Age | Commit message (Collapse) | Author | Files | Lines |
|
GTP4/6.D behavior is updated as shown below.
1. When receiving GTP-U message or IPv6 linklocal destination in inner IP, GTP packet is tnralated to SRv6.
2. When receiving T-PDU packet, OuterIP/UDP/GTP headers are stripped off and Inner IP is encapsulated into SRv6 based on L3VPN SRv6 manner.
Type: feature
Signed-off-by: Tetsuya Murakami <tetsuya.mrk@gmail.com>
Change-Id: I6092c98ea80236d54017f84c5b35cca0b645f034
Signed-off-by: Tetsuya Murakami <tetsuya.mrk@gmail.com>
|
|
Type: improvement
Change-Id: Idb0b079df49c12643c9a93ee0effe011d3489068
Signed-off-by: Damjan Marion <damarion@cisco.com>
|
|
Type: refactor
Change-Id: I2de762953faa5056d5fefa678e4faafbe7710dc6
Signed-off-by: Damjan Marion <damarion@cisco.com>
|
|
This code was actually never working. It was just used as workaround for
Cisco ENIC issue with tagged default vlan frames.
Today Cisco ENIC provides solution to this problem with devargs flags...
Change-Id: Ia8284274117cb200bf6c7f7911d945d5a093d878
Type: refactor
Signed-off-by: Damjan Marion <damarion@cisco.com>
|
|
Type: improvement
Previously multiple sw crypto scheduler queues per core design
caused unaverage frame processing rate for each async op ID –
the lower the op ID is the highly likely they are processed first.
For example, when a RX core is feeding both encryption and
decryption jobs of the same crypto algorithm to the queues at a
high rate, in the mean time the crypto cores have no enough
cycles to process all: the jobs in the decryption queue are less
likely being processed, causing packet drop.
To improve the situation this patch makes every core only owning
a two queues, one for encrypt operations and one for decrypt.
The queue is changed either after checking each core
or after founding a frame to process.
All crypto jobs with different algorithm are pushed to
thoses queues and are treated evenly.
In addition, the crypto async infra now uses unified dequeue handler,
one per engine. Only the active engine will be registered its
dequeue handler in crypto main.
Signed-off-by: DariuszX Kazimierski <dariuszx.kazimierski@intel.com>
Signed-off-by: PiotrX Kleski <piotrx.kleski@intel.com>
Signed-off-by: Fan Zhang <roy.fan.zhang@intel.com>
Signed-off-by: Jakub Wysocki <jakubx.wysocki@intel.com>
Change-Id: I517ee8e31633980de5e0dd4b05e1d5db5dea760e
|
|
It is actually longer and slower...
Type: refactor
Change-Id: I0f126d4cdb13ecc60a2d370409f23820d7f7eb72
Signed-off-by: Damjan Marion <damarion@cisco.com>
|
|
- change 'port' to 'dst-port' to make the input self-explanatory
- add empty spaces to short help
Type: fix
Signed-off-by: Miroslav Miklus <miroslav.miklus@pantheon.tech>
Change-Id: I74c783e6e8629e61b1c100e9355d09cf5e35a750
|
|
- improve format and unformat of bandwidth and delay
- integer packet size
- track worker wheel size as config
Type: improvement
Signed-off-by: Florin Coras <fcoras@cisco.com>
Change-Id: I616fa96237c5e06d9c809bb5c2e0bed0447f2c4d
|
|
Change [1] put static mappings in flow hash. This change also broke
relationship between nat pool addresses and static mappings. Port and
address are no longer reserved in nat pool address records for a new
static mapping.
Because of this change both nat objects and their configuration can
function independently. This change also removed already broken logic of
having static-mapping-only configuration.
In this patch i have cleaned up and removed unnecessary logic for static
mapping configuration functions, address configuration functions,
interface configuraiton functions and all callback functions used for
resolving interface address bound records.
No more viable configuration option static-mapping-only is also removed
because there is no more option to run traffic through vpp for static
mappings without having flow hash table allocated. Instead user is now
able to create static mapping records without using nat pool addresses.
Fixed and improved management of required fib entries (ensuring VPP will
reply to ARP for all external addresses on outside interfaces) through
holding a refcount for their creation and removal.
[1] https://gerrit.fd.io/r/c/vpp/+/34077
Type: improvement
Change-Id: Ic16deefbede833d574c2a5972155c9afa5bc62ce
Signed-off-by: Filip Varga <fivarga@cisco.com>
|
|
This patch improves algorithm responsible for choosing nat pool address
during dynamic session creation.
