summaryrefslogtreecommitdiffstats
path: root/src/plugins
AgeCommit message (Collapse)AuthorFilesLines
2017-06-19acl-plugin: bihash-based ACL lookupAndrew Yourtchenko10-10/+1572
Add a bihash-based ACL lookup mechanism and make it a new default. This changes the time required to lookup a 5-tuple match from O(total_N_entries) to O(total_N_mask_types), where "mask type" is an overall mask on the 5-tuple required to represent an ACE. For testing/comparison there is a temporary debug CLI "set acl-plugin use-hash-acl-matching {0|1}", which, when set to 0, makes the plugin use the "old" linear lookup, and when set to 1, makes it use the hash-based lookup. Based on the discussions on vpp-dev mailing list, prevent assigning the ACL index to an interface, when the ACL with that index is not defined, also prevent deleting an ACL if that ACL is applied. Also, for the easier debugging of the state, there are new debug CLI commands to see the ACL plugin state at several layers: "show acl-plugin acl [index N]" - show a high-level ACL representation, used for the linear lookup and as a base for building the hashtable-based lookup. Also shows if a given ACL is applied somewhere. "show acl-plugin interface [sw_if_index N]" - show which interfaces have which ACL(s) applied. "show acl-plugin tables" - a lower-level debug command used to see the state of all of the related data structures at once. There are specifiers possible, which make for a more focused and maybe augmented output: "show acl-plugin tables acl [index N]" show the "bitmask-ready" representations of the ACLs, we well as the mask types and their associated indices. "show acl-plutin tables mask" show the derived mask types and their indices only. "show acl-plugin tables applied [sw_if_index N]" show the table of all of the ACEs applied for a given sw_if_index or all interfaces. "show acl-plugin tables hash [verbose N]" show the 48x8 bihash used for the ACL lookup. Change-Id: I89fff051424cb44bcb189e3cee04c1b8f76efc28 Signed-off-by: Andrew Yourtchenko <ayourtch@gmail.com>
2017-06-19NAT64: Hairpinning (VPP-699)Matus Fabian5-24/+428
Change-Id: I83a6c277fa211ac2c2ca2d603650c992886af0a7 Signed-off-by: Matus Fabian <matfabia@cisco.com>
2017-06-16memif: show memif CLI enhancementSteven1-39/+115
Add optional keywords to show memif to allow display a particular interface and option to display the descriptor tables. The new syntax for the show memif command is now show memif [<interface>] [descriptors] Change-Id: I20696bbea1142bdc152b6e351c6ece24b1cf5500 Signed-off-by: Steven <sluong@cisco.com>
2017-06-16memif: jumbo frames supportSteven2-148/+272
Current memif interface supports frame size up to 2048. This patch is to enhance memif to support jumbo frames. On tx (writing buffers to the ring), keep reading the next buffer in vlib when the flag VLIB_BUFFER_NEXT_PRESENT and merge it to the same ring entry. Use descriptor chaining if the buffer is not big enough. On rx (reading buffers from the ring), if the packet is greater than 2048, create multiple vlib buffers, chained with the VLIB_BUFFER_NEXT_PRESENT. Testing: Because the ping command provided by VPP does not support jumbo frames, I have to use linux ping. Here is the set up that I use for testing. VM1 --- vhost ---- VPP1 --- memif --- VPP2 --- vhost --- VM2 Create vhost-user interfaces between VM1 and VPP1 and between VPP2 and VM2 VM