Age | Commit message (Collapse) | Author | Files | Lines |
|
part 2;
- this adds the code to create an IP and MPLS table via the API.
- but the enforcement that the table must be created before it is used is still missing, this is so that CSIT can pass.
Change-Id: Id124d884ade6cb7da947225200e3bb193454c555
Signed-off-by: Neale Ranns <nranns@cisco.com>
|
|
Test whether the hairpinning flag is set only for packets from NAT inside interface.
Change-Id: I4a4fdd2084a76a70ce9dfe3e2b8332c02fa2eccd
Signed-off-by: Matus Fabian <matfabia@cisco.com>
|
|
This will allow us to use this code in client libraries without vlib.
Change-Id: I8557b752496841ba588aa36b6082cbe2cd1867fe
Signed-off-by: Damjan Marion <damarion@cisco.com>
|
|
Change-Id: Id79d2c2be7a98e15416a537c890a8f2dd6d4464d
Signed-off-by: Damjan Marion <damarion@cisco.com>
|
|
1. coverity complains about "buffer not null terminated" for strncpy because we
pass the size of the destination to the call which is equal to the true size
of the destination. We subtract 1 for the size to accommodate the null like all
other places are already doing it.
2. Add a check to tx_queues in memif_interface_tx_inline to avoid "divide by zero".
3. To avoid null pointer dereference in memif_create_if, change the goto done
rather than goto error and spit a more meaningful error rather than silent about it.
4. Shuffle a line to avoid "check after use" in vl_api_memif_delete_t_handler.
Change-Id: Icba7ecd5362c012a48ac35795d31aab356617420
Signed-off-by: Steven <sluong@cisco.com>
|
|
Change-Id: Ie40c837358454cfe9475cb2c14fdf20b24fa6602
Signed-off-by: Pavel Kotucek <pkotucek@cisco.com>
|
|
Add a counter incremented upon the ACL check,
so it is easier to see which kind of traffic
is being checked by the policy, add the corresponding
output to the debug CLI "show acl-plugin tables" command.
Change-Id: Id811dddf204e63eeceabfcc509e3e9c5aae1dbc8
Signed-off-by: Andrew Yourtchenko <ayourtch@gmail.com>
|
|
This patch adds supprot support for multiple numa-aware physmem regions.
Change-Id: I5c69a6f4da33c8ee21bdb8604d52fd2886f2327e
Signed-off-by: Damjan Marion <damarion@cisco.com>
|
|
Change-Id: Id9c977634a1259865e3403ba0d90aecaca85207d
Signed-off-by: Matus Fabian <matfabia@cisco.com>
|
|
portrange matches on the same hash key (VPP-937)
Multiple portranges that land on the same hash key will always report the match
on the first portrange - even when the subsequent portranges have matched.
Test escape, so make a corresponding test case and fix the code so it passes.
(the commit on stable/1707 has erroneously mentioned VPP-938 jira ticket)
Change-Id: Idbeb8a122252ead2468f5f9dbaf72cf0e8bb78f1
Signed-off-by: Andrew Yourtchenko <ayourtch@gmail.com>
(cherry picked from commit fb088f0a201270e949469c915c529d75ad13353e)
Signed-off-by: Andrew Yourtchenko <ayourtch@gmail.com>
|
|
Change-Id: I4b1f27b95d67d48b7a13750ff8754c344ed7afa7
Signed-off-by: Chris Luke <chrisy@flirble.org>
|
|
added load-balancing static mappings with unequal load support
Change-Id: Ie505e41f24d46f812b94dd28bdafe3dc170a6060
Signed-off-by: Matus Fabian <matfabia@cisco.com>
|
|
Change-Id: I62b7aa896dfe218358f11a5197b1228a3dd67152
Signed-off-by: Sergio Gonzalez Monroy <sergio.gonzalez.monroy@intel.com>
|
|
Change-Id: Ie449072ab1efec081235b508f1def60a1287ff5f
Signed-off-by: Sergio Gonzalez Monroy <sergio.gonzalez.monroy@intel.com>
|
|
Change-Id: I9b29bcff348bddfb49b1c38b1d409249e37bb075
Signed-off-by: Dave Barach <dave@barachs.net>
|
|
Change-Id: Ic99d1db5360f69126b23bb2b78f29d6404cbbae9
Signed-off-by: Hongjun Ni <hongjun.ni@intel.com>
|
|
Change-Id: I9233e427b5f8874492fefb2bfe7c1ab329e366b2
Signed-off-by: Hongjun Ni <hongjun.ni@intel.com>
|
|
Upon hash collision, the flow start time was not reset.