Patch synchronizes nat pool address attributes with vpp interfaces doing
so gives nat option to determine correct nat pool address when creating
dynamic session.
Improvements:
* match dst address subnet and src fib with nat pool address
* for output-feature also fallback match of tx_sw_if_index with nat
pool address
Type: improvement
Change-Id: I594638bc76fc1153f582add376838b4b72ff573a
Signed-off-by: Filip Varga <fivarga@cisco.com>
|
|
Type: fix
Fixes: 4b1b13315a3c
When adding or deleting a VR, multicast routes can be added or deleted.
When the first VR is added, a local (dpo-receive) route is added. The
route is deleted when the last VR is deleted.
Perform the check on whether to add or delete the route on a per-FIB
basis. Otherwise, if the route is only added after the first VR is added
without regards to the FIB being used and a second VR is added later on
an interface attached to a different FIB, the necessary route will not be
added to the FIB used by the second interface.
Change-Id: Ib30925ecf45c714cfe3ac6a223754bea918f10e3
Signed-off-by: Matthew Smith <mgsmith@netgate.com>
|
|
Type: refactor
Signed-off-by: Neale Ranns <neale@graphiant.com>
Change-Id: I92496501360ee073795206bde87f4731a5ce074c
|
|
Now DPDK have API to register external threads so we can remove this
mess...
Type: improvement
Change-Id: I71a21f0cd94bd668aa406710c75a0bcc63fdc840
Signed-off-by: Damjan Marion <damarion@cisco.com>
|
|
Type: improvement
Signed-off-by: Florin Coras <fcoras@cisco.com>
Change-Id: I2775af35386a4e52ba82991c68bce6c56f13410f
|
|
When trying to read files that are larger than the fifo
a timeout was reached on client side leading to an abort of the request
and a retry (sending another GET command).
The svm fifo notification request was set to notify when the fifo is no
longer full, this lead to an inefficient loop of sending small amounts
of data each time with a large overhead of context switch and waiting
for the next notification, eventually leading to a timeout.
Modifying the trigger on the svm-fifo to be notified on a preset threshold
value enabled sending larger amounts of data between context switches and
sending large files more efficiently. This solved the timeout issue.
In addition, cap the max write from application to 4MB to avoid running
into a case of trying to allocate chunks that are too large.
Reproduce:
Server:
http static server www-root /var/www/data uri tcp://0.0.0.0/80 cache-size 5m fifo-size 300
Client:
wget http://11.0.0.2/file_of_size_32M
Type: fix
Change-Id: Idfceedffd935da9486cde820e9dca5dad69d9ca5
Signed-off-by: Yuval Caduri <cyuval@marvell.com>
Signed-off-by: Michal Kalderon <mkalderon@marvell.com>
|
|
Type: improvement
Change-Id: I06130447b4e6f4726c4f5bffbe606385c45b8bd4
Signed-off-by: Damjan Marion <damarion@cisco.com>
|
|
Enable selective punting of flows to host stack
Type: feature
Signed-off-by: Florin Coras <fcoras@cisco.com>
Change-Id: Ib31a3abfe3b21a2aa448bfacc4591fa5c840f935
|
|
when vrrp vr delete, vr->config.peer_addrs not free
Type: fix
Signed-off-by: jinsh <jinsh11@chinatelecom.cn>
Change-Id: I9ead188d6409412b475b5f6add767cb58f1af6e0
|
|
Type: improvement
Change-Id: I55b080f994eafc4ecfe0e774d7cd05218d715526
Signed-off-by: Benoît Ganne <bganne@cisco.com>
|
|
Building VPP on Arm using clang-13 as compiler will fail with following
error message. The root cause is the unmatched alignment of parameter
key for functions aes128_key_expand/aes256_key_expand on aarch64.
Fix this error by explicitly declaring parameter key as type u8x16u.