configuration: Set the interface mtu on the VM, e.g 9216 to support jumbo frames. create static route and static arp on VM1 to VM2 and vice versa. Use iperf3 or ping -s 8000 from VM1 to VM2 or vice versa. Sample run sluong@ubuntu:~$ ping 131.1.1.1 -c1 -s 8000 ping 131.1.1.1 -c1 -s 8000 PING 131.1.1.1 (131.1.1.1) 8000(8028) bytes of data. 8008 bytes from 131.1.1.1: icmp_seq=1 ttl=62 time=0.835 ms --- 131.1.1.1 ping statistics --- 1 packets transmitted, 1 received, 0% packet loss, time 0ms rtt min/avg/max/mdev = 0.835/0.835/0.835/0.000 ms sluong@ubuntu:~$ DBGvpp# sh interface memif0 Name Idx State Counter Count memif0 1 up rx packets 1 rx bytes 8042 tx packets 1 tx bytes 8042 ip4 1 DBGvpp# Change-Id: I469bece3d45a790dceaee1d6a8e976bd018feee2 Signed-off-by: Steven <sluong@cisco.com>
2017-06-15acl-plugin: store sessions in a single hash table instead of a per-interfaceAndrew Yourtchenko4-22/+39
A bihash-per-interface is convenient, but turns out tricky difficult from the maintenance standpoint with the large number of interfaces. This patch makes the sessions reside in a single hash table for all the interfaces, adding the lower 16 bit of sw_if_index as part of the key into the previously unused space. There is a tradeoff, that a session with an identical 5-tuple and the same sw_if_index modulo 65536 will match on either of the interfaces. The probability of that is deemed sufficiently small to not worry about it. In case it still happens before the heat death of the universe, there is a clib_warning and the colliding packet will be dropped, at which point we will need to bump the hash key size by another u64, but rather not pay the cost of doing that right now. Change-Id: I2747839cfcceda73e597cbcafbe1e377fb8f1889 Signed-off-by: Andrew Yourtchenko <ayourtch@gmail.com>
2017-06-14acl-plugin: shrink the L2 classifier tables used for traffic redirectAndrew Yourtchenko1-17/+17
The previous iteration of the code used the L2 classifier tables for session storage, as a result, the table allocations were pretty big. The new ACL plugin datapath uses the tables just as a redirection mechanism, without adding any entries. Thus, the tables can be much smaller. Change-Id: Ieec4a5abf0abda6e513ab4e675f912f14d47e671 Signed-off-by: Andrew Yourtchenko <ayourtch@gmail.com>
2017-06-13SNAT: fix 1:1 NAT without port hairpinning TCP checksum updateMatus Fabian1-0/+10
Change-Id: I5077fcf3671a6116b475f87e43120efc10ecaa08 Signed-off-by: Matus Fabian <matfabia@cisco.com>
2017-06-13memif: fix crash during interface deleteDamjan Marion1-0/+4
Change-Id: Ide6d26d6fcc81be6f26ac0abe2cd0d6a0838cfe6 Signed-off-by: Damjan Marion <damarion@cisco.com>
2017-06-12memif: complete refactor of socket handling codeDamjan Marion11-1146/+1796
Change-Id: I4d41def83a23f13701f1ddcea722d481e4c85cbc Signed-off-by: Damjan Marion <damarion@cisco.com>
2017-06-12NAT64: bug fixMatus Fabian1-1/+20
ICMP to ICMPv6 error message inner UDP packet translation delete ST entries when deleting static BIB entry Change-Id: I2a28631ac040e20827a692331506cd8254f70916 Signed-off-by: Matus Fabian <matfabia@cisco.com>
2017-06-12Remove calls to crc_u32 and add clib_crc32c for armv8+crcChristophe Fontaine1-3/+10
crc_u32 was not defined for non x86_64 with SSE4.2 processors. Calls to "crc_u32" are removed and replaced by either a call to clib_crc32c or a call to clib_xxhash, as the result is not used as a check value but as a hash. Change-Id: I3af4d68e2e5ebd0c9b0a6090f848d043cb0f20a2 Signed-off-by: Christophe Fontaine <christophe.fontaine@enea.com>
