Age | Commit message (Collapse) | Author | Files | Lines |
|
thanks to coverity... validate that the length of the packet on
wire matches the size of the header based on the number of groups
and sources. drop those that don't match.
Change-Id: Iab3f3a835f6a43d9c73c5d502ea5ceccdd6985b0
Signed-off-by: Neale Ranns <nranns@cisco.com>
|
|
It is cheaper to get thread index from vlib_main_t if available...
Change-Id: I4582e160d06d9d7fccdc54271912f0635da79b50
Signed-off-by: Damjan Marion <damarion@cisco.com>
|
|
Change-Id: Ie7621a38a44e7c692e23e58c43d27d8d2aab43e6
Signed-off-by: Damjan Marion <damarion@cisco.com>
|
|
Change-Id: I2cb4cf2167b6e958d2e57b461848a4a189e3fda0
Signed-off-by: Damjan Marion <damarion@cisco.com>
|
|
Change-Id: I57f1db6fabfdb8ddfba514ad754707b24d47c962
Signed-off-by: Francois Clad <fclad@cisco.com>
|
|
Add missing VALIDATE_SW_IF_INDEX macro / check.
Net of this fix, a spurious warning will probably recur. Coverity will
complain that sw_if_index is tainted. Please dismiss the warning.
Change-Id: Iec31ce1d86f742e197e63b0c5d474cd5e496ee5f
Signed-off-by: Dave Barach <dave@barachs.net>
|
|
Change-Id: Id6aba75c30712e9a0ac7b3075bd6cfc49d6bec36
Signed-off-by: Neale Ranns <nranns@cisco.com>
|
|
Change-Id: I56eb15f8fd2d3049845287dc3df7870582764f8b
Signed-off-by: Matus Fabian <matfabia@cisco.com>
|
|
Change-Id: If4da80c7eefe55905594eaaba0946d75f0892da5
Signed-off-by: Igor Mikhailov (imichail) <imichail@cisco.com>
|
|
Change-Id: Ieb8020f57ed5ad20daf552cd62ae3fdd8c573926
Signed-off-by: Juraj Sloboda <jsloboda@cisco.com>
|
|
Increase batch size when recycling buffers. This increases Mpps by 7%.
Change-Id: I2a460611d9c36e9bf087b076fc4e187acf61108f
Signed-off-by: Brian Brooks <brian.brooks@arm.com>
|
|
Change-Id: I5e5b2dd4f4bc3e257824015c723228ac5128d6a0
Signed-off-by: Brian Brooks <brian.brooks@arm.com>
|
|
- Enable/Disable an interface for IGMP
- improve logging
- refactor common code
- no orphaned timers
- IGMP state changes in main thread only
- Large groups split over multiple state-change reports
- SSM range configuration API.
- more tests
Change-Id: If5674f1044e7e97274a711f47807c9ba689d7b9a
Signed-off-by: Neale Ranns <nranns@cisco.com>
|
|
Change-Id: Ib06d9ce0fad48b784fd47db13c7a2f353c845fca
Signed-off-by: Damjan Marion <damarion@cisco.com>
|
|
Change-Id: I8d284117a668dc55c06a6d68fe358a3d7e26c738
Signed-off-by: Jakub Grajciar <jgrajcia@cisco.com>
|
|
Change-Id: Ie899ccbaae4df7cce4ebbba47ed6c3cce5269bdb
Signed-off-by: Florin Coras <fcoras@cisco.com>
|
|
Change-Id: Ibd3a8d28d8f1df2bc14c42e48498f6ac26081192
Signed-off-by: Jakub Grajciar <jgrajcia@cisco.com>
|
|
gcc8 introduced a new warning (Wstringop-truncation) which in our case
is being treated as error.
Disabling the warning globally might introduce bugs related to string
truncation which are not desired by the developer (e.g. bug).
Instead, this patch disables the warning only for those occurences
which have been verified to be non-bugs but the desired behaviour as per
developer will.
Change-Id: I0f04ff6b4fad44061e80a65af633fd7e0148a0c5
Signed-off-by: Marco Varlese <marco.varlese@suse.com>
|
|
A small store into a middle of a larger structure that was subsequently
loaded for calculating the bihash key was noticeably impacting the performance.
Change-Id: If7f33e1b66e8b438ba7cc91abc0ca749850c6e45
Signed-off-by: Andrew Yourtchenko <ayourtch@gmail.com>
|
|
Slightly refactored from the initial implementation of the TupleMerge [1]
algorithm by Valerio Bruschi (valerio.bruschi@telecom-paristech.fr)
[1] James Daly, Eric Torng "TupleMerge: Building Online Packet Classifiers
by Omitting Bits", In Proc. IEEE ICCCN 2017, pp. 1-10
Also add startup parameters to turn on/off the algorithm ("use tuple merge 1/0"),
and a startup parameter to be able to tweak the split threshold
("tuple merge split threshold N"), the default value of the split threshold
is 39 as per paper, but some more tuning might be necessary to find the best
value.
