Age | Commit message (Collapse) | Author | Files | Lines |
|
(VPP-910)
The further prolonged testing from testbed that reported VPP-910
has uncovered a couple of deeper issues with optimization from
7384, and the usage of subscripts rather than vec_elt_at_index()
allowed to hide a couple of further errors in the code.
Also, the current acl-plugin behavior of using the global
heap for its dynamic data is problematic - it makes
the troubleshooting much harder by potentially spreading
the problem around.
Based on this experience, this commits makes a few changes to fix
the issues seen, also improving the serviceability of the acl-plugin
code for the future:
- Use separate mheaps for any ACL-related control plane
operations and separate for the hash lookup datastructures,
to compartmentalize any memory-related issues for the ACL plugin.
- Ensure vec_elt_at_index() usage throughout the hash_lookup.c file.
- Use vectors rather than raw memory for storing the "ordinary" ACL rules.
- Rework the optimization from 7384 to use a separate tail pointer
rather than overloading the "prev" field.
- Make get_session_ptr() more conservative and adjust is_valid_session_ptr
accordingly
Change-Id: Ifda85193f361de5ed3782a4acd39622bd33c5830
Signed-off-by: Andrew Yourtchenko <ayourtch@gmail.com>
(cherry picked from commit bd9c5ffe39e9ce61db95d74d150e07d738f24da1)
|
|
There is a chance to allocate the same outside address and port.
Assign a block of port numbers to each worker.
Change-Id: I6ef7dc0aab4834705f4e6097c362940d18d747e8
Signed-off-by: Matus Fabian <matfabia@cisco.com>
|
|
(VPP-912)
Fix several threading-related issues uncovered by the CSIT scale/performance test:
- make the per-interface add/del counters per-thread
- preallocate the per-worker session pools rather than
attempting to resize them within the datapath
- move the bihash initialization to the moment of ACL
being applied rather than later during the connection creation
- adjust the connection cleaning logic to not require
the signaling from workers to main thread
- make the connection lists check in the main thread robust against workers
updating the list heads at the same time
- add more information to "show acl-plugin sessions" to aid in debugging
Change-Id: If82ef715e4993614df11db5e9afa7fa6b522d9bc
Signed-off-by: Andrew Yourtchenko <ayourtch@gmail.com>
(cherry picked from commit 8e4222fc7e23a478b021930ade3cb7d20938e398)
|
|
Change-Id: I80183f7d984ed6ed2e3405d1bb65fe761a29bc81
Signed-off-by: jerryian <gu.jian1@zte.com.cn>
|
|
Change-Id: Ib4de018a84e9c94df26a8870bf1b04e26204ace1
Signed-off-by: Damjan Marion <damarion@cisco.com>
|
|
- Make tcp output buffer allocation macro an inline function
- Use per ip version per thread tx frames for retransmits and timer
events
- Fix / parameterize tcp data structure preallocation
- Add a couple of gdb-callable show commands
- Fix local endpoint cleanup
Change-Id: I67b47b7570aa14cb4634b6fd93c57cd2eacbfa29
Signed-off-by: Florin Coras <fcoras@cisco.com>
Signed-off-by: Dave Barach <dave@barachs.net>
|
|
Change-Id: Ie0ad3671e3f4b55cd0f14601b6fed9ee2a1cbec0
Signed-off-by: Matus Fabian <matfabia@cisco.com>
|
|
Simplify L2 output feature infra to unify with L2 input feature
infra using the newly improved feature bitmap mechanism.
Updated all L2 features to use the more efficient infra functions.
Change-Id: If8f463826b0af0717129befe92a27ea8cfc40449
Signed-off-by: John Lo <loj@cisco.com>
|
|
Change-Id: I3790739683c6090ffb2aefb4758bd4275856c09a
Signed-off-by: Matus Fabian <matfabia@cisco.com>
|
|
applied as part of many (VPP-910)
change 7385 has added the code which has the first ACE's "prev" entry within the linked list of
shadowed ACEs pointing to the last ACE, in order to avoid the frequent linear list traversal.
That change was not complete and did not update this "prev" entry whenever the last ACE was deleted.
As a result the changes within the applied ACLs which caused the calls to hash_acl_unapply/hash_acl_apply
may result in hitting assert which does the sanity check. The solution is to add the missing update logic.