2017-06-12NAT64: coverity fixMatus Fabian1-2/+14
Change-Id: I08544b2f06f993c8a6435901232a0616d0548b94 Signed-off-by: Matus Fabian <matfabia@cisco.com>
2017-06-09acl-plugin: wrap a verbose debug message in the appropriate conditionalAndrew Yourtchenko1-0/+2
Change-Id: Ibd57cb617642e42d4c4d64f186479702b8a81900 Signed-off-by: Andrew Yourtchenko <ayourtch@gmail.com>
2017-06-09dpdk: fix ipsec coverity warningSergio Gonzalez Monroy1-2/+2
CID 170475 Change-Id: I9748dd56bdcb62e68d8f672e5b1619a3be400b8f Signed-off-by: Sergio Gonzalez Monroy <sergio.gonzalez.monroy@intel.com>
2017-06-09NAT64: ICMP error supportMatus Fabian5-15/+202
Added ICMP error messages translation. Added check for multi thread (not supported yet, so init failed). Added API definition for custom NAT64 refix. Change-Id: Ice2f04631af63e594aecc09087a1cf59f3b676fb Signed-off-by: Matus Fabian <matfabia@cisco.com>
2017-06-08acl-plugin: remove clib_warnings on plugin initAndrew Yourtchenko1-3/+0
Change-Id: Ic3c9a914a588824b8abd6668961f731432083c4f Signed-off-by: Andrew Yourtchenko <ayourtch@gmail.com>
2017-06-08NAT64: Add NAT64 support for snat plugin (VPP-699)Matus Fabian12-11/+3676
Basic NAT64 feature (no hairpinning, no multi-thread). Change-Id: I392fccbce93e70c117f4a9a7ec7cf08d6c537f2d Signed-off-by: Matus Fabian <matfabia@cisco.com>
2017-06-07acl-plugin: add a plugin-specific control-ping message api and make the test ↵Andrew Yourtchenko4-1/+75
code use it This fixes the undesirable pause in the dump commands in case there is nothing to dump. Change-Id: I0554556c9e442038aa2a1ed8c88234f21f7fe9b9 Signed-off-by: Andrew Yourtchenko <ayourtch@gmail.com>
2017-06-07acl-plugin: make the ACL plugin multicore-capableAndrew Yourtchenko5-207/+912
Add the logic to be able to use stateful ACLs in a multithreaded setup. Change-Id: I3b0cfa6ca4ea8f46f61648611c3e97b00c3376b6 Signed-off-by: Andrew Yourtchenko <ayourtch@gmail.com>
2017-06-07acl-plugin: fix coverity error in acl_test.cAndrew Yourtchenko1-2/+2
Attempting to supply within a VAT CLI to add the ACLs a rule count override with no rules to add would result in null pointer dereference as we attempt to copy those rules to the message. Add the check to avoid copy if the source pointer is null (i.e. if there are no rules to copy from). This commit fixes coverity errors 166797 and 166792. Change-Id: Icabe060d961ba07dc41f63b8e17fca12ff82aa29 Signed-off-by: Andrew Yourtchenko <ayourtch@gmail.com>
2017-06-07dpdk: ipsec fixesSergio Gonzalez Monroy2-43/+43
- Fix buffer trace from esp_decrypt node - Fix VLIB_REGISTER_NODE macro format - Remove unnecessary code since we do not reconfigure graph unless requirements are met Change-Id: Ic1c2afffb8265e40a6ced0c8a58775c05fadc9e2 Signed-off-by: Sergio Gonzalez Monroy <sergio.gonzalez.monroy@intel.com>
2017-06-07dpdk: fix ipsec coverity warningsSergio Gonzalez Monroy1-2/+3
CID 161044 and 161045 Change-Id: I50a450e231e387f05e354e3b07dc777ab864d018 Signed-off-by: Sergio Gonzalez Monroy <sergio.gonzalez.monroy@intel.com>
2017-06-07Add support for memif API to VAT.Milan Lenco2-0/+364
Change-Id: I01dc439fc84f9213e55ba56982eff34474637115 Signed-off-by: Milan Lenco <milan.lenco@pantheon.tech>
2017-06-06Rework vxlan-gpe to support FIB 2.0 and bypass modeHongjun Ni1-1/+1
