summaryrefslogtreecommitdiffstats
path: root/src/plugins
AgeCommit message (Collapse)AuthorFilesLines
2017-08-08acl-plugin: rework the optimization 7383, fortify acl-plugin memory behavior ↵Andrew Yourtchenko5-150/+289
(VPP-910) The further prolonged testing from testbed that reported VPP-910 has uncovered a couple of deeper issues with optimization from 7384, and the usage of subscripts rather than vec_elt_at_index() allowed to hide a couple of further errors in the code. Also, the current acl-plugin behavior of using the global heap for its dynamic data is problematic - it makes the troubleshooting much harder by potentially spreading the problem around. Based on this experience, this commits makes a few changes to fix the issues seen, also improving the serviceability of the acl-plugin code for the future: - Use separate mheaps for any ACL-related control plane operations and separate for the hash lookup datastructures, to compartmentalize any memory-related issues for the ACL plugin. - Ensure vec_elt_at_index() usage throughout the hash_lookup.c file. - Use vectors rather than raw memory for storing the "ordinary" ACL rules. - Rework the optimization from 7384 to use a separate tail pointer rather than overloading the "prev" field. - Make get_session_ptr() more conservative and adjust is_valid_session_ptr accordingly Change-Id: Ifda85193f361de5ed3782a4acd39622bd33c5830 Signed-off-by: Andrew Yourtchenko <ayourtch@gmail.com> (cherry picked from commit bd9c5ffe39e9ce61db95d74d150e07d738f24da1)
2017-08-04SNAT: fix address and port allocation for multiple worker threads (VPP-925)Matus Fabian3-16/+39
There is a chance to allocate the same outside address and port. Assign a block of port numbers to each worker. Change-Id: I6ef7dc0aab4834705f4e6097c362940d18d747e8 Signed-off-by: Matus Fabian <matfabia@cisco.com>
2017-08-03acl-plugin: multicore: CSIT c100k 2-core stateful ACL test does not pass ↵Andrew Yourtchenko4-41/+106
(VPP-912) Fix several threading-related issues uncovered by the CSIT scale/performance test: - make the per-interface add/del counters per-thread - preallocate the per-worker session pools rather than attempting to resize them within the datapath - move the bihash initialization to the moment of ACL being applied rather than later during the connection creation - adjust the connection cleaning logic to not require the signaling from workers to main thread - make the connection lists check in the main thread robust against workers updating the list heads at the same time - add more information to "show acl-plugin sessions" to aid in debugging Change-Id: If82ef715e4993614df11db5e9afa7fa6b522d9bc Signed-off-by: Andrew Yourtchenko <ayourtch@gmail.com> (cherry picked from commit 8e4222fc7e23a478b021930ade3cb7d20938e398)
2017-08-03gtpu bypass function doesn't work (VPP-924)jerryian1-0/+14
Change-Id: I80183f7d984ed6ed2e3405d1bb65fe761a29bc81 Signed-off-by: jerryian <gu.jian1@zte.com.cn>
2017-08-02memif: construct interface name out of socket file idx and intf idDamjan Marion1-2/+4
Change-Id: Ib4de018a84e9c94df26a8870bf1b04e26204ace1 Signed-off-by: Damjan Marion <damarion@cisco.com>
2017-08-02Fix tcp tx buffer allocationFlorin Coras1-0/+1
- Make tcp output buffer allocation macro an inline function - Use per ip version per thread tx frames for retransmits and timer events - Fix / parameterize tcp data structure preallocation - Add a couple of gdb-callable show commands - Fix local endpoint cleanup Change-Id: I67b47b7570aa14cb4634b6fd93c57cd2eacbfa29 Signed-off-by: Florin Coras <fcoras@cisco.com> Signed-off-by: Dave Barach <dave@barachs.net>
2017-07-25SANT: fib_table unlock (VPP-918)Matus Fabian2-1/+11
Change-Id: Ie0ad3671e3f4b55cd0f14601b6fed9ee2a1cbec0 Signed-off-by: Matus Fabian <matfabia@cisco.com>
2017-07-23Improve L2 Input/Output Feature Infrastructure and UsageJohn Lo1-6/+1
