Age | Commit message (Collapse) | Author | Files | Lines |
|
DPDK API forbids calling rte_eth_xstats_get on a port
which has not been setup up yet.
Citing the DPDK docs (reformated):
"
The functions exported by the application Ethernet API to setup a device
designated by its port identifier must be invoked in the following order:
rte_eth_dev_configure()
rte_eth_tx_queue_setup()
rte_eth_rx_queue_setup()
rte_eth_dev_start()
Then, the network application can invoke, in any order, the functions
exported by the Ethernet API to get the MAC address of a given device,
to get the speed and the status of a device physical link, to
receive/transmit [burst of] packets, and so on.
"
original can be found here:
http://dpdk.org/doc/api/rte__ethdev_8h.html#a36ba70a5a6fce2c2c1f774828ba78f8d
Change-Id: I91854b8b0dd12dd028b4b36665cca49f16eac24c
Signed-off-by: Szymon Sliwa <szs@semihalf.com>
|
|
Change-Id: I166301c9e2388bae5f70ec0179d663a2703e27f5
Signed-off-by: Ole Troan <ot@cisco.com>
|
|
Change-Id: I72439df585e56b3cbb7051f056fc35cddf0c864b
Signed-off-by: Francois Clad <fclad@cisco.com>
|
|
Change-Id: Icb858414145db0e5fef495e155903b3b935e50ba
Signed-off-by: Matus Fabian <matfabia@cisco.com>
|
|
Change-Id: I1552e1418b704fdf1f1fa2c0174313b9b82a37a3
Signed-off-by: Matus Fabian <matfabia@cisco.com>
|
|
Packet trace initiated by dpdk-input node would occasionally
not fully function if next node is ip4-input.
Change packet trace saving order in the quad-loop so "sho trace"
will display trace in packet receive order.
Fold calling of vlib_trace_buffer() into dpdk_add_trace().
Change-Id: I9d7a9bf3b9391f95590e66150b26b0b15912d803
Signed-off-by: John Lo <loj@cisco.com>
|
|
Add a binary API and debug cli to enable/disable cdp. cdp is disabled
by default.
Change-Id: I307c7e38dfda38e36ff3325f65de7036c34d89b1
Signed-off-by: Dave Barach <dave@barachs.net>
|
|
Linux kernel and DPDK recognize the following Ethernet speeds:
10M, 100M, 1G, 2.5G, 5G, 10G, 20G, 25G, 40G, 50G, 56G and 100G.
Add consistent Ethernet speeds to VPP.
Change-Id: I4cfcf378fb34425c1206db5aa2f6bdcc66e0a6ab
Signed-off-by: Lee Roberts <lee.roberts@hpe.com>
|
|
Change-Id: I806cbf8c6c49643fe6c317bcceab93c1b9d441ab
Signed-off-by: Damjan Marion <damarion@cisco.com>
|
|
frag packet can't get reass.
adding bihash,it can rewrite new hash value.
so need to delete hash after compare hash value.
Change-Id: I83b5c47890110e9a598b78cfbe8fcd27bbe291bb
Signed-off-by: ahdj007 <dong.juan1@zte.com.cn>
|
|
Change-Id: Ie8b4effbd25e1e26b625d451ec059bac58a5a5a1
Signed-off-by: Mohsin Kazmi <sykazmi@cisco.com>
|
|
- add infra for pluggable tls "engines"
- makes mbedtls specific code a plugin
Change-Id: I2c5b099e2b69d2be0038e3ef02b208ff907727e7
Signed-off-by: Florin Coras <fcoras@cisco.com>
|
|
The gerrit 10434 which added the support for whitelist model on ethertypes,
did not include the support to dump the current state.
This patch fills that gap.
Change-Id: I3222078ccb1839dc366140fa5f6b8999b2926fd2
Signed-off-by: Andrew Yourtchenko <ayourtch@gmail.com>
|
|
(VPP-1192)
following is not possible:
set interface nat44 out GigabitEthernet0/3/0 output-feature
set interface nat44 out GigabitEthernet0/3/0
Change-Id: I1592cc18390881fda66f98316700886b8f5295f0
Signed-off-by: Matus Fabian <matfabia@cisco.com>
|
|
Change-Id: I0ff13962ab6855663b9aec31c95e4a88cc809ff0
Signed-off-by: Neale Ranns <neale.ranns@cisco.com>
|
|
Though dst-IP address would be change in LB plugin with L3DSR method,
layer-4 checksum would not be recomputed after this change.