Change-Id: I0324f945bdb4dd3b19151be6f3ce24a47a000104 Signed-off-by: Hongjun Ni <hongjun.ni@intel.com>
2017-06-05SNAT: fix ICMP hairpinningMatus Fabian1-1/+67
Change-Id: I9d63133bd1db72917571ade868040c4597c896a1 Signed-off-by: Matus Fabian <matfabia@cisco.com>
2017-06-05More GCC-7 errorsMarco Varlese1-0/+2
The Wmaybe-uninitialized is the new error included with Wall. This patch addresses the warning and fixes it. Change-Id: I8fdf9ff2d236c46b717024a14874fbbbad8af303 Signed-off-by: Marco Varlese <marco.varlese@suse.com>
2017-06-02memif: fix coverity warningsSteven1-0/+2
Check -1 for return from read prior to using the data Change-Id: Ibab7309244de488737ea7938b334fab495bf855d Signed-off-by: Steven <sluong@cisco.com>
2017-06-02Add l3 routing for GTP-U decapHongjun Ni10-14/+25
Change-Id: Ic3c8cd58cb2b02622299cf74c9efcabd2ef2b513 Signed-off-by: Hongjun Ni <hongjun.ni@intel.com>
2017-05-31memif: multi-queues supportSteven7-73/+167
- Add rx-queues and tx-queues option to the create memif CLI - Add vlib_worker_thread_barrier_sync () to memif_conn_fd_read_ready () as the latter function may disconnect the ring and clean up the shared memory. - On transmit, write the rid (queue number) to the socket. - On receive, read the rid and trigger the interrupt for the corresponding thread. Change-Id: If1c7e26c7124174678f047909cbc33e931eaac8c Signed-off-by: Steven <sluong@cisco.com>
2017-05-30Flowprobe: Stateful flows and IPv6, L4 recordingOle Troan18-1915/+2420
Change-Id: I67839281623721bf42f0a918a53356143d9dc78a Signed-off-by: Ole Troan <ot@cisco.com> Signed-off-by: Pavel Kotucek <pkotucek@cisco.com> Signed-off-by: Ole Troan <ot@cisco.com>
2017-05-29memif: master instance crashes when typing quit on slaveSteven1-15/+29
When I type in 'quit' on the slave instance, the master instance crashes on this line. 0: /home/sluong/vpp-master/vpp/build-data/../src/vlib/unix/input.c:200 (linux_epoll_input) assertion `! pool_is_free (um->file_pool, _e)' fails Aborted (core dumped) Below is the decode from gdb line_number=0, fmt=0x7f57af6cc9a0 "%s:%d (%s) assertion `%s' fails") at /home/sluong/vpp-master/vpp/build-data/../src/vppinfra/error.c:143 vm=0x7f57af8e2400 <vlib_global_main>, node=0x7f576d40ad80, frame=0x0) at /home/sluong/vpp-master/vpp/build-data/../src/vlib/unix/input.c:200 vm=0x7f57af8e2400 <vlib_global_main>, node=0x7f576d40ad80, type=VLIB_NODE_TYPE_PRE_INPUT, dispatch_state=VLIB_NODE_STATE_POLLING, frame=0x0, last_time_stamp=1525665215050617) at /home/sluong/vpp-master/vpp/build-data/../src/vlib/main.c:1016 vm=0x7f57af8e2400 <vlib_global_main>, is_main=1) at /home/sluong/vpp-master/vpp/build-data/../src/vlib/main.c:1500 I am able to reproduce the problem consistently with the below procedure. 1. Create 3 memif interfaces between slave and master instances. 2. Type 'quit' on the slave. Neither crashes the first time. 3. Bring back the slave. Type 'quit' on the master. Neither crashes. 