The hash computation techniques (crc32 or xxhash) also both
had bugs which are now fixed.
Change-Id: I94d72997f34018d1699324264f7dded2a5cbd776
Signed-off-by: Pierre Pfister <ppfister@cisco.com>
|
|
Change-Id: I674fb1212e48693939045523df085326a4dd1809
Signed-off-by: Damjan Marion <damarion@cisco.com>
|
|
(complete the fix for VPP-935)
The fix for VPP-935 missed the case that hash_acl_add() and hash_acl_delete() may be called
during the replacement of the existing applied ACL, as a result the "applied" logic needs
to be replicated for the hash acls separately, since it is a lower layer.
Change-Id: I7dcb2b120fcbdceb5e59acb5029f9eb77bd0f240
Signed-off-by: Andrew Yourtchenko <ayourtch@gmail.com>
(cherry picked from commit ce9714032d36d18abe72981552219dff871ff392)
|
|
Change-Id: I440fae09e77502392af5cde45dd9c532afa5d976
Signed-off-by: Hongjun Ni <hongjun.ni@intel.com>
|
|
DPDK 17.08 breaks ethdev and cryptodev APIs.
Address those changes while keeping backwards compatibility for
DPDK 17.02 and 17.05.
Change-Id: Idd6ac264d0d047fe586c41d4c4ca74e8fc778a54
Signed-off-by: Sergio Gonzalez Monroy <sergio.gonzalez.monroy@intel.com>
|
|
New startup config command:
unix {
runtime-dir /run/vpp
}
Also, adds recursive mkdir funtion for use in deifferent places
like cli-config socket path and dpdk hugepage directory path.
Change-Id: I1446ceab9c220c25804e73a743a3ebb383450124
Signed-off-by: Damjan Marion <damarion@cisco.com>
|
|
Change-Id: Ieb81c5e157e342cbb532bd65f3b64059e5838691
Signed-off-by: Matus Fabian <matfabia@cisco.com>
|
|
Change-Id: I99e2766a118754387c9f238fc1b46057ee8a23e7
Signed-off-by: Matus Fabian <matfabia@cisco.com>
|
|
Change-Id: I30a7e3da7a4efc6038a91e27b48045d4b07e2764
Signed-off-by: Matus Fabian <matfabia@cisco.com>
|
|
Change-Id: I30a3df53bc5fe5ab991a657918eb502bd2913440
Signed-off-by: Andrew Yourtchenko <ayourtch@gmail.com>
|
|
Change-Id: Id5812448917ce52984d5a778d5b304c448a752e7
Signed-off-by: Damjan Marion <damarion@cisco.com>
|
|
1) introduce an interface-tx DPO. This is a simple wrapper around a sw_if_index. enhance DPO stacking functions to allow per-instance next-nodes and hence allow children to stack onto the interface per-instance tx node and not on 'interface-output'.
2) update PPPoE code to use ta midchain stack on a interface-tx DPO of the encap-interface. This remove the need for pppoe_encap node (which is replaced by the adj-midchain-tx) and interface-output node is no longer used (see above). Since PPPoE encap node is no longer needed, the PPPoE seesion does not need to be retrieved in the data-path, hence the cahce misses are removed.
Change-Id: Id8b40f53daa14889a9c51d802e14fed7fba4399a
Signed-off-by: Neale Ranns <nranns@cisco.com>
|
|
When adding at least two different types of MACIP acl vpp crash.
Change-Id: Ibbc76b94015311945be081fe0d8af71cf0672332
Signed-off-by: Pavel Kotucek <pkotucek@cisco.com>
|
|
Enable IP address without prefix length, if not given use max (32/128)
Parse correctly type of acl (ipv4).
Change-Id: I3d5d6b45037c9e0f95d2d112ae584f006c6cb4d1
Signed-off-by: Pavel Kotucek <pkotucek@cisco.com>
|
|
In multithread setup the main thread may send packets,
which may pass through the node with permit+reflect action.