Simplify L2 output feature infra to unify with L2 input feature infra using the newly improved feature bitmap mechanism. Updated all L2 features to use the more efficient infra functions. Change-Id: If8f463826b0af0717129befe92a27ea8cfc40449 Signed-off-by: John Lo <loj@cisco.com>
2017-07-21SNAT: in2out translation as an output feature hairpinning (VPP-913)Matus Fabian4-102/+396
Change-Id: I3790739683c6090ffb2aefb4758bd4275856c09a Signed-off-by: Matus Fabian <matfabia@cisco.com>
2017-07-20acl-plugin: assertion failed at hash_lookup.c:226 when modifying ACLs ↵Andrew Yourtchenko1-0/+11
applied as part of many (VPP-910) change 7385 has added the code which has the first ACE's "prev" entry within the linked list of shadowed ACEs pointing to the last ACE, in order to avoid the frequent linear list traversal. That change was not complete and did not update this "prev" entry whenever the last ACE was deleted. As a result the changes within the applied ACLs which caused the calls to hash_acl_unapply/hash_acl_apply may result in hitting assert which does the sanity check. The solution is to add the missing update logic. Change-Id: I9cbe9a7c68b92fa3a22a8efd11b679667d38f186 Signed-off-by: Andrew Yourtchenko <ayourtch@gmail.com> (cherry picked from commit 45fe7399152f5ca511ba0b03fee3d5a3dffd1897)
2017-07-20SNAT: in2out translation as an output feature (VPP-903)Matus Fabian5-38/+495
in2out translation as an output feature on the outside interface (postrouting) Change-Id: I32c0311be09bdf102b9a0885b8b89c7588cb558f Signed-off-by: Matus Fabian <matfabia@cisco.com>
2017-07-18TCP/UDP checksum offload APIDave Barach3-0/+52
Change-Id: I2cb6ce4e29813f6602b14e6e61713fb381fbcef8 Signed-off-by: Dave Barach <dave@barachs.net>
2017-07-14vnet_buffer_t flags cleanupDamjan Marion3-18/+19
Change-Id: I123eccea98abafeb31f25d2a162501e2eded60d4 Signed-off-by: Damjan Marion <damarion@cisco.com>
2017-07-14Introduce l{2,3,4}_hdr_offset fields in the buffer metadataDamjan Marion1-1/+7
To save space in the first cacheline following is changed: - total_length_not_including_first_buffer moved to the 2nd cacheline. This field is used only when VLIB_BUFFER_TOTAL_LENGTH_VALID and VLIB_BUFFER_NEXT_PRESENT are both set. - free_list_index is now stored in 4bits inside flags, which allows up to 16 free lists. In case we need more we can store index in the 2nd cachelin Change-Id: Ic8521350819391af470d31d3fa1013e67ecb7681 Signed-off-by: Damjan Marion <damarion@cisco.com>
2017-07-14flowprobe: Fixed assert error with less than 1 second passive timerAndrew Li1-2/+2
When passive timer has less than 1 second left, it'll be forcifully changed to 0 when converting from f64 to u64. As a result the assertion will fail at the beginning of the passive timer start fuction. This commit fixed this bug by adding a check of the delta. Change-Id: I899b6e0ab4967dcecc821daf7e812dbbc90969ce Signed-off-by: Andrew Li <zhaoxili@cisco.com>
2017-07-14dpdk: update buildSergio Gonzalez Monroy1-1/+6
Current optional DPDK PMDs are: - AESNI MB PMD (SW crypto) - AESNI GCM PMD (SW crypto) - MLX4 PMD - MLX5 PMD This change will always build DPDK SW crypto PMDs and required SW crypto libraries, while MLX PMDs are still optional and the user has to build required libraries. Now the configure script detects if any of the optional DPDK PMDs were built and link against their required libraries/dependencies. Change-Id: I1560bebd71035d6486483f22da90042ec2ce40a1 Signed-off-by: Sergio Gonzalez Monroy <sergio.gonzalez.monroy@intel.com>
2017-07-13dpdk: fix dpdk_buffer_pool_create nameChris Luke3-3/+6
- vnet_buffer_pool_create should probably be named dpdk_buffer_pool_create since that is what it does. - Its prototype should also be in a DPDK plugin header, not in vlib/buffer_funcs.h, since the implementation is in the plugin and nobody else should be calling it. Change-Id: I7ba259afa4b888bc94f3ad257305e286b41e7370 Signed-off-by: Chris Luke <chrisy@flirble.org>