Related changes:
- L3DSR: https://gerrit.fd.io/r/#/c/10203/
Change-Id: I98de7b8d80186ac77608a68050208c08d90b7c3b
Signed-off-by: Yusuke Tatsumi <ytatsumi@yahoo-corp.jp>
|
|
in2out and out2in protocol are not same
Change-Id: I4ce680ad1f088cb079e1f2aeb15ca59225fca0d1
Signed-off-by: ahdj007 <dong.juan1@zte.com.cn>
|
|
Change-Id: I8a4a7a85e86acbfe411e6dfa22e3976d7d4c903b
Signed-off-by: ahdj007 <dong.juan1@zte.com.cn>
|
|
dlopen linkage allow more transparent use for Mellanox nics.
Mellanox shared library librte_pmd_mlx5/4_glue.so* placed in LD_LIBRARY_PATH
At run time Mellanox code will be loaded only when Mellanox nics explicty used.
i.e if VPP is used with other vendor Mellanox code is not loaded.
Change-Id: Ib05bdbfc4cbb6e447c67186c98361f9c5b447140
Signed-off-by: Amir Zeidner <amirzei@mellanox.com>
|
|
Change-Id: I99cf3e7cc991aa7d32385a155c707a6516516117
Signed-off-by: Damjan Marion <damarion@cisco.com>
|
|
If forwarding is enabled, inbound packets on an outside
interface should not be dropped and instead pass on to
the FIB lookup. This works for TCP and UDP but not other
IP protocols. Enable it for unknown protocols.
Change-Id: I1da84b5633a36b3e5e64079754db2fcc50f29819
Signed-off-by: Matthew Smith <mgsmith@netgate.com>
|
|
Change-Id: Ib94e9e9e9fcdad9cdb0e3402b3de7d78bd644abe
Signed-off-by: Damjan Marion <damarion@cisco.com>
|
|
forwarding mode:
session initiaded from service host - translate
session initiaded from remote host - do not translate
Change-Id: I48170ee8e4ad14d3d3083ee31a40ef8d10d6ff32
Signed-off-by: Matus Fabian <matfabia@cisco.com>
|
|
Change-Id: Ic30fbcb2630f39e45345d7215babf5d7ed4b33a0
Signed-off-by: Ole Troan <ot@cisco.com>
|
|
Change-Id: I94f6c35bf751d25ca7fe7c67054e676a3ad2241b
Signed-off-by: Ole Troan <ot@cisco.com>
|
|
The VAT calls to MEMIF_SOCKET_FILENAME_ADD_DEL erroneously
cleared the message memory after the M() macro call and
thus lost their message id. Don't do that.
While in the neighborhood, prevent a string copy from
referencing data that doesn't belong to the filename string.
Change-Id: Ib4309608ed617ef4f193880ecf4a0b35fda65e51
Signed-off-by: Jon Loeliger <jdl@netgate.com>
|
|
Change-Id: I1d3ede2b043e1fd4abc54f540bb1d3ac9863016e
Signed-off-by: Damjan Marion <damarion@cisco.com>
|
|
The expression to determine whether to delete a session
from the disposal list only evaluates true if some,
but not all, of the sessions in the list were freed.
When all sessions in the list are freed, it evaluates
false and the sessions are left in the list to be freed
again later, which can result in a session pool element
that was reallocated to a different SA being freed,
breaking crypto for the newer SA.
Add an 'else' that handles the case where all sessions
were freed.
Change-Id: I3ae54d5b3bfc3658bf406caa50646924baaae589
Signed-off-by: Matthew Smith <mgsmith@netgate.com>
|
|
When using a DPDK cryptodev with IPsec, deleting a
session often results in a SEGV. A bad pointer
is being passed to rte_cryptodev_sym_session_free().
Put the correct value on the crypto disposal list and
add a check to determine whether the call to free the
session is going to result in a crash before doing
it.
Change-Id: I8a6b0a594585ebcfa56b555ede7ef7d67e5e2b33
Signed-off-by: Matthew Smith <mgsmith@netgate.com>
|
|
ENA doesn't support scatter-gather. The PMD started
failing rte_eth_dev_rx_queue_config() in DPDK 18.02
if the flag to enable it is set. Turn the flag off in
dpdk_lib_init().
Change-Id: Ifdd9f188c89b46efe82412c75fb935a92436da1c
Signed-off-by: Matthew Smith <mgsmith@netgate.com>
|
|
Problem: rte_eth_dev_set_mtu() returns with failure from ThunderX NICVF
DPDK PMD driver which supports MTU less than ETHERNET_MAX_PACKET_BYTES.
rte_eth_dev_set_mtu() being called twice from dpdk_lib_init(): one via
dpdk_device_setup() and second in dpdk_lib_init() itself. Currently
dpdk_lib_init() passes vnet_hardware_interface->max_packet_bytes as an
argument to rte_eth_dev_set_mtu() without consulting dev_info.max_rx_pktlen.