4. Bring back the master. Type 'quit' on the slave. The master crashes. There are two places the interrupt line is disconnected and the unix file is removed via the call unix_file_del () 1. memif_int_fd_read_ready () 2. memif_disconnect () which is called via multiple places in memif. When the crash happens, the unix file was removed from memif_disconnect () via memif_conn_fd_read_ready () with size of the message == 0 in recvmsg (). It is noted when the unix file was removed from memif_int_fd_read_ready (), it never crashes. It is a race condition. However, if I follow the aformentioned procedure, the crash always happens. The reason the crash happens when memif_disconnect () removes the unix file is because there may still be pending input in linux_epoll_input (). When linux_epoll_input () tries to access the unix file via the line 200 unix_file_t *f = pool_elt_at_index (um->file_pool, i); it crashes. We could add code in linux_epoll_input () to avoid the crash if the index for the particular file_pool is already free. Or we could fix memif to not remove the unix file in memif_conn_fd_read_ready () when recvmsg () got 0 byte and just postpone the unix file deletion in memif_int_fd_read_ready () later after linux_epoll_input () got a chance to run to empty the input stream. I choose to fix the problem in the latter approach. I split the function memif_disconnect () into two parts. For the code path which memif_conn_fd_read_ready () calls memif_disconnect (), it does not remove the unix file. All other calls to memif_disconnect () will continue to do what it uses to do to avoid regression. Please let me know if I should fix the problem other way. Change-Id: I8efe2a3d24c6581609bc7b6fe82c2b59c22d8e4b Signed-off-by: Steven <sluong@cisco.com>
2017-05-24SNAT: fix IPFIX data src and dst portMatus Fabian1-2/+2
Change-Id: Ifa9582962710a3601fcccbbf388529043fc7f08a Signed-off-by: Matus Fabian <matfabia@cisco.com>
2017-05-24IPv6 Performance bugsNeale Ranns2-2/+1
- inline the FIB lookup function; this requires access to the bihash, so for files that use more than one type this casues problems. those files that include ip6_fib.h unnecessarily have been updated - better use of the feature arcs. ip6-lookup and interface-output are now sentinels (end-node-index in the cm speak) rather than enabled features. Change-Id: I9d1375fee63f7dbb2d327da6124d8e60b63367ec Signed-off-by: Neale Ranns <nranns@cisco.com>
2017-05-23Added support for Virtio-user interfaces by means of a new VNET_DPDK_PORT_TYPE.Mohammed Hawari3-1/+16
Change-Id: I101e32cee8d9de51227b39ec2639c9fb44da1e6c Signed-off-by: Mohammed Hawari <mhawari@cisco.com>
2017-05-22dpdk: make dpdk global debug level configurableDamjan Marion3-33/+30
Adds startup.conf knob: dpdk { log-level debug } Change-Id: I80dfbc00559528d7b0970958fba9f08d97aa7118 Signed-off-by: Damjan Marion <damarion@cisco.com>
2017-05-22Fix GTP-U Coverity issuesHongjun Ni1-24/+15
Change-Id: I982e0dfb96c371672aa636aa7e40f06a84e2bb69 Signed-off-by: Hongjun Ni <hongjun.ni@intel.com>
2017-05-18acl-plugin: reject the too-short variable-length messages from clients (VPP-839)Andrew Yourtchenko1-3/+42
Prior to commit bfd9227e6da567e0e19e026afe94cd4c0b65f725, there was no clean way to check the lower-level message length as supplied by the client, so there was no option but to trust that the client does the right thing and allocates memory correctly. The absence of checks makes it hard for a misbehaving client to spot the problem - because everything "appears" to work correctly for the specific erroneous message exchange. This commit ensures the message received is at least as big as we expect, and complains loudly if it is not. Change-Id: I806eaac7c7f1ab3c64cb2bfa6939ce27da9a2b44 Signed-off-by: Andrew Yourtchenko <ayourtch@gmail.com>
2017-05-17ioam: configuration for SRv6 localsid (VPP-693)shwethab4-23/+54