Change-Id: I9cbe9a7c68b92fa3a22a8efd11b679667d38f186
Signed-off-by: Andrew Yourtchenko <ayourtch@gmail.com>
(cherry picked from commit 45fe7399152f5ca511ba0b03fee3d5a3dffd1897)
|
|
in2out translation as an output feature on the outside interface (postrouting)
Change-Id: I32c0311be09bdf102b9a0885b8b89c7588cb558f
Signed-off-by: Matus Fabian <matfabia@cisco.com>
|
|
Change-Id: I2cb6ce4e29813f6602b14e6e61713fb381fbcef8
Signed-off-by: Dave Barach <dave@barachs.net>
|
|
Change-Id: I123eccea98abafeb31f25d2a162501e2eded60d4
Signed-off-by: Damjan Marion <damarion@cisco.com>
|
|
To save space in the first cacheline following is changed:
- total_length_not_including_first_buffer moved to the 2nd cacheline.
This field is used only when VLIB_BUFFER_TOTAL_LENGTH_VALID and
VLIB_BUFFER_NEXT_PRESENT are both set.
- free_list_index is now stored in 4bits inside flags, which
allows up to 16 free lists. In case we need more we can store index
in the 2nd cachelin
Change-Id: Ic8521350819391af470d31d3fa1013e67ecb7681
Signed-off-by: Damjan Marion <damarion@cisco.com>
|
|
When passive timer has less than 1 second left, it'll be forcifully
changed to 0 when converting from f64 to u64. As a result the
assertion will fail at the beginning of the passive timer start
fuction. This commit fixed this bug by adding a check of the delta.
Change-Id: I899b6e0ab4967dcecc821daf7e812dbbc90969ce
Signed-off-by: Andrew Li <zhaoxili@cisco.com>
|
|
Current optional DPDK PMDs are:
- AESNI MB PMD (SW crypto)
- AESNI GCM PMD (SW crypto)
- MLX4 PMD
- MLX5 PMD
This change will always build DPDK SW crypto PMDs and required SW crypto
libraries, while MLX PMDs are still optional and the user has to build
required libraries.
Now the configure script detects if any of the optional DPDK PMDs were
built and link against their required libraries/dependencies.
Change-Id: I1560bebd71035d6486483f22da90042ec2ce40a1
Signed-off-by: Sergio Gonzalez Monroy <sergio.gonzalez.monroy@intel.com>
|
|
- vnet_buffer_pool_create should probably be named
dpdk_buffer_pool_create since that is what it does.
- Its prototype should also be in a DPDK plugin header, not in
vlib/buffer_funcs.h, since the implementation is in the plugin
and nobody else should be calling it.
Change-Id: I7ba259afa4b888bc94f3ad257305e286b41e7370
Signed-off-by: Chris Luke <chrisy@flirble.org>
|
|
Change-Id: Id117e219146d9994340fb38c00233ea67db8929b
Signed-off-by: Damjan Marion <damarion@cisco.com>
|
|
Change-Id: I0db02dd0147dbd47d4296fdb84280d0e7d321f3c
Signed-off-by: Damjan Marion <damarion@cisco.com>
|
|
Change-Id: I902f54618c4e1f649af11497c1cb10922e43755a
Signed-off-by: Damjan Marion <damarion@cisco.com>
|
|
Change-Id: I1c4d5f92ec841b1cfe1a33eab4bb94e4001d0411
Signed-off-by: Matus Fabian <matfabia@cisco.com>
|
|
Currently, buffer index is calculated as a offset to the physmem
region shifted by log2_cacheline size.
When DPDK is used we "hack" physmem data with information taken from
dpdk mempool. This makes physmem code not usable with DPDK.
This change makes buffer memory start and size independent of physmem
basically allowing physmem to be used when DPDK plugin is loaded.
Change-Id: Ieb399d398f147583b9baab467152a352d58c9c31
Signed-off-by: Damjan Marion <damarion@cisco.com>
|
|
Change-Id: Ief02eb1109a1bc463665d9747e9fa4e0c0e3d7e0
Signed-off-by: Damjan Marion <damarion@cisco.com>
|
|
LLDP packets are dropped at interface output node if each slave's link
is configured as the LLDP interface. The admin state is configured and
managed by the bonded interface, so slave link's state is down by default.
The checking for the admin state UP should be ignored for the slave link.