This change, alongside with the optimizations which avoid extra lookups,
significantly reduces the slowdown on the ClassBench generated ACLs, which
are supposed to resemble realistic ACLs seen in use in the field.
Change-Id: I9713e4673970e9a62d4d9e9718365293375fab7b
Signed-off-by: Andrew Yourtchenko <ayourtch@gmail.com>
|
|
Change-Id: I6fa4c6bf9c4e96ba4502a06907bdecc654ace665
Signed-off-by: Damjan Marion <damarion@cisco.com>
|
|
Change-Id: Iddb0b848c53da03116524e203c7112c82b401ac5
Signed-off-by: Matus Fabian <matfabia@cisco.com>
|
|
Change-Id: Iedebbac71d3e694b915d6a126c80ecc3b5473a4a
Signed-off-by: Hongjun Ni <hongjun.ni@intel.com>
|
|
- instantiate the per-use mask type entry for a given hash ACE
this prepares to adding tuplemerge where the applied ACE may
have a different mask type due to relaxing of the tuples
- store the vector of the colliding rules for linear lookups
rather than traversing the linked list.
- store the lowest rule index for a given mask type inside
the structure. This allows to skip looking up at the later
mask types if we already matched an entry that is in front
of the very first entry in the new candidate mask type,
thus saving a worthless hash table lookup.
- use a vector of mask type indices rather than bitmap,
in the sorted order (by construction) of ascending
lowest rule index - this allows to terminate the lookups
early.
- adapt the debug cli outputs accordingly to show the data
- propagate the is_ip6 into the inner calls
Change-Id: I7a67b271e66785c6eab738b632b432d5886a0a8a
Signed-off-by: Andrew Yourtchenko <ayourtch@gmail.com>
|
|
- Some crypto devices rely on rte_cryptodev_start() API to be called by
application to enable a pre-configured H/W Crypto device.
- NXP dpaa2 is one of the example.
Change-Id: I2ad8ca0060604fb4e0541161e91bdebc6642f4da
Signed-off-by: Sachin Saxena <sachin.saxena@nxp.com>
|
|
Change-Id: I6a3cfcb24f5027ec0f2cd2ec21ea47a01fef331b
Signed-off-by: Andrew Yourtchenko <ayourtch@gmail.com>
|
|
Only remaining traces of MAP in the src/vnet is now in buffer.h.
Awaiting a new buffer opaque API (hint, hint).
Change-Id: Ie165561484731f1d7ed6e0f604b43624e06db3f0
Signed-off-by: Ole Troan <ot@cisco.com>
|
|
Switch to combined allow/drop counters
Show matching ip4 neighbor address if known
Add static-allow mactime entries for unknown mac addresses
Add the "clear mactime" command
Change-Id: Ib963981438dfb8a123df1b3c023bd5fcc27f888f
Signed-off-by: Dave Barach <dbarach@cisco.com>
|
|
Change-Id: I7c611d3fa7fabe82294fc22a61d5a3927a2da39d
Signed-off-by: Jessica Tallon <tsyesika@igalia.com>
|
|
Workaround for lack of driver interrupt support. Also quite handy for
home gateway, laptop/vagrant, other use-cases not requiring maximum
vectors/second for proper operation.
Change-Id: Ifc4b98112450664beef67b89ab8a6940a3bf24b5
Signed-off-by: Dave Barach <dave@barachs.net>
|
|
Change-Id: I23caebf602e3e6ff45fdec106a0da88f6de7a284
Signed-off-by: Igor Mikhailov (imichail) <imichail@cisco.com>
|
|
Change-Id: If7bcc6ae3358b5e39bf76481ee58f4dbaa53d895
Signed-off-by: Dave Barach <dave@barachs.net>
|
|
Change-Id: I024c1d398fcb51e5a20f9049d16a87b3b1ba0c20
Signed-off-by: Radu Nicolau <radu.nicolau@intel.com>
|
|
Trying to accomodate fragments as first class citizens
has shown to be more trouble than it's worth. So
fallback to linear ACL search in case it is a fragment
packet. Delete the corresponding code from the hash
matching.
Change-Id: Ic9ecc7c800d575615addb33dcaa89621462e9c7b
Signed-off-by: Andrew Yourtchenko <ayourtch@gmail.com>
|
|
Change-Id: I73b5a4adcfce0d7cd1dd4cf6d9d6a5fb25256bcf
Signed-off-by: Dave Barach <dave@barachs.net>
|
|
in more than one C file
Including the exports.h from multiple .c files belonging to a single plugin results in an error.
Rework the approach to require the table of function pointers to be filled in by
the initialization function.
Since the inline functions are compiled in the "caller" context,
there is no knowledge about the acl_main structure used by the ACL
plugin. To help with that, the signature of inline functions is slightly
different, taking the p_acl_main pointer as the first parameter.
That pointer is filled into the .p_acl_main field of the method
table during the initialization - since the calling of non-inline variants
would have required filling the method table, this should give
minimal headaches during the use and switch between the two methods.