[285/2593] ccache /home/snowball/tasks/benchmark_compilers/clang_13/bin/clang-13 --target=aarch64-linux-gnu -D_FORTIFY_SOURCE=2 -I/home/snowball/tasks/benchmark_compilers/vpp-clang-13/src -ICMakeFiles -I/home/snowball/tasks/benchmark_compilers/vpp-clang-13/src/plugins -ICMakeFiles/plugins -fPIC -g -fPIC -Werror -Wall -Wno-address-of-packed-member -O3 -fstack-protector -fno-common -march=armv8.1-a+crc+crypto -MD -MT CMakeFiles/plugins/crypto_native/CMakeFiles/crypto_native_armv8.dir/aes_cbc.c.o -MF CMakeFiles/plugins/crypto_native/CMakeFiles/crypto_native_armv8.dir/aes_cbc.c.o.d -o CMakeFiles/plugins/crypto_native/CMakeFiles/crypto_native_armv8.dir/aes_cbc.c.o -c /home/snowball/tasks/benchmark_compilers/vpp-clang-13/src/plugins/crypto_native/aes_cbc.c
FAILED: CMakeFiles/plugins/crypto_native/CMakeFiles/crypto_native_armv8.dir/aes_cbc.c.o
ccache /home/snowball/tasks/benchmark_compilers/clang_13/bin/clang-13 --target=aarch64-linux-gnu -D_FORTIFY_SOURCE=2 -I/home/snowball/tasks/benchmark_compilers/vpp-clang-13/src -ICMakeFiles -I/home/snowball/tasks/benchmark_compilers/vpp-clang-13/src/plugins -ICMakeFiles/plugins -fPIC -g -fPIC -Werror -Wall -Wno-address-of-packed-member -O3 -fstack-protector -fno-common -march=armv8.1-a+crc+crypto -MD -MT CMakeFiles/plugins/crypto_native/CMakeFiles/crypto_native_armv8.dir/aes_cbc.c.o -MF CMakeFiles/plugins/crypto_native/CMakeFiles/crypto_native_armv8.dir/aes_cbc.c.o.d -o CMakeFiles/plugins/crypto_native/CMakeFiles/crypto_native_armv8.dir/aes_cbc.c.o -c /home/snowball/tasks/benchmark_compilers/vpp-clang-13/src/plugins/crypto_native/aes_cbc.c
In file included from /home/snowball/tasks/benchmark_compilers/vpp-clang-13/src/plugins/crypto_native/aes_cbc.c:22:
/home/snowball/tasks/benchmark_compilers/vpp-clang-13/src/plugins/crypto_native/aes.h:415:40: error: passing 1-byte aligned argument to 16-byte aligned parameter 2 of 'aes128_key_expand' may result in an unaligned pointer access [-Werror,-Walign-mismatch]
aes128_key_expand (key_schedule, (u8x16u const *) key);
^
/home/snowball/tasks/benchmark_compilers/vpp-clang-13/src/plugins/crypto_native/aes.h:421:40: error: passing 1-byte aligned argument to 16-byte aligned parameter 2 of 'aes256_key_expand' may result in an unaligned pointer access [-Werror,-Walign-mismatch]
aes256_key_expand (key_schedule, (u8x16u const *) key);
^
2 errors generated.
Type: fix
Fixes: 415b4b0bb ("crypto-native: refactor GCM code to use generic types")
Signed-off-by: Jieqiang Wang <jieqiang.wang@arm.com>
Reviewed-by: Lijian Zhang <lijian.zhang@arm.com>
Reviewed-by: Tianyu Li <tianyu.li@arm.com>
Change-Id: Ic99a63526031e60760929238922a6e4547388368
|
|
When a message is received, verify that it's sufficiently large to
accomodate any VLAs within message. To do that, we need a way to
calculate message size including any VLAs. This patch adds such
funcionality to vppapigen and necessary C code to use those to validate
message size on receipt. Drop messages which are malformed.
Type: improvement
Signed-off-by: Klement Sekera <ksekera@cisco.com>
Change-Id: I2903aa21dee84be6822b064795ba314de46c18f4
|
|
TCP csum offload fails although udp seems to work.
Type: fix
Fixes: fa1fb60
Signed-off-by: Florin Coras <fcoras@cisco.com>
Change-Id: Ie0651887b09920365806eaad776b0d13059faee8
|
|
Type: fix
Signed-off-by: Han Wu <wuhan9084@163.com>
Change-Id: I0aeafd273b3d1d01df02d638c72461943f91ef90
|
|
Type: feature
Change-Id: I231f782b3c56dc2b10321e4569ac7acdad1c11da
Signed-off-by: Mohsin Kazmi <sykazmi@cisco.com>
|
|
REPLY_MSG_ID_BASE is the standard way to define reply message id base,
so this refactor makes all the files use that. This is a preparation
patch for future safety add-ons which rely on REPLY_MACRO* parameters to
be preprocessor tokens identifying the message instead,
Type: refactor
Signed-off-by: Klement Sekera <ksekera@cisco.com>
Change-Id: Ibe3e056a3d9326d08af45bbcb25588b11e870141
|
|
Type: fix
When registering a new FIB node type, no name was required on the API, and so no name was printed.