2017-07-12Deprecate support for flattened output nodesDamjan Marion1-1/+0
Change-Id: Id117e219146d9994340fb38c00233ea67db8929b Signed-off-by: Damjan Marion <damarion@cisco.com>
2017-07-12dpdk: prefetch 2nd cacheline of rte_mbuf during txDamjan Marion1-1/+1
Change-Id: I0db02dd0147dbd47d4296fdb84280d0e7d321f3c Signed-off-by: Damjan Marion <damarion@cisco.com>
2017-07-11memif: avoid double buffer freeDamjan Marion1-1/+0
Change-Id: I902f54618c4e1f649af11497c1cb10922e43755a Signed-off-by: Damjan Marion <damarion@cisco.com>
2017-07-11SNAT: fixed bug in fallback to 3-tuple key for non TCP/UDP sessionsMatus Fabian1-0/+4
Change-Id: I1c4d5f92ec841b1cfe1a33eab4bb94e4001d0411 Signed-off-by: Matus Fabian <matfabia@cisco.com>
2017-07-10vlib: store buffer memory information in the buffer_mainDamjan Marion1-65/+4
Currently, buffer index is calculated as a offset to the physmem region shifted by log2_cacheline size. When DPDK is used we "hack" physmem data with information taken from dpdk mempool. This makes physmem code not usable with DPDK. This change makes buffer memory start and size independent of physmem basically allowing physmem to be used when DPDK plugin is loaded. Change-Id: Ieb399d398f147583b9baab467152a352d58c9c31 Signed-off-by: Damjan Marion <damarion@cisco.com>
2017-07-10memif: mask interrupts on startup if we are in the polling modeDamjan Marion1-0/+8
Change-Id: Ief02eb1109a1bc463665d9747e9fa4e0c0e3d7e0 Signed-off-by: Damjan Marion <damarion@cisco.com>
2017-07-08lldp packet transmission on a bonded interfaceSteve Shin1-3/+3
LLDP packets are dropped at interface output node if each slave's link is configured as the LLDP interface. The admin state is configured and managed by the bonded interface, so slave link's state is down by default. The checking for the admin state UP should be ignored for the slave link. Change-Id: I06ca250f42fcb8cc50e0ea3a3817a2c5b56865df Signed-off-by: Steve Shin <jonshin@cisco.com>
2017-07-07SNAT: Fallback to 3-tuple key for non TCP/UDP sessions (VPP-884)Matus Fabian5-79/+578
Change-Id: I4868ff6e81c579b29d3ea066976ae145f8b83e9e Signed-off-by: Matus Fabian <matfabia@cisco.com>
2017-07-06dpdk: add FiftyGigabitEtherenet interface supportDamjan Marion3-0/+7
Change-Id: Ied8b26179cdf4add34440a9c396cb821716cfb8e Signed-off-by: Damjan Marion <damarion@cisco.com>
2017-07-06unix: mkdir VPP_RUN_DIR before opening a socket in itChris Luke1-9/+5
Change https://gerrit.fd.io/r/#/c/7230/ added a Unix domain CLI socket in the default startup.conf; however unless you had previously run VPP with the DPDK plugin enabled the directory that it is created in. /run/vpp, would not exist and startup would fail. This directory is typically hosted in a tmpfs ramdisk and is thus ephemeral. This patch adds a function that attempts to mkdir VPP_RUN_DIR and uses it in both the DPDK plugin and the CLI code if the CLI socket is to be created in that directory. Change-Id: Ibbf925819099dce2b5eb0fa238b9edca1036d6fd Signed-off-by: Chris Luke <chrisy@flirble.org>
2017-07-06Send GARP/NA on bonded intf slave up/down if in active-backup modeJohn Lo3-8/+85
If a bonded interface is in active-backup mode and configured with IPv4 and/or IPv6 addresses, on slave interface link up/down, send a GARP packet if configured with an IPv4 address and an unsolcited NA if configured with an IPv6 address. These packets can help with faster route convergence in the next hop router/switch. Change-Id: I68ccb11a4a40cda414704fa08ee0171c952befa2 Signed-off-by: John Lo <loj@cisco.com>
2017-07-04acl-plugin: VPP-897: applying of large number of ACEs is slowAndrew Yourtchenko2-20/+45
