatically preferring slave
with local numa node in order to reduces the load on the
QPI-bus and improve system overall performance in multi-socket
use cases. Users doesn't need to add any extra operation as
usual.
Change-Id: Iec267375fc399a9a0c0a7dca649fadb994d36671
Signed-off-by: Zhiyong Yang <zhiyong.yang@intel.com>
|
|
We have native implementation and we should not maintain both....
Change-Id: Ic09ebffda52cdc733b3cfeff06690e0d3cc08084
Signed-off-by: Damjan Marion <damarion@cisco.com>
|
|
Change-Id: I0e28d059143fb7489d27a10c5b4a152d0d7dfb1f
Signed-off-by: Damjan Marion <damarion@cisco.com>
|
|
copy vlan strip config from default device
Change-Id: I4ad1c159bad964fd1900b5ae4960b7014dd9f9b1
Signed-off-by: Chenmin Sun <chenmin.sun@intel.com>
|
|
Reorder foreach_dpdk_rss_hf to fix rss configuration error issue.
Change-Id: Idec45534cd7dfe810b25584b1b27ac52b1c45110
Signed-off-by: Chenmin Sun <chenmin.sun@intel.com>
|
|
show_dpdk_hqos_queue_stats
Change-Id: Ic1a900e0fb85ee016af21535764dfca2e6282194
Signed-off-by: cohu <cong.hu@tieto.com>
|
|
When the same worker thread processes packet for encrypt and decrypt,
ie. single worker with bi-directional traffic, given that the queue is
shared results in packets to be decrypted being dropped as the encrypt
always happens first for each main loop.
With this change, each crypto device queue is logically split into two
queues, each half the real size, avoiding the described problem.
Change-Id: Ifd3f15e316c92fbd6ca05802456b10a7f73f85da
Signed-off-by: Sergio Gonzalez Monroy <sgmonroy@gmail.com>
|
|
The vlib init function subsystem now supports a mix of procedural and
formally-specified ordering constraints. We should eliminate procedural
knowledge wherever possible.
The following schemes are *roughly* equivalent:
static clib_error_t *init_runs_first (vlib_main_t *vm)
{
clib_error_t *error;
... do some stuff...
if ((error = vlib_call_init_function (init_runs_next)))
return error;
...
}
VLIB_INIT_FUNCTION (init_runs_first);
and
static clib_error_t *init_runs_first (vlib_main_t *vm)
{
... do some stuff...
}
VLIB_INIT_FUNCTION (init_runs_first) =
{
.runs_before = VLIB_INITS("init_runs_next"),
};
The first form will [most likely] call "init_runs_next" on the
spot. The second form means that "init_runs_first" runs before
"init_runs_next," possibly much earlier in the sequence.
Please DO NOT construct sets of init functions where A before B
actually means A *right before* B. It's not necessary - simply combine
A and B - and it leads to hugely annoying debugging exercises when
trying to switch from ad-hoc procedural ordering constraints to formal
ordering constraints.
Change-Id: I5e4353503bf43b4acb11a45fb33c79a5ade8426c
Signed-off-by: Dave Barach <dave@barachs.net>
|
|
Change-Id: Id406eb8c69a89c57305d8f138e8e6730037aa799
Signed-off-by: Neale Ranns <nranns@cisco.com>
|
|
Recent changes removed the function that was incrementing the
tx counters. Increment them in the esp_encrypt functions.
Change-Id: I446333a23ccf66e34893adb2aa49af562cf35507
Signed-off-by: Matthew Smith <mgsmith@netgate.com>
|
|
The function dpdk_ol_flags_extract should return u16
instead of u8.
Change-Id: Id0b08b04c93598818f9a2eee5a88733900320dfa
Signed-off-by: Zhiyong Yang <zhiyong.yang@intel.com>
|
|
Change-Id: Idc3763c38f5aa638d4f290f4d4730577601d78b8
Signed-off-by: Simon Zhang <yuwei1.zhang@intel.com>
|
|
Change-Id: Ide2a9df18db371c8428855d7f12f246006d7c04c
Signed-off-by: Neale Ranns <nranns@cisco.com>
|
|
Change-Id: Ia092a93a7ac0cbf9338f9d4a5db8b94b23549a13
Signed-off-by: Florin Coras <fcoras@cisco.com>
|
|
Change-Id: I65e7188c6893acca67455ff37f2dfbd0bedd5c09
Signed-off-by: Damjan Marion <damarion@cisco.com>
|
|
The memory areas storing vlib_buffer_t and ip4|6_and_esp_header_t
are not prefetched. The patch help dpdk_esp_encrypt to reduce 18
clocks/pkt from 149 to 131 on Haswell when running IPsec in tunnel
mode.