Signed-off-by: Neale Ranns <neale@graphiant.com>
Change-Id: I8a99cf29c194637a550061b0a5e9782ffe8b31dd
|
|
Type: test
Change-Id: Ic9fddc9fedd5140984c5901c4cac53dec022dcec
Signed-off-by: Filip Tehlar <ftehlar@cisco.com>
|
|
A bit ugly, but generates faster and less noisy code which
should be important for this particular use case.
Type: improvement
Change-Id: If2bba947dac33ffedb4236a5b3fb50fc783668e1
Signed-off-by: Damjan Marion <damarion@cisco.com>
|
|
Refactoring perf metric support to remove branching on bundle type in
the dispatch wrapper. This change includes caching the rdpmc index at
perfmon_start(), so that the mmap_page.index doesn't need to be looked
up each time. It also exclude the effects of mmap_page.index.
This patch prepares the path for bundles that support general, fixed and
metrics counters simulataneously.
Type: refactor
Signed-off-by: Ray Kinsella <mdr@ashroe.eu>
Change-Id: I9c5b4917bd02fea960e546e8558452c4362eabc4
|
|
Type: improvement
This patch adds AES-CTR-128/192/256 + SHA1 linked algo support to dpdk
cryptodev.
Signed-off-by: PiotrX Kleski <piotrx.kleski@intel.com>
Change-Id: Idc162b29f4075ef8be9577abd3daf6de05f84faa
|
|
Originally cryptodev allocates mempools for seesion and session private
data during its initialization. Moreover the size of these mempools are
fixed resulting in limited session count (up to value specified in
CRYPTODEV_NB_SESSION macro).
This patch allows for session count to scale up by allocating new
mempools as they are needed during session creation.
Type: improvement
Signed-off-by: Dastin Wilski <dastin.wilski@gmail.com>
Change-Id: I6ae240b474d3089d3ff50ca5bc7ff48f149983db
|
|
Type: improvement
Change-Id: Ifa074dfd337f9cd68858468d34abf641fe7f247f
Signed-off-by: Mohsin Kazmi <sykazmi@cisco.com>
|
|
Changed dpdk-input prefetch of vlib_buffer_t to prefetchw.
vlib_buffer_t was being prefetched without 'ownership', which may
cause a stall when the buffer is subsequently written to. This saves
4 clocks a packet when the buffer is shared a cross cores, and has no
impact when not sharing.
Type: improvement
Signed-off-by: Ray Kinsella <mdr@ashroe.eu>
Change-Id: I317af2a38ef536022e68552351a8507861f62dad
|
|
Type: improvement
Signed-off-by: Neale Ranns <nranns@cisco.com>
Signed-off-by: Benoît Ganne <bganne@cisco.com>
Change-Id: I2f30a4f04fd9a8635ce2d259b5fd5b0c85cee8c3
|
|
Fixing the mutliarch versions of vxlan, geneve and friends. Ensures that
main struct is correctly sized for all multiarch permutations.
Type: fix
Fixes: 290526e3c
Signed-off-by: Ray Kinsella <mdr@ashroe.eu>
Change-Id: I7c4c435763a5dcb0c3b429cd4f361d373d480c03
|
|
Type: improvement
Signed-off-by: Florin Coras <fcoras@cisco.com>
Change-Id: Ia25e671084dd2c0010c0577649bf51ba6495b6ac
|
|
On interface delete we were not removing
the lock taken by a previous ip_table_bind()
call thus preventing the VRFs to be removed.
Type: fix
Change-Id: I11abbb51a09b45cd3390b23d5d601d029c5ea485
Signed-off-by: Nathan Skrzypczak <nathan.skrzypczak@gmail.com>
|
|
Originally handshake process gets pointer to value of index peer.
In the meantime this pointer can be invalid due to resize hash table
for wireguard and passed poison value to another function.
The fixes add local variable to keep index of peer instead of value
from pointer.
Type: fix
Signed-off-by: Gabriel Oginski <gabrielx.oginski@intel.com>
Change-Id: I1b2535c44b4f987d19077c75c778aaa5ed71a457
|
|
Type: improvement
Signed-off-by: Mohsin Kazmi <sykazmi@cisco.com>
Change-Id: Iec9dacde170533ca16e8117787e62da8af69ae96
|
|
Add a hint so that it's obvious that fall through in switch statement is
intentional.