When applying ACEs, in the new hash-based scheme, for each ACE the lookup in the hash table is done, and either that ACE is added to the end of the existing list if there is a match, or a new list is created if there is no match. Usually ACEs do not overlap, so this operation is fast, however, the fragment-permit entries in case of a large number of ACLs create a huge list which needs to be traversed for every other ACE being added, slowing down the process dramatically. The solution is to add an explicit flag to denote the first element of the chain, and use the "prev" index of that element to point to the tail element. The "next" field of the last element is still ~0 and if we touch that one, we do the linear search to find the first one, but that is a relatively infrequent operation. Change-Id: I352a3becd7854cf39aae65f0950afad7d18a70aa Signed-off-by: Andrew Yourtchenko <ayourtch@gmail.com> (cherry picked from commit 204cf74aed51ca07933df7c606754abb4b26fd82)
2017-07-04acl-plugin: fix acl plugin test failing sporadically (VPP-898)Andrew Yourtchenko1-0/+5
The "acl_plugin" tests has one of the tests sporadically fail with the following traceback: r.reply.decode().rstrip('\x00') UnicodeDecodeError: 'ascii' codec can't decode byte 0xd8 in position 20666: ordinal not in range(128) This occurs in the newly added "show acl-plugin table" debug CLI. This CLI has only the numeric outputs, so the conclusion is that it is the incorrect termination (trailing zero) that might be most probably causing it. The other acl-plugins show commands also lack the zero-termination termination, so fix all of them. The particularity of this command vs. the other acl-plugin debug CLIs is that the accumulator is freed and allocated multiple times, this might explain the issue is not seen with them. Change-Id: I87b5c0d6152fbebcae9c7d0ce97155c1ae6666db Signed-off-by: Andrew Yourtchenko <ayourtch@gmail.com> (cherry picked from commit be055bd719559fc79d8a4c06479497c4c0bfae93)
2017-06-30memif: API message handler registration bug-fixJakub Grajciar1-11/+0
- removed memif details message from memif API Change-Id: I21185e7678f375cc10639cdbc3ad2fd84bc95459 Signed-off-by: Jakub Grajciar <grajciar.jakub@gmail.com>
2017-06-27FLOWPROBE: Add flowstartns, flowendns and tcpcontrolbitsOle Troan3-14/+88
- fixed problem with tcp_flag - changed flowtimestamp into NTP format Change-Id: I4ef05d6c69c5c078a0c80d59c5ccb0c85b924ba6 Signed-off-by: Ole Troan <ot@cisco.com>
2017-06-25memif: If rx/tx_queues are unset, use default valuesMilan Lenco1-2/+12
The standard behaviour for binary API is that zeroed arguments are treated as if the default values were set. This way the configurator does not need to know what default values are. This, however, wasn't the case for rx_queues and tx_queues in memif_create binary API message. Change-Id: Ib588b472823f6bbb5ef12a798d68b0dda6dd2139 Signed-off-by: Milan Lenco <milan.lenco@pantheon.tech>
2017-06-22Export and Install GTP-U API fileHongjun Ni1-1/+1
Change-Id: I064d22277a0334c63f3d5072b1584b93e327b331 Signed-off-by: Hongjun Ni <hongjun.ni@intel.com>
2017-06-22acl-plugin: clean up the code enabling/disabling acl-plugin processing on ↵Andrew Yourtchenko2-4/+18
interface Multiple subsequent calls to vnet_feature_enable_disable() to enable the feature cause the feature to be inserted into the processing graph multiple times in a row. This might be argued to be a bug in that function, but enabling already enabled feature is suboptimal anyway, so avoid that. The existing tests already catch this issue whenever the ASSERT() part of this patch was added. Change-Id: Ia2c06f7dc87bbe05795c2c7b7d19ea06270ce150 Signed-off-by: Andrew Yourtchenko <ayourtch@gmail.com>
2017-06-22NAT64: documentationMatus Fabian2-0/+211
added CLI command documentation added NAT64 user documentation page Change-Id: I3df400013800fe16351e02db7762ee3f92b195ff Signed-off-by: Matus Fabian <matfabia@cisco.com>
2017-06-21Introduce default rx mode for device driversDamjan Marion1-1/+1