This add debug cli to accept SRv6 localsid that will be used to attract the return traffic for M-Anycast flows. Change-Id: I8f8dd115c36498141ae4cb143c6584141950b1d3 Signed-off-by: shwethab <shwetha.bhandari@gmail.com> (cherry picked from commit 00c14a94c34fac89e6e589c4a7aad20d8dd183dc)
2017-05-17dpdk: Do not check and set rte_mbuf refcnt if dpdk ver >= 17.05Damjan Marion1-0/+4
According to DPDK release notes this is done by DPDK. Also, it fixes assers in debug image. Change-Id: Ida1d25f8cd0c2232110e44eabd7dc3e512336758 Signed-off-by: Damjan Marion <damarion@cisco.com>
2017-05-16Unneeded linkingMarco Varlese1-0/+4
Removed the linking which does not appear to be necessary when using in repo dpdk and which causes a build failure when using the shared-dpdk mode. Change-Id: I6bad2bd11d6db40fbd2def78f98c6beba66ff416 Signed-off-by: Marco Varlese <marco.varlese@suse.com>
2017-05-16Fix regression of setting device to admin-down stateJohn Lo1-5/+4
Change-Id: I0ffa572839405efe1170d6ddb073e53e9af02db7 Signed-off-by: John Lo <loj@cisco.com>
2017-05-15acl-plugin: unapply the ACLs if interface is being deletedAndrew Yourtchenko1-0/+4
(HC2VPP-137 is the client behavior triggering this) If the user does not unapply the ACLs off the interface, but deletes the interface, the subsequent reuse of the sw_if_index might find itself with the datapath hooked up for ACL processing even though there is no ACL configured. The fix is to unapply any ACLs in the callback which is called upon the sw_if_index addition/deletion. Change-Id: Icea413d7fbf1ef891844a4818626e1b34fe79cbf Signed-off-by: Andrew Yourtchenko <ayourtch@gmail.com> (cherry picked from commit 4c72e629e5ace392390a9d6109594254525064f7)
2017-05-15dpdk: Enable hardware CRC strip for Intel VFsDamjan Marion1-0/+5
Change-Id: I60a7795761fe74ae5d57dacd03c343ddb77434d4 Signed-off-by: Damjan Marion <damarion@cisco.com>
2017-05-15Add GTP-U plugin. VPP-694Hongjun Ni12-0/+4248
Basic GTP-U feature Change-Id: I31226f890a92c5303ac06e112ed7820cae52d9bd Signed-off-by: Hongjun Ni <hongjun.ni@intel.com>
2017-05-15memif: migrate memif to use vnet device infra APIsSteven2-22/+40
Migrate memif to use vnet device infra APIs. No new function is added. Change-Id: I70e440d2ae1e673876365041f31fe78997aceecf Signed-off-by: Steven <sluong@cisco.com>
2017-05-15dpdk: improve error handling during device initializationDamjan Marion6-79/+98
Change-Id: Ib390164abb07ca0d38fd49e7e2e6b4e9ea856405 Signed-off-by: Damjan Marion <damarion@cisco.com>
2017-05-15Add a missing byte-swap call in ACL intf dump.Jon Loeliger1-1/+1
Change-Id: I87495d95dc6c5a36ff6d2ae05203e22e43403bf6 Signed-off-by: Jon Loeliger <jdl@netgate.com>
2017-05-15[plugins/dpdk] Support for CLIB_HAVE_64 (aarch64)Christophe Fontaine1-0/+13
For platforms which do not support u8x32, such as aarch64, add an alternative implementation of 'dpdk_buffer_init_from_template'. Change-Id: Ia7e8d0a5985fa5925e063ed6e890208c73e39933 Signed-off-by: Christophe Fontaine <christophe.fontaine@enea.com>
2017-05-11dpdk: bump to dpdk 17.05Damjan Marion4-22/+16
Change-Id: I19744387859129c6b8dc104041af158bf5f1d988 Signed-off-by: Damjan Marion <damarion@cisco.com>
2017-05-10completelly deprecate os_get_cpu_number, replace new occurencesDamjan Marion4-22/+22
Change-Id: I82c663bc0866c6c68ba354104b0bb059387f4b9d Signed-off-by: Damjan Marion <damarion@cisco.com>