Change-Id: I4f4e9e2b3982a4b7810cab8ed828a5e4631f8f8c
Signed-off-by: Zhiyong Yang <zhiyong.yang@intel.com>
|
|
Change-Id: I65b1af5fa0cec4f9789f91f720d1396d06fa0206
Signed-off-by: Simon Zhang <yuwei1.zhang@intel.com>
|
|
As DVN has fewer DTLB entries supported for 2M page, default numbers of
RX/TX descriptors are changed to 512 if nums of RX/TX descriptors are not
specified by VPP users.
Change-Id: I076493b802b15d12750a5b49d1554da4d19ad460
Signed-off-by: Zhiyong Yang <zhiyong.yang@intel.com>
|
|
Change-Id: I48cd8052f9509efdf13f64ab279edb66a2d4a0a9
Signed-off-by: Simon Zhang <yuwei1.zhang@intel.com>
|
|
Change-Id: Idfcf1644952d647c6e1b61216d9b365d58b77814
Signed-off-by: Simon Zhang <yuwei1.zhang@intel.com>
|
|
VPP rdma driver relies on an internal rdma-core not compatible with DPDK
MLX driver. Force the use of external rdma-core through
RTE_IBVERBS_LINK_DLOPEN DPDK build option and make sure internal
rdma-core symbols are not leaked outside of the rdma plugin.
Change-Id: I5b2281259f517c4e109d388d172b72eadd69986f
Signed-off-by: Benoît Ganne <bganne@cisco.com>
|
|
When building with environment variables set to enable mlx PMD
support in DPDK, an error occurs:
CMake Error at plugins/dpdk/CMakeLists.txt:104 (vpp_plugin_find_library):
vpp_plugin_find_library Macro invoked with incorrect arguments for macro
named: vpp_plugin_find_library
Update a call to vpp_plugin_find_library() to include the right
number of parameters.
Change-Id: Ia0d66f93c6f94fdf822e2c3c4fe3f0ad01a90d57
Signed-off-by: Matthew Smith <mgsmith@netgate.com>
|
|
Change-Id: Ib828ea5106f3ae280e4ce233f2462dee363580b7
Signed-off-by: Damjan Marion <damarion@cisco.com>
|
|
Change-Id: I0b996460e05c40e74766563fb2a94c62a65063ce
Signed-off-by: Damjan Marion <damarion@cisco.com>
|
|
Change-Id: Ib73352d6be26d639a7f9d47ca0570a1248bff04a
Signed-off-by: Damjan Marion <damarion@cisco.com>
|
|
Change-Id: I81ecdf9fdcfcb017117b47dc031f93208e004d7c
Signed-off-by: Damjan Marion <damarion@cisco.com>
Signed-off-by: Neale Ranns <nranns@cisco.com>
|
|
With the following local patch, VIC adapters remove default vlan tags
from ingress packets. So, it is no longer necessary to enable VLAN
stripping by default. This change also allows VLAN sub interfaces to
work with VIC adapters.
patches/dpdk_19.02/0001-net-enic-untag-default-vlan-by-default.patch
Change-Id: I2e7d62c62120c351c27d827d90de4a8335efa044
Signed-off-by: Hyong Youb Kim <hyonkim@cisco.com>
|
|
Change-Id: Id5b30d7a394551844a79b3d222d2d26194d033df
Signed-off-by: ChenminSun <chenmin.sun@intel.com>
|
|
Change-Id: I572cbba817275d85c200a4b09a63f4650075f638
Signed-off-by: Jay Lubomirski <jlubomir@cisco.com>
|
|
The log-level dpdk config value should be transparently
forwarded to DPDK via EAL argument. Since DPDK now supports
naming log-levels, VPP no longer needs to parse and call
rte_set_loglevel().
This was the other part of the DPDK log-level change.
It must have got missed during my initial checkin.