NICs like i4oe, ixgbe can support MTU much greater than 9216 hence its not
a problem for those NICS.
Fix: This patch calculates dpdk_device->port_conf.rxmode.max_rx_pkt_len,
vnet_hardware_interface->max_packet_bytes and MTU by consulting
dev_info.max_rx_pktlen.
Change-Id: If04bbfae49ee971dac0063ff1835e4a9c3087865
Signed-off-by: Nitin Saxena <nitin.saxena@cavium.com>
|
|
Change-Id: If5cd2e913770adac4e7320f54584da63012f925d
Signed-off-by: Jon Loeliger <jdl@netgate.com>
|
|
17.11 is still default.
Change-Id: I524d232579db8a59c717c5d760398b6b7f811d03
Signed-off-by: Damjan Marion <damarion@cisco.com>
|
|
Change-Id: I1384d16deb3fa38b988dd2fc98f436124e381536
Signed-off-by: Neale Ranns <neale.ranns@cisco.com>
|
|
Call vnet_feature_next() for DHCP replies instead of using
default ip4-lookup. This allows DHCP replies to reach an
outside interface if it's configured as a DHCP client.
Change-Id: Icce1cd68b21256fcd6b1fad6792c06578b0e4e36
Signed-off-by: Matthew Smith <mgsmith@netgate.com>
|
|
NAT input features run after acl-plugin-in-ip4-fa
NAT output features run after acl-plugin-out-ip4-fa
Change-Id: I1e4487a0d6fdb99a90b8db640d9ad0e0eb7347a5
Signed-off-by: Matus Fabian <matfabia@cisco.com>
|
|
Change-Id: Icd2184dec16d30cdcc689ca37c834b5df2f0a1a3
Signed-off-by: Eyal Bari <ebari@cisco.com>
|
|
Classify table for output node should be cleaned up
after deleting macip ACL.
Change-Id: Ibbc46c8465bec02fe6fa6a8d33a1f06bcf28e9ad
Signed-off-by: Steve Shin <jonshin@cisco.com>
|
|
Group Base Policy (GBP) defines:
- endpoints: typically a VM or container that is connected to the
virtual switch/router (i.e. to VPP)
- endpoint-group: (EPG) a collection of endpoints
- policy: rules determining which traffic can pass between EPGs a.k.a
a 'contract'
Here, policy is implemented via an ACL.
EPG classification for transit packets is determined by:
- source EPG: from the packet's input interface
- destination EPG: from the packet's destination IP address.
Change-Id: I7b983844826b5fc3d49e21353ebda9df9b224e25
Signed-off-by: Neale Ranns <neale.ranns@cisco.com>
|
|
interface reconnect.
Change-Id: Ifc7eb2494a22c334d8899422545fca1a4bba4d05
Signed-off-by: Chun Li <chunl2@cisco.com>
|
|
Enable CLIB_HAVE_VEC128 if both aarch64 and __ARM_NEON
ie. armv8 only, not armv7
Add more neon compare intrinsics wrappers.
I only add simple intrinsics wrappers. More complex ones can be added
later as they are needed, with performance tests on the corresponding
feature to back them up.
Remove wrongly added 128bits definitions defined on both armv7 and armv8
without concern for NEON instructions presence.
Notable correspondinf code activations:
* MHEAP_FLAG_SMALL_OBJECT_CACHE in mheap.c
* ip4 fib mtrie leaves access
* enable ixge plugin compilation for aarch64
(conf still disables it by default)
Change-Id: I99953823627bdff6f222d232c78aa7b655aaf77a
Signed-off-by: Gabriel Ganne <gabriel.ganne@enea.com>
|
|
Currently, ACL plugin largely does not care about the
ethertypes other than 0x0800 (IPv4) and 0x86dd (IPv6),
the only exception being 0x0806 (ARP), which is
dealt with by the MACIP ACLs.
The other ethertypes in L2 mode are just let through.
This adds a new API message acl_interface_set_etype_whitelist,
which allows to flip the mode of a given interface
into "ethertype whitelist mode": the caller of this message
must supply the two lists (inbound and outbound) of the ethertypes
that are to be permitted, the rest of the ethertypes are
dropped.
The whitelisting for a given interface and direction takes
effect only when a policy ACL is also applied.