This creates the connection in lists for thread0,
however in multithread there are no interupt handlers there.
Ensure we are not spending too much time spinning in a
tight cycle by suspending the main cleaner thread
until the current iteration of interrupts is processed.
Change-Id: Idb7346737757ee9a67b5d3e549bc9ad9aab22e89
Signed-off-by: Andrew Yourtchenko <ayourtch@gmail.com>
(cherry picked from commit c1ff53f25d04ec1cc31844abd38014e91e398b5f)
|
|
make proto optional in nat64_bib_dump and nat64_st_dump
Change-Id: Idd102ce2b1555d38783fd22c84e46b4c48570edc
Signed-off-by: Matus Fabian <matfabia@cisco.com>
|
|
Change-Id: I4cafc8291725feb499355092bd429433e649b5b2
Signed-off-by: Matus Fabian <matfabia@cisco.com>
|
|
plugin heap is not initialized
With the addition of the own heap, the delete routines called from interface deletion
callback may attempt to initialize the ACL plugin heap. This is obviously not
a desirable condition - so, return early from the callback if the ACL plugin
heap has not been initialized yet - there is for sure nothing to clean up.
Change-Id: I08a6ae725294016ff5824189ade91c288e2c473b
Signed-off-by: Andrew Yourtchenko <ayourtch@gmail.com>
|
|
Change-Id: I62939592bd3cb151e02c55a3f1ee6e7d1ce469cb
Signed-off-by: Sergio Gonzalez Monroy <sergio.gonzalez.monroy@intel.com>
|
|
Change-Id: Ic1c440b2594c3ec4cdc75730069f16432cdb9587
Signed-off-by: Hongjun Ni <hongjun.ni@intel.com>
|
|
(VPP-936)
When looking at resource utilisation, it is useful to understand
the interactions between the acl-plugin and the rest of VPP.
MACIP ACLs till now could only be dumped via API,
which is tricky when debugging. Add the CLIs to see
the MACIP ACLs and where they are applied.
Change-Id: I3211901589e3dcff751697831c1cd0e19dcab1da
Signed-off-by: Andrew Yourtchenko <ayourtch@gmail.com>
(cherry picked from commit f2cfcf676e67a7ea80ce20a69826210eb97acba5)
|
|
interface (VPP-935)
The logic in hash ACL bitmask update was using the vector
of ACLs applied to the interface to rebuild the hash lookup mask.
However, in transient cases (like doing group manipulation with
hash ACLs), that will not hold true. Thus, make
a local copy of for which ACL indices the hash_acl_apply
was called previously, and maintain that one local
to the hash_lookup.c file logic.
Change-Id: I30187d68febce8bba2ab6ffbb1eee13b5c96a44b
Signed-off-by: Andrew Yourtchenko <ayourtch@gmail.com>
(cherry picked from commit 1de7d7044434196610190011ebb431f054701259)
|
|
traffic (VPP-910/VPP-929)
The commit fixing the VPP-910 and separating the memory operations
into separate heaps has missed setting the MHEAP_FLAG_THREAD_SAFE,
which quite obviously caused the issues in the multithread setup.
Fix that.
Also, add the debug CLIs
"set acl-plugin heap {main|hash} {validate|trace} {1|0}"
to toggle the memory instrumentation, in case we ever need it
in the future.
Change-Id: I8bd4f7978613f5ea75a030cfb90674dac34ae7bf
Signed-off-by: Andrew Yourtchenko <ayourtch@gmail.com>
(cherry picked from commit e6423bef32ca2ffcfcd7a092eb4673badd53ea4c)
|
|
The packet that was creating the session was not tracked,
consequently the TCP flags seen within the session record
never got the value for the session to get treated as
being in the established state.
Test-escape, so add the TCP tests which test the
three phases of the TCP session life and make them all pass.