Without it passing dynamic log-level values like are silently
ignored.
Fixes: 6ca6ac6c887e ("dpdk: support passing log-level")
Change-Id: I732cec5f638c9924e3ffb04c4753f957e3633d64
Signed-off-by: Stephen Hemminger <stephen@networkplumber.org>
|
|
Upstream DPDK changed the names of the options to use dlopen()
with libibverbs and libmlx[45] from RTE_LIBRTE_MLX[45]_DLOPEN_DEPS
to RTE_IBVERBS_LINK_DLOPEN (handles both mlx4 and mlx5).
VPP's build option to enable this configuration when building DPDK
no longer worked starting when VPP moved to DPDK 19.02. Update VPP's
build options to enable the correct option name.
Change-Id: I8e34e1d3fc4ee8aac4fd6f2a7d27177f2b0dea50
Signed-off-by: Matthew Smith <mgsmith@netgate.com>
|
|
Moved code to the ethernet input node, and the interface output
path(s). Since we no longer skip ethernet-input, there's no reason
for device drivers to know anything about pcap rx tracing, etc.
Change-Id: I08d32fb1b90cbee1bd4f609837d533e047b36fa4
Signed-off-by: Dave Barach <dave@barachs.net>
|
|
Change-Id: I01c4f5755d579282773ac227b0bc24f8ddbb2bd1
Signed-off-by: Damjan Marion <damarion@cisco.com>
|
|
Recent VIC models can support 25, 50, and 100Gbps links. Use the
helper (port_type_from_link_speed) to set the port type as it supports
all possible link speeds.
Change-Id: I748d8ac716a6393d116a9db8a599151c70a9000a
Signed-off-by: Hyong Youb Kim <hyonkim@cisco.com>
|
|
PKT_RX_FDIR is a bit flag, not a bit position.
Change-Id: Ib31ec9257e906b045522fa7c2b515b7b0c13bb32
Signed-off-by: Hyong Youb Kim <hyonkim@cisco.com>
|
|
1) stats are accessed via the stat segment which is more condusive to
monitoring
2) stats are accurate in the presence of multiple threads. There's no
guarantee that an SA is access from only one worker.
Change-Id: Id5e217ea253ddfc9480aaedb0d008dea031b1148
Signed-off-by: Neale Ranns <nranns@cisco.com>
|
|
don't have to convert from mbuf to vlib_buffer then buffer index
save a few clock cycles in crypto-input
plus, a bit improvements of CLI
1. show more information, resource placement & qp stats
2. clear dpdk qp statistics
cleanup cli as sugguested by Sergio Gonzalez Monroy
Change-Id: Ic4fd65bfa9a6b05b344a9a40c554990dde072d19
Signed-off-by: Kingwel Xie <kingwel.xie@ericsson.com>
|
|
Change-Id: I9a2e8ea2bf334dd8dabf3d25abbcc91087a43882
Signed-off-by: Dave Barach <dbarach@cisco.com>
|
|
Change-Id: I4e836244409c98739a13092ee252542a2c5fe259
Signed-off-by: Damjan Marion <damarion@cisco.com>
|
|
in the same maaner as with other tunnel tyeps we use
the FIB to cache and track the destination used to reach
the tunnel endpoint. Post encap we can then ship the packet
straight to this adjacency and thus elide the costly second
lookup.
- SA add and del function so they can be used both directly
from the API and for tunnels.
- API change for the SA dump to use the SA type
- ipsec_key_t type for convenience (copying, [un]formating)
- no matching tunnel counters in ipsec-if-input
Change-Id: I9d144a59667f7bf96442f4ca66bef5c1d3c7f1ea
Signed-off-by: Neale Ranns <nranns@cisco.com>
|
|
Example:
buffers {
default data-size 1536
}
Change-Id: I5b4436850ca18025c9fdcfc7ed648c2c2732d660
Signed-off-by: Damjan Marion <damarion@cisco.com>
|
|
DPDK 19.02 adds two new fields to struct rte_cryptodev_qp_conf,
which the current code was not initializing properly.
Also session mempools are now required to have specific private data.
For that just use the new API to create symmetric session pools.
Change-Id: Ie732d4e10b908aeaea322717d6011113e3e7172c
Signed-off-by: Sergio Gonzalez Monroy <sgmonroy@gmail.com>
|