Change-Id: I06ca250f42fcb8cc50e0ea3a3817a2c5b56865df
Signed-off-by: Steve Shin <jonshin@cisco.com>
|
|
Change-Id: I4868ff6e81c579b29d3ea066976ae145f8b83e9e
Signed-off-by: Matus Fabian <matfabia@cisco.com>
|
|
Change-Id: Ied8b26179cdf4add34440a9c396cb821716cfb8e
Signed-off-by: Damjan Marion <damarion@cisco.com>
|
|
Change https://gerrit.fd.io/r/#/c/7230/ added a Unix domain
CLI socket in the default startup.conf; however unless you
had previously run VPP with the DPDK plugin enabled the
directory that it is created in. /run/vpp, would not exist
and startup would fail. This directory is typically hosted
in a tmpfs ramdisk and is thus ephemeral.
This patch adds a function that attempts to mkdir VPP_RUN_DIR
and uses it in both the DPDK plugin and the CLI code if the
CLI socket is to be created in that directory.
Change-Id: Ibbf925819099dce2b5eb0fa238b9edca1036d6fd
Signed-off-by: Chris Luke <chrisy@flirble.org>
|
|
If a bonded interface is in active-backup mode and configured with
IPv4 and/or IPv6 addresses, on slave interface link up/down, send
a GARP packet if configured with an IPv4 address and an unsolcited
NA if configured with an IPv6 address. These packets can help with
faster route convergence in the next hop router/switch.
Change-Id: I68ccb11a4a40cda414704fa08ee0171c952befa2
Signed-off-by: John Lo <loj@cisco.com>
|
|
When applying ACEs, in the new hash-based scheme, for each ACE
the lookup in the hash table is done, and either that ACE is added
to the end of the existing list if there is a match,
or a new list is created if there is no match.
Usually ACEs do not overlap, so this operation is fast, however,
the fragment-permit entries in case of a large number of ACLs
create a huge list which needs to be traversed for every other
ACE being added, slowing down the process dramatically.
The solution is to add an explicit flag to denote the first
element of the chain, and use the "prev" index of that
element to point to the tail element. The "next" field
of the last element is still ~0 and if we touch that
one, we do the linear search to find the first one,
but that is a relatively infrequent operation.
Change-Id: I352a3becd7854cf39aae65f0950afad7d18a70aa
Signed-off-by: Andrew Yourtchenko <ayourtch@gmail.com>
(cherry picked from commit 204cf74aed51ca07933df7c606754abb4b26fd82)
|
|
The "acl_plugin" tests has one of the tests sporadically fail with the following traceback:
r.reply.decode().rstrip('\x00') UnicodeDecodeError: 'ascii' codec can't decode byte
0xd8 in position 20666: ordinal not in range(128)
This occurs in the newly added "show acl-plugin table" debug CLI.
This CLI has only the numeric outputs, so the conclusion is that it is
the incorrect termination (trailing zero) that might be most probably
causing it. The other acl-plugins show commands also
lack the zero-termination termination, so fix all of them.
The particularity of this command vs. the other acl-plugin debug CLIs
is that the accumulator is freed and allocated multiple times,
this might explain the issue is not seen with them.
Change-Id: I87b5c0d6152fbebcae9c7d0ce97155c1ae6666db
Signed-off-by: Andrew Yourtchenko <ayourtch@gmail.com>
(cherry picked from commit be055bd719559fc79d8a4c06479497c4c0bfae93)
|
|
- removed memif details message from memif API
Change-Id: I21185e7678f375cc10639cdbc3ad2fd84bc95459
Signed-off-by: Jakub Grajciar <grajciar.jakub@gmail.com>
|
|
- fixed problem with tcp_flag
- changed flowtimestamp into NTP format
Change-Id: I4ef05d6c69c5c078a0c80d59c5ccb0c85b924ba6
Signed-off-by: Ole Troan <ot@cisco.com>
|
|
The standard behaviour for binary API is that zeroed arguments are
treated as if the default values were set. This way the configurator
does not need to know what default values are.
This, however, wasn't the case for rx_queues and tx_queues in
memif_create binary API message.
Change-Id: Ib588b472823f6bbb5ef12a798d68b0dda6dd2139
Signed-off-by: Milan Lenco <milan.lenco@pantheon.tech>
|
|
Change-Id: I064d22277a0334c63f3d5072b1584b93e327b331
Signed-off-by: Hongjun Ni <hongjun.ni@intel.com>
|
|
interface
Multiple subsequent calls to vnet_feature_enable_disable() to enable the feature
cause the feature to be inserted into the processing graph multiple times in a row.
