summaryrefslogtreecommitdiffstats
path: root/src/plugins
AgeCommit message (Collapse)AuthorFilesLines
2017-08-23NAT: Rename snat plugin to nat (VPP-955)Matus Fabian24-378/+2279
Change-Id: I30a7e3da7a4efc6038a91e27b48045d4b07e2764 Signed-off-by: Matus Fabian <matfabia@cisco.com>
2017-08-22acl-plugin: Recreate the bihash_40_8.h in the proper placeAndrew Yourtchenko4-87/+4
Change-Id: I30a3df53bc5fe5ab991a657918eb502bd2913440 Signed-off-by: Andrew Yourtchenko <ayourtch@gmail.com>
2017-08-22dpdk: fix Cavium ThunderX supportDamjan Marion2-0/+5
Change-Id: Id5812448917ce52984d5a778d5b304c448a752e7 Signed-off-by: Damjan Marion <damarion@cisco.com>
2017-08-21PPPoE usses a midchain adjacency stack on an interface-tx DPONeale Ranns4-435/+122
1) introduce an interface-tx DPO. This is a simple wrapper around a sw_if_index. enhance DPO stacking functions to allow per-instance next-nodes and hence allow children to stack onto the interface per-instance tx node and not on 'interface-output'. 2) update PPPoE code to use ta midchain stack on a interface-tx DPO of the encap-interface. This remove the need for pppoe_encap node (which is replaced by the adj-midchain-tx) and interface-output node is no longer used (see above). Since PPPoE encap node is no longer needed, the PPPoE seesion does not need to be retrieved in the data-path, hence the cahce misses are removed. Change-Id: Id8b40f53daa14889a9c51d802e14fed7fba4399a Signed-off-by: Neale Ranns <nranns@cisco.com>
2017-08-18Fix vpp crash when adding macip aclPavel Kotucek1-1/+1
When adding at least two different types of MACIP acl vpp crash. Change-Id: Ibbc76b94015311945be081fe0d8af71cf0672332 Signed-off-by: Pavel Kotucek <pkotucek@cisco.com>
2017-08-18Fix small issues in ACL apiPavel Kotucek1-3/+11
Enable IP address without prefix length, if not given use max (32/128) Parse correctly type of acl (ipv4). Change-Id: I3d5d6b45037c9e0f95d2d112ae584f006c6cb4d1 Signed-off-by: Pavel Kotucek <pkotucek@cisco.com>
2017-08-18acl-plugin: time out the sessions created by main thread too (VPP-948)Andrew Yourtchenko4-13/+28
In multithread setup the main thread may send packets, which may pass through the node with permit+reflect action. This creates the connection in lists for thread0, however in multithread there are no interupt handlers there. Ensure we are not spending too much time spinning in a tight cycle by suspending the main cleaner thread until the current iteration of interrupts is processed. Change-Id: Idb7346737757ee9a67b5d3e549bc9ad9aab22e89 Signed-off-by: Andrew Yourtchenko <ayourtch@gmail.com> (cherry picked from commit c1ff53f25d04ec1cc31844abd38014e91e398b5f)
2017-08-16SNAT: Make proto optional in nat64_bib_dump (VPP-942)Matus Fabian4-45/+115
make proto optional in nat64_bib_dump and nat64_st_dump Change-Id: Idd102ce2b1555d38783fd22c84e46b4c48570edc Signed-off-by: Matus Fabian <matfabia@cisco.com>
2017-08-16NAT64: Fallback to 3-tuple key for non TCP/UDP sessions (VPP-884)Matus Fabian8-134/+647
Change-Id: I4cafc8291725feb499355092bd429433e649b5b2 Signed-off-by: Matus Fabian <matfabia@cisco.com>
2017-08-15acl-plugin: don't attempt to delete the ACLs on interface deletion if ACL ↵Andrew Yourtchenko1-0/+4