Change-Id: Icb70695efa23579c46c716944838766cebc8573e
Signed-off-by: Andrew Yourtchenko <ayourtch@gmail.com>
|
|
Change-Id: I062d7653e00d77e73a61d8841e01ab4a159b6404
Signed-off-by: Dave Barach <dbarach@cisco.com>
|
|
After calling vlib_packet_template_get_packet(), make sure
packet buffer is allocated before using it.
Change-Id: Idb5199f4e2c9596137b2101e502d611f474a6ffe
Signed-off-by: John Lo <loj@cisco.com>
|
|
Change-Id: I737dad64bf6dd0743d36500d5cfa1cb1a6594b98
Signed-off-by: Eyal Bari <ebari@cisco.com>
|
|
The commit 4bc1796b346efd10f3fb19b176ff089179263a24 had incorrect
calculation of the session lists minimal timeout, resulting
in returned value of 0 which resulted in existing sessions
constantly requeued, taking up the CPU. Fix this calculation.
Change-Id: I9a789739f96a1f01522c68f91b0a02db2417837f
Signed-off-by: Andrew Yourtchenko <ayourtch@gmail.com>
|
|
optimize stores in the (l4/pkt)
Having two pieces of code - one for now much simpler to recreate L3 info,
one for a more difficult do build L4/pkt metadata allows more
degrees of freedom for optimizations.
Also, construct the metadata in local variables first before
saving it into the memory structure, this fewer memory stores
and they are better aligned, allowing to coalesce with
subsequent reads if needed.
Change-Id: Icb35d933834b14294f875362c9b58db3feb38d99
Signed-off-by: Andrew Yourtchenko <ayourtch@gmail.com>
|
|
Change-Id: Ib1e4563dbc027571c77497e5c190201713adc72b
Signed-off-by: Matus Fabian <matfabia@cisco.com>
|
|
- missing RSV bit set in descriptor
- wrong buffer offset
Change-Id: I8b138266652a30a50e4541c6344e4fe3dec4d1ca
Signed-off-by: Damjan Marion <damarion@cisco.com>
|
|
To enable NAT plugin endpoint dependent mode add following to statrup config:
nat { endpoint-dependent }
Enable endpoint dependent filtering and mapping for all sessions.
Move some existing functionality such as service load balancing, twice nat,
out2in-only static mappings and unknown protocol dynamic translations, which
use endpoint dependent lookup hash tables before. Basically split to vanilla
NAT44 and extra features NAT44.
Change-Id: I3925eb5ddcc8f1ec4cf6af4e2a618a7ec7aa9735
Signed-off-by: Matus Fabian <matfabia@cisco.com>
|
|
Change-Id: I26194e00dfb85e5cd1c65ff4e6ffd665be2d719b
Signed-off-by: Ping Yu <ping.yu@intel.com>
|
|
file for testing
Add a command "acl_add_replace_from_file" to VAT which can load a ruleset and
add an ACL with it. There are a few options which augment the ACL being created:
"permit+reflect" or "permit" alter the default action from deny on the ACEs
created.
"append-default-permit" adds an entry in the end with the "permit+reflect"
if the default action has been changed to permit+reflect, or with a simple
permit otherwise.
This command is IPv4-only because the available datasets were IPv4-only.
Change-Id: I26b9f33ecb6b59e051d1d9cbafedbc47e8203392
Signed-off-by: Andrew Yourtchenko <ayourtch@gmail.com>
|
|
Add a new kv_16_8 field into 5tuple union, rename
the existing kv into kv_40_8 for clarity, and
add the compile-time alignment constraints.
Change-Id: I9bfca91f34850a5c89cba590fbfe9b865e63ef94
Signed-off-by: Andrew Yourtchenko <ayourtch@gmail.com>
|
|
contiguous with L4 data
Using ip46_address_t was convenient from operational point of view but created
some difficulties dealing with IPv4 addresses - the extra 3x of u32 padding
are costly, and the "holes" mean we can not use the smaller key-value
data structures for the lookup.
This commit changes the 5tuple layout for the IPv4 case, such that
the src/dst addresses directly precede the L4 information.
That will allow to treat the same data within 40x8 key-value
structure as a 16x8 key-value structure starting with 24 byte offset.
Change-Id: Ifea8d266ca0b9c931d44440bf6dc62446c1a83ec
Signed-off-by: Andrew Yourtchenko <ayourtch@gmail.com>
|
|
Fixes clang error: equality comparison with extraneous parentheses
Changing all the #defines to inlines.
Change-Id: I30a931679ac3325b23b249b1ae28c7c8cf54b012
Signed-off-by: Sirshak Das<sirshak.das@arm.com>
|
|
ip4 vxlan cli/api (using flow infra) to create flows and enable them on
different hardware (currently tested with i40e)
to offload a vxlan tunnel onto hw:
set flow-offload vxlan hw TwentyFiveGigabitEthernet3/0/0 rx vxlan_tunnel1
to remove offload:
set flow-offload vxlan hw TwentyFiveGigabitEthernet3/0/0 rx vxlan_tunnel1 del
TODO:ipv6 handling
Change-Id: I70e61f792ef8e3f007d03d7df70e97ea4725b101
Signed-off-by: Eyal Bari <ebari@cisco.com>
|