This might be argued to be a bug in that function, but enabling already enabled feature
is suboptimal anyway, so avoid that. The existing tests already catch this issue whenever
the ASSERT() part of this patch was added.
Change-Id: Ia2c06f7dc87bbe05795c2c7b7d19ea06270ce150
Signed-off-by: Andrew Yourtchenko <ayourtch@gmail.com>
|
|
added CLI command documentation
added NAT64 user documentation page
Change-Id: I3df400013800fe16351e02db7762ee3f92b195ff
Signed-off-by: Matus Fabian <matfabia@cisco.com>
|
|
If interface is down and queues are not configured then we are not able
to change rx-mode. This change introducess default mode which is stored
per interface and applied if driver wants.
Change-Id: I70149c21c1530eafc148d5e4aa03fbee53dec62f
Signed-off-by: Damjan Marion <damarion@cisco.com>
|
|
custom-dump and in VAT (VPP-885)
Add the missing function to convert the entire array of rules in the respective _endian functions,
rather than just the first rule.
Change-Id: Ic057f27ff7ec20150595efca1a48b74e5850f52b
Signed-off-by: Andrew Yourtchenko <ayourtch@gmail.com>
|
|
It is useful to have the CLI to clear the existing sessions.
There was a work-in-progress CLI but it did not work properly.
Fix it and split into a separate "clear acl-plugin sessions",
and add a unit test into the extended connection-oriented tests.
Change-Id: I55889165ebcee139841fdac88747390903a05394
Signed-off-by: Andrew Yourtchenko <ayourtch@gmail.com>
|
|
ethernet header
When extracting the 5-tuple, use the ethernet_buffer_header_size() so we can correctly
handle the case of subinterfaces, etc.
Change-Id: Ied73fde98d6b313e9eeab2aff4f22daa50a6cbbf
Signed-off-by: Andrew Yourtchenko <ayourtch@gmail.com>
|
|
Remove the unnecessary variable assignment which coverity detected.
Change-Id: I66ac20a8495400ac59192ddb72f16c95f6b4d03c
Signed-off-by: Andrew Yourtchenko <ayourtch@gmail.com>
|
|
A typo resulted in a value being overwritten and flagged as unused, fix the typo.
Change-Id: I512ba94321afb80d12c71ebbb0eec42d9fa6f299
Signed-off-by: Andrew Yourtchenko <ayourtch@gmail.com>
|
|
Change-Id: If397b49861468eed29b964fa64b186f80eb0eceb
Signed-off-by: Matus Fabian <matfabia@cisco.com>
|
|
Change-Id: Iff550fd65f6e559b9fdfbbd53ef92d287c18166c
Signed-off-by: Damjan Marion <damarion@cisco.com>
|
|
The code path which sets the sw_if_index aimed to restrict the output
did not set the flag to trigger that output.
Change-Id: I0a1a3977fdddbce9a276960df43fed745d099ca0
Signed-off-by: Andrew Yourtchenko <ayourtch@gmail.com>
|
|
n_input == 0
The logic to print the line " output " is wrong for the case of n_input == 0,
and the applied ACLs are printed as if they were applied on input.
One may still figure out the truth by looking at the n_input value above,
but it is confusing.
Change-Id: I7b4a4d548e569994678dd1e139eb829456548b88
Signed-off-by: Andrew Yourtchenko <ayourtch@gmail.com>
|
|
Change-Id: I15813167e7c8529f229143de4a8f64f0fb530951
Signed-off-by: Matus Fabian <matfabia@cisco.com>
|
|
Disable CLI/API commands instead of error message on startup.
Change-Id: I313ed6e2ea009f573afb5e08b0e85ed1f9091dc3
Signed-off-by: Matus Fabian <matfabia@cisco.com>
|
|
In IP mode memif interface is L3 point-to-point interfaces and
we don't pass l2 header. There is no l2 header rewrite operation and
received packets are sent straight to ip4-input / ip6-input nodes.
Change-Id: I4177f3fce3004da7ecf14d235006ae053fcf3f09
Signed-off-by: Damjan Marion <damarion@cisco.com>
|
|
Change-Id: Ic81c6098d615fdb6a874e532921efd833fed872c
Signed-off-by: Matus Fabian <matfabia@cisco.com>
|