plugin heap is not initialized With the addition of the own heap, the delete routines called from interface deletion callback may attempt to initialize the ACL plugin heap. This is obviously not a desirable condition - so, return early from the callback if the ACL plugin heap has not been initialized yet - there is for sure nothing to clean up. Change-Id: I08a6ae725294016ff5824189ade91c288e2c473b Signed-off-by: Andrew Yourtchenko <ayourtch@gmail.com>
2017-08-14dpdk: cleanup unused build option *_uses_dpdk_cryptodev_swSergio Gonzalez Monroy1-11/+4
Change-Id: I62939592bd3cb151e02c55a3f1ee6e7d1ce469cb Signed-off-by: Sergio Gonzalez Monroy <sergio.gonzalez.monroy@intel.com>
2017-08-11Fix IP fragment-id and offset issue in LB-GRE4Hongjun Ni1-0/+2
Change-Id: Ic1c440b2594c3ec4cdc75730069f16432cdb9587 Signed-off-by: Hongjun Ni <hongjun.ni@intel.com>
2017-08-11acl-plugin: add the debug CLI to show macip ACLs and where they are applied ↵Andrew Yourtchenko1-0/+76
(VPP-936) When looking at resource utilisation, it is useful to understand the interactions between the acl-plugin and the rest of VPP. MACIP ACLs till now could only be dumped via API, which is tricky when debugging. Add the CLIs to see the MACIP ACLs and where they are applied. Change-Id: I3211901589e3dcff751697831c1cd0e19dcab1da Signed-off-by: Andrew Yourtchenko <ayourtch@gmail.com> (cherry picked from commit f2cfcf676e67a7ea80ce20a69826210eb97acba5)
2017-08-10acl-plugin: hash lookup bitmask not cleared when ACL is unapplied from ↵Andrew Yourtchenko3-4/+31
interface (VPP-935) The logic in hash ACL bitmask update was using the vector of ACLs applied to the interface to rebuild the hash lookup mask. However, in transient cases (like doing group manipulation with hash ACLs), that will not hold true. Thus, make a local copy of for which ACL indices the hash_acl_apply was called previously, and maintain that one local to the hash_lookup.c file logic. Change-Id: I30187d68febce8bba2ab6ffbb1eee13b5c96a44b Signed-off-by: Andrew Yourtchenko <ayourtch@gmail.com> (cherry picked from commit 1de7d7044434196610190011ebb431f054701259)
2017-08-10acl-plugin: avoid crash in multithreaded setup adding/deleting ACLs with ↵Andrew Yourtchenko3-0/+83
traffic (VPP-910/VPP-929) The commit fixing the VPP-910 and separating the memory operations into separate heaps has missed setting the MHEAP_FLAG_THREAD_SAFE, which quite obviously caused the issues in the multithread setup. Fix that. Also, add the debug CLIs "set acl-plugin heap {main|hash} {validate|trace} {1|0}" to toggle the memory instrumentation, in case we ever need it in the future. Change-Id: I8bd4f7978613f5ea75a030cfb90674dac34ae7bf Signed-off-by: Andrew Yourtchenko <ayourtch@gmail.com> (cherry picked from commit e6423bef32ca2ffcfcd7a092eb4673badd53ea4c)
2017-08-10acl-plugin: all TCP sessions treated as transient (VPP-932)Andrew Yourtchenko1-3/+6
The packet that was creating the session was not tracked, consequently the TCP flags seen within the session record never got the value for the session to get treated as being in the established state. Test-escape, so add the TCP tests which test the three phases of the TCP session life and make them all pass. Change-Id: Ib048bc30c809a7f03be2de7e8361c2c281270348 Signed-off-by: Andrew Yourtchenko <ayourtch@gmail.com> (cherry picked from commit 754370f1b55d4102d21dd94676f2bda3170c7df0)
2017-08-09PPPoE: use DPO protos in FIB entry path add/removeNeale Ranns1-2/+3
Change-Id: I6ac10ec0adf179b86f97269bbce2a7fd8796e72a Signed-off-by: Neale Ranns <nranns@cisco.com>
2017-08-09Add PPPoE PluginHongjun Ni14-0/+2902