Type: fix
Fixes: 34c54dff5c
Signed-off-by: Klement Sekera <ksekera@cisco.com>
Change-Id: I12271227424761fb89b03a390f626c2ab466472c
|
|
Add error handling for incomplete read.
Type: fix
Fixes: 839b1473e9
Signed-off-by: Klement Sekera <ksekera@cisco.com>
Change-Id: Ibf1b2f633793510244ea1aa6af0902021aeb67ad
|
|
Add a cast to avoid coverity warning about potential integer underflow.
Type: fix
Fixes: 839b1473e9
Signed-off-by: Klement Sekera <ksekera@cisco.com>
Change-Id: Iae913e51c1e25aaeca6ce70438451c640d347383
|
|
Modify the ipfix_exporter to use ip_address instead of the ipv4 specific
version. Modify the current code so that it writes into the v4 specific
part of the address, i.e. we are not yet fully supporting IPv6. For the
exporter configured via the original API (the one that is always in slot0)
we will not support IPv6 addresses.
Type: improvement
Signed-off-by: Paul Atkins <patkins@graphiant.com>
Change-Id: Ic9854ac62aaee76a7a55a958234c456fd9828c4c
|
|
When a new flow-report is created the caller provides 2 callback functions.
These functions both take a pointer to the exporter, plus a pointer to the
source and dest address. However the pointers to the address are not adding
any value as these are always set to the src/dest addresses of the exporter
(which is already being passed). Remove these parameters and leave the
callback functions to get the addresses out of the exporter.
Type: improvement
Signed-off-by: Paul Atkins <patkins@graphiant.com>
Change-Id: I36dec394f30e85cdca120dd8706b5d90f5e07c48
|
|
Pass an ipfix_exporter to this function so that callers can choose which
exporter they are modifying.
Type: improvement
Signed-off-by: Paul Atkins <patkins@graphiant.com>
Change-Id: Ice0ed19a57baf15b1dc85cd27fe01913e36d7f4f
|
|
Pull out the fields in flow_report_main_t that are specific to a single
exporter and move them into a new structure that represents an exporter.
Add a pool of exporters to flow_report_main_t and do a pool_get() to get
the entry at index 0, so that the existing users of the code need only
change the path at which they access the old fields and have no need to
make further code changes. In functions that were accessing the fields
that now make up the ipfix_exporter create a local var that points to the
first (always valid) exporter and use this as the base for the fields
rather than finding them from flow_report_main.
This is in preparation for supporting multiple flow_exporters.
Note that at the moment the code supports multiple 'streams' for a given
exporter, where each stream has its own source port, domain id and template
space. But all streams within an exporter have the same destination address,
so this is not the same as multiple exporters.
Type: refactor
Signed-off-by: Paul Atkins <patkins@graphiant.com>
Change-Id: I49f5c7fb9e901773351d31dc8a59178c37e99301
|
|
Type: fix
Using the adjacency to modify the interface's feature arc doesn't work, since there are potentially more than one adj per-interface.
Instead have the interface, when it is created, register what the end node of the feature arc is. This end node is then also used as the interface's tx node (i.e. it is used as the adjacency's next-node).
rename adj-midhcain-tx as 'tunnel-output', that's a bit more intuitive.
There's also a fix in config string handling to:
1- prevent false sharing of strings when the end node of the arc is different.
2- call registered listeners when the end node is changed
For IPSec the consequences are that one cannot provide per-adjacency behaviour using different end-nodes - this was previously done for the no-SA and an SA with no protection. These cases are no handled in the esp-encrypt node.
Signed-off-by: Neale Ranns <neale@graphiant.com>
Change-Id: If3a83d03a3000f28820d9a9cb4101d244803d084
|
|
Type: improvement
Signed-off-by: arikachen <eaglesora@gmail.com>
Signed-off-by: Benoît Ganne <bganne@cisco.com>
Change-Id: If8d57bcf033864935bd5e3a9912b2c1a7c712f44
|
|
In some situation, we support to deploy vpp as per host
and handler packet in container, so we use xdp to redirect
the flow.
Type: improvement
Signed-off-by: arikachen <eaglesora@gmail.com>
Change-Id: Iab42d6a0abb2b330a284d519018a90aff2fa4371
|
|
The problem was reproducible only with icmp packet type
when det44 in, out interfaces were swapped.
Dst addr was unknown but packet has been forwarded.
Type: fix
Ticket: VPP-1958
Signed-off-by: Daniel Béreš <daniel.beres@pantheon.tech>
Change-Id: Ie446cf2ac866955cc668fe2848f954a2ef92e3fa
|