Change-Id: Ib048bc30c809a7f03be2de7e8361c2c281270348
Signed-off-by: Andrew Yourtchenko <ayourtch@gmail.com>
(cherry picked from commit 754370f1b55d4102d21dd94676f2bda3170c7df0)
|
|
Change-Id: I6ac10ec0adf179b86f97269bbce2a7fd8796e72a
Signed-off-by: Neale Ranns <nranns@cisco.com>
|
|
Supports 64K PPPoE sessions
This plugin adds three graph nodes:
1) pppoe-input for PPPoE decapsulation
2) pppoe-encap for PPPoE encapsulation
3) pppoe-tap-dispatch for control plane process
Below is the configuration to make PPPoE CP and DP work:
vim /etc/vpp/startup.conf
tuntap {
enable
ethernet
name newtap
}
create pppoe tap tap-if-index 1
//Configure it after a subscriber's PPPoE discovery and PPP link establishment succeeds:
create pppoe session client-ip 100.1.2.1 session-id 1 client-mac 00:11:01:00:00:01
show pppoe fib
show pppoe session
Change-Id: I73e724b6bf7c3e4181a9914c5752da1fa72d7e60
Signed-off-by: Hongjun Ni <hongjun.ni@intel.com>
|
|
[support for VPWS/VPLS]
- switch to using dpo_proto_t rather than fib_protocol_t in fib_paths so that we can describe L2 paths
- VLIB nodes to handle pop/push of MPLS labels to L2
Change-Id: Id050d06a11fd2c9c1c81ce5a0654e6c5ae6afa6e
Signed-off-by: Neale Ranns <nranns@cisco.com>
|
|
It was uncaught by make test because the corresponding tests are not there yet - part of 17.10 deliverables
Change-Id: I55456f1874ce5665a06ee411c7abf37cd19ed814
Signed-off-by: Andrew Yourtchenko <ayourtch@gmail.com>
(cherry picked from commit 58013b73509521789608f24a79a00177797ff9b1)
|
|
Change-Id: I2e71aef1aa745e85ad3234b0b708cdc50f335a75
Signed-off-by: Neale Ranns <neale.ranns@cisco.com>
|
|
(VPP-910)
The further prolonged testing from testbed that reported VPP-910
has uncovered a couple of deeper issues with optimization from
7384, and the usage of subscripts rather than vec_elt_at_index()
allowed to hide a couple of further errors in the code.
Also, the current acl-plugin behavior of using the global
heap for its dynamic data is problematic - it makes
the troubleshooting much harder by potentially spreading
the problem around.
Based on this experience, this commits makes a few changes to fix
the issues seen, also improving the serviceability of the acl-plugin
code for the future:
- Use separate mheaps for any ACL-related control plane
operations and separate for the hash lookup datastructures,
to compartmentalize any memory-related issues for the ACL plugin.
- Ensure vec_elt_at_index() usage throughout the hash_lookup.c file.
- Use vectors rather than raw memory for storing the "ordinary" ACL rules.
- Rework the optimization from 7384 to use a separate tail pointer
rather than overloading the "prev" field.
- Make get_session_ptr() more conservative and adjust is_valid_session_ptr
accordingly
Change-Id: Ifda85193f361de5ed3782a4acd39622bd33c5830
Signed-off-by: Andrew Yourtchenko <ayourtch@gmail.com>
(cherry picked from commit bd9c5ffe39e9ce61db95d74d150e07d738f24da1)
|
|
There is a chance to allocate the same outside address and port.
Assign a block of port numbers to each worker.
Change-Id: I6ef7dc0aab4834705f4e6097c362940d18d747e8
Signed-off-by: Matus Fabian <matfabia@cisco.com>
|
|
(VPP-912)
Fix several threading-related issues uncovered by the CSIT scale/performance test:
- make the per-interface add/del counters per-thread
- preallocate the per-worker session pools rather than
attempting to resize them within the datapath
- move the bihash initialization to the moment of ACL
being applied rather than later during the connection creation
- adjust the connection cleaning logic to not require
the signaling from workers to main thread
- make the connection lists check in the main thread robust against workers
updating the list heads at the same time
- add more information to "show acl-plugin sessions" to aid in debugging
Change-Id: If82ef715e4993614df11db5e9afa7fa6b522d9bc
Signed-off-by: Andrew Yourtchenko <ayourtch@gmail.com>
(cherry picked from commit 8e4222fc7e23a478b021930ade3cb7d20938e398)
|
|
Change-Id: I80183f7d984ed6ed2e3405d1bb65fe761a29bc81
Signed-off-by: jerryian <gu.jian1@zte.com.cn>
|