Supports 64K PPPoE sessions This plugin adds three graph nodes: 1) pppoe-input for PPPoE decapsulation 2) pppoe-encap for PPPoE encapsulation 3) pppoe-tap-dispatch for control plane process Below is the configuration to make PPPoE CP and DP work: vim /etc/vpp/startup.conf tuntap { enable ethernet name newtap } create pppoe tap tap-if-index 1 //Configure it after a subscriber's PPPoE discovery and PPP link establishment succeeds: create pppoe session client-ip 100.1.2.1 session-id 1 client-mac 00:11:01:00:00:01 show pppoe fib show pppoe session Change-Id: I73e724b6bf7c3e4181a9914c5752da1fa72d7e60 Signed-off-by: Hongjun Ni <hongjun.ni@intel.com>
2017-08-08L2 over MPLSNeale Ranns2-2/+2
[support for VPWS/VPLS] - switch to using dpo_proto_t rather than fib_protocol_t in fib_paths so that we can describe L2 paths - VLIB nodes to handle pop/push of MPLS labels to L2 Change-Id: Id050d06a11fd2c9c1c81ce5a0654e6c5ae6afa6e Signed-off-by: Neale Ranns <nranns@cisco.com>
2017-08-08acl-plugin: fix a misplaced return (VPP-910)Andrew Yourtchenko1-1/+1
It was uncaught by make test because the corresponding tests are not there yet - part of 17.10 deliverables Change-Id: I55456f1874ce5665a06ee411c7abf37cd19ed814 Signed-off-by: Andrew Yourtchenko <ayourtch@gmail.com> (cherry picked from commit 58013b73509521789608f24a79a00177797ff9b1)
2017-08-08MAC IP ACL interface list dump (as an alternative to the get/reply)Neale Ranns2-1/+90
Change-Id: I2e71aef1aa745e85ad3234b0b708cdc50f335a75 Signed-off-by: Neale Ranns <neale.ranns@cisco.com>
2017-08-08acl-plugin: rework the optimization 7383, fortify acl-plugin memory behavior ↵Andrew Yourtchenko5-150/+289
(VPP-910) The further prolonged testing from testbed that reported VPP-910 has uncovered a couple of deeper issues with optimization from 7384, and the usage of subscripts rather than vec_elt_at_index() allowed to hide a couple of further errors in the code. Also, the current acl-plugin behavior of using the global heap for its dynamic data is problematic - it makes the troubleshooting much harder by potentially spreading the problem around. Based on this experience, this commits makes a few changes to fix the issues seen, also improving the serviceability of the acl-plugin code for the future: - Use separate mheaps for any ACL-related control plane operations and separate for the hash lookup datastructures, to compartmentalize any memory-related issues for the ACL plugin. - Ensure vec_elt_at_index() usage throughout the hash_lookup.c file. - Use vectors rather than raw memory for storing the "ordinary" ACL rules. - Rework the optimization from 7384 to use a separate tail pointer rather than overloading the "prev" field. - Make get_session_ptr() more conservative and adjust is_valid_session_ptr accordingly Change-Id: Ifda85193f361de5ed3782a4acd39622bd33c5830 Signed-off-by: Andrew Yourtchenko <ayourtch@gmail.com> (cherry picked from commit bd9c5ffe39e9ce61db95d74d150e07d738f24da1)
2017-08-04SNAT: fix address and port allocation for multiple worker threads (VPP-925)Matus Fabian3-16/+39
There is a chance to allocate the same outside address and port. Assign a block of port numbers to each worker. Change-Id: I6ef7dc0aab4834705f4e6097c362940d18d747e8 Signed-off-by: Matus Fabian <matfabia@cisco.com>
2017-08-03acl-plugin: multicore: CSIT c100k 2-core stateful ACL test does not pass ↵Andrew Yourtchenko4-41/+106