If interface is down and queues are not configured then we are not able to change rx-mode. This change introducess default mode which is stored per interface and applied if driver wants. Change-Id: I70149c21c1530eafc148d5e4aa03fbee53dec62f Signed-off-by: Damjan Marion <damarion@cisco.com>
2017-06-21acl-plugin: the second and subsequent ACEs incorrect endianness when ↵Andrew Yourtchenko1-4/+22
custom-dump and in VAT (VPP-885) Add the missing function to convert the entire array of rules in the respective _endian functions, rather than just the first rule. Change-Id: Ic057f27ff7ec20150595efca1a48b74e5850f52b Signed-off-by: Andrew Yourtchenko <ayourtch@gmail.com>
2017-06-21acl-plugin: CLI to clear all sessionsAndrew Yourtchenko2-8/+38
It is useful to have the CLI to clear the existing sessions. There was a work-in-progress CLI but it did not work properly. Fix it and split into a separate "clear acl-plugin sessions", and add a unit test into the extended connection-oriented tests. Change-Id: I55889165ebcee139841fdac88747390903a05394 Signed-off-by: Andrew Yourtchenko <ayourtch@gmail.com>
2017-06-21acl-plugin: use ethernet_buffer_header_size() to determine the size of the ↵Andrew Yourtchenko1-1/+1
ethernet header When extracting the 5-tuple, use the ethernet_buffer_header_size() so we can correctly handle the case of subinterfaces, etc. Change-Id: Ied73fde98d6b313e9eeab2aff4f22daa50a6cbbf Signed-off-by: Andrew Yourtchenko <ayourtch@gmail.com>
2017-06-21acl-plugin: fix coverity issue 170476Andrew Yourtchenko1-2/+1
Remove the unnecessary variable assignment which coverity detected. Change-Id: I66ac20a8495400ac59192ddb72f16c95f6b4d03c Signed-off-by: Andrew Yourtchenko <ayourtch@gmail.com>
2017-06-21acl-plugin: fix coverity issue 166801Andrew Yourtchenko1-1/+1
A typo resulted in a value being overwritten and flagged as unused, fix the typo. Change-Id: I512ba94321afb80d12c71ebbb0eec42d9fa6f299 Signed-off-by: Andrew Yourtchenko <ayourtch@gmail.com>
2017-06-21NAT64: custom prefixMatus Fabian6-65/+494
Change-Id: If397b49861468eed29b964fa64b186f80eb0eceb Signed-off-by: Matus Fabian <matfabia@cisco.com>
2017-06-21memif: minor changes in memif.hDamjan Marion2-16/+20
Change-Id: Iff550fd65f6e559b9fdfbbd53ef92d287c18166c Signed-off-by: Damjan Marion <damarion@cisco.com>
2017-06-21acl-plugin: fix coverity error 171135Andrew Yourtchenko1-0/+2
The code path which sets the sw_if_index aimed to restrict the output did not set the flag to trigger that output. Change-Id: I0a1a3977fdddbce9a276960df43fed745d099ca0 Signed-off-by: Andrew Yourtchenko <ayourtch@gmail.com>
2017-06-21acl-plugin: vat: acl_interface_list_dump confusing/incorrect output in case ↵Andrew Yourtchenko1-2/+2
n_input == 0 The logic to print the line " output " is wrong for the case of n_input == 0, and the applied ACLs are printed as if they were applied on input. One may still figure out the truth by looking at the n_input value above, but it is confusing. Change-Id: I7b4a4d548e569994678dd1e139eb829456548b88 Signed-off-by: Andrew Yourtchenko <ayourtch@gmail.com>
2017-06-20SNAT: unknow protocol hairpinning fixMatus Fabian1-1/+1
Change-Id: I15813167e7c8529f229143de4a8f64f0fb530951 Signed-off-by: Matus Fabian <matfabia@cisco.com>
2017-06-19NAT64: change not supported multi threading behaviourMatus Fabian5-6/+104
Disable CLI/API commands instead of error message on startup. Change-Id: I313ed6e2ea009f573afb5e08b0e85ed1f9091dc3 Signed-off-by: Matus Fabian <matfabia@cisco.com>
2017-06-19memif: add ip modeDamjan Marion4-35/+132
In IP mode memif interface is L3 point-to-point interfaces and we don't pass l2 header. There is no l2 header rewrite operation and received packets are sent straight to ip4-input / ip6-input nodes. Change-Id: I4177f3fce3004da7ecf14d235006ae053fcf3f09 Signed-off-by: Damjan Marion <damarion@cisco.com>
2017-06-19SNAT: NAT packet with unknown L4 protocol if match 1:1 NATMatus Fabian2-6/+104
Change-Id: Ic81c6098d615fdb6a874e532921efd833fed872c Signed-off-by: Matus Fabian <matfabia@cisco.com>