This operates on the same classifier node as the one used for
dispatching the policy ACL, thus, if one wishes for most of the
reasonable IPv4 deployments to continue to operate within
the whitelist mode, they must permit ARP ethertype (0x0806)
The empty list for a given direction resets the processing
to allow the unknown ethertypes. So, if one wants to just
permit the IPv4 and IPv6 and nothing else, one can add
their ethertypes to the whitelist.
Add the "show acl-plugin interface" corresponding outputs
about the whitelists, vat command, and unittests.
Change-Id: I4659978c801f36d554b6615e56e424b77876662c
Signed-off-by: Andrew Yourtchenko <ayourtch@gmail.com>
|
|
This is the second patch, using the new functionality from the change 10002
in order to implement the egress filtering on the MACIP ACLs.
This adds an action "2" which means "add also egress filtering rules for this
MACIP ACL.
The reason for having the two choices is that the egress filtering really takes
care of a fairly corner case scenario, and I am not convinced that
always adding the performance cost of the egress lookup check is worth it.
Also, of course, not breaking the existing implementations is a nice plus,
too.
Change-Id: I3d7883ed45b1cdf98d7303771bcc75951dff38f0
Signed-off-by: Andrew Yourtchenko <ayourtch@gmail.com>
|
|
conn cleaner threads interactions
This replaces some of the early-stage commented-out printf()s with
an elog-based debug collector.
It is aimed to be "better than nothing" initial implementation to be available
in the field. It will be refined/updated based on use. This initial code
is focused on the main/worker threads interactions, hence uses just
the worker tracks.
This code adds a developer debug CLI "set acl-plugin session table event-trace 1",
which allows to gather the events pertaining to connection cleaning.
The CLI is deliberately not part of the online help, as the express
declaration that the semantics/trace levels, etc. are subject to change
without notice.
Change-Id: I3536309f737b73e50639cd5780822dcde667fc2c
Signed-off-by: Andrew Yourtchenko <ayourtch@gmail.com>
|
|
The thread0 in some configurations can handle the traffic.
Some of the previous fixes accomodated for that, but
the interrupt sending for connection clearing
was not adapted to that, resulting in a deadlock
during clearing of all connections...
Change-Id: I32b4c7bac09c91c22b796baab843bdaf41f7045c
Signed-off-by: Andrew Yourtchenko <ayourtch@gmail.com>
|
|
For implementation of MACIP ACLs enhancement (VPP-1088), an outbound
classifier-based ACL would be needed. There was an existing incomplete
code for outbound ACLs, it looked almost exact copy of input ACLs, minus
the various enhancements, trying to sync that code seemed error-prone
and cumbersome to maintain in the longer run.
This change refactors the input+output ACLs processing into a unified
routine (thus any changes will have effect on both), and also adds
the API to set the output interface ACL, with the same format
and semantics as the existing input one (except working on output
ACL of course).
WARNING: IP outbound ACL in L3 mode clobbers the ip.* fields
in the vnet_buffer_opaque_t, since the code is using l2_classify.*
The net_buffer (p0)->ip.save_rewrite_length is rescued into
l2_classify.pad.l2_len, and used to rewind the header in case of
drop, so that ipX_drop prints something sensible.
Change-Id: I62f814f1e3650e504474a3a5359edb8a0a8836ed
Signed-off-by: Andrew Yourtchenko <ayourtch@gmail.com>
|
|
Change-Id: I853386aebfe488ebb10328435b81b6e3403c5dd0
Signed-off-by: Damjan Marion <damarion@cisco.com>
|
|
This patch teaches worer threads to sleep and to be waken up by
kernel if there is activity on file desctiptors assigned to that thread.
It also adds counters to epoll file descriptors and new
debug cli 'show unix file'.
Change-Id: Iaf67869f4aa88ff5b0a08982e1c08474013107c4
Signed-off-by: Damjan Marion <damarion@cisco.com>
|
|
Normally session keys are generated by mirroring the packets sent.
ICMP message type should be used and inverted for the stateful ACL.
Supported ICMP messages with this patch:
- ICMPv4: Echo/Timestamp/Information/Address Mask requests
- ICMPv6: Echo request/Node Information Queury
The invmap & valid_new tables can be modified to make any other
ICMP messages to be reflexive ACL.
Change-Id: Ia47b08b79fe0a5b1f7a995af78de3763d275dbd9
Signed-off-by: Steve Shin <jonshin@cisco.com>
|
|
Change-Id: Ic5e8d74bf5ac84cce5661de44778c89541c67636
Signed-off-by: Matus Fabian <matfabia@cisco.com>
|