(VPP-912) Fix several threading-related issues uncovered by the CSIT scale/performance test: - make the per-interface add/del counters per-thread - preallocate the per-worker session pools rather than attempting to resize them within the datapath - move the bihash initialization to the moment of ACL being applied rather than later during the connection creation - adjust the connection cleaning logic to not require the signaling from workers to main thread - make the connection lists check in the main thread robust against workers updating the list heads at the same time - add more information to "show acl-plugin sessions" to aid in debugging Change-Id: If82ef715e4993614df11db5e9afa7fa6b522d9bc Signed-off-by: Andrew Yourtchenko <ayourtch@gmail.com> (cherry picked from commit 8e4222fc7e23a478b021930ade3cb7d20938e398)
2017-08-03gtpu bypass function doesn't work (VPP-924)jerryian1-0/+14
Change-Id: I80183f7d984ed6ed2e3405d1bb65fe761a29bc81 Signed-off-by: jerryian <gu.jian1@zte.com.cn>
2017-08-02memif: construct interface name out of socket file idx and intf idDamjan Marion1-2/+4
Change-Id: Ib4de018a84e9c94df26a8870bf1b04e26204ace1 Signed-off-by: Damjan Marion <damarion@cisco.com>
2017-08-02Fix tcp tx buffer allocationFlorin Coras1-0/+1
- Make tcp output buffer allocation macro an inline function - Use per ip version per thread tx frames for retransmits and timer events - Fix / parameterize tcp data structure preallocation - Add a couple of gdb-callable show commands - Fix local endpoint cleanup Change-Id: I67b47b7570aa14cb4634b6fd93c57cd2eacbfa29 Signed-off-by: Florin Coras <fcoras@cisco.com> Signed-off-by: Dave Barach <dave@barachs.net>
2017-07-25SANT: fib_table unlock (VPP-918)Matus Fabian2-1/+11
Change-Id: Ie0ad3671e3f4b55cd0f14601b6fed9ee2a1cbec0 Signed-off-by: Matus Fabian <matfabia@cisco.com>
2017-07-23Improve L2 Input/Output Feature Infrastructure and UsageJohn Lo1-6/+1
Simplify L2 output feature infra to unify with L2 input feature infra using the newly improved feature bitmap mechanism. Updated all L2 features to use the more efficient infra functions. Change-Id: If8f463826b0af0717129befe92a27ea8cfc40449 Signed-off-by: John Lo <loj@cisco.com>
2017-07-21SNAT: in2out translation as an output feature hairpinning (VPP-913)Matus Fabian4-102/+396
Change-Id: I3790739683c6090ffb2aefb4758bd4275856c09a Signed-off-by: Matus Fabian <matfabia@cisco.com>
2017-07-20acl-plugin: assertion failed at hash_lookup.c:226 when modifying ACLs ↵Andrew Yourtchenko1-0/+11
applied as part of many (VPP-910) change 7385 has added the code which has the first ACE's "prev" entry within the linked list of shadowed ACEs pointing to the last ACE, in order to avoid the frequent linear list traversal. That change was not complete and did not update this "prev" entry whenever the last ACE was deleted. As a result the changes within the applied ACLs which caused the calls to hash_acl_unapply/hash_acl_apply may result in hitting assert which does the sanity check. The solution is to add the missing update logic. Change-Id: I9cbe9a7c68b92fa3a22a8efd11b679667d38f186 Signed-off-by: Andrew Yourtchenko <ayourtch@gmail.com> (cherry picked from commit 45fe7399152f5ca511ba0b03fee3d5a3dffd1897)
2017-07-20SNAT: in2out translation as an output feature (VPP-903)Matus Fabian5-38/+495
in2out translation as an output feature on the outside interface (postrouting) Change-Id: I32c0311be09bdf102b9a0885b8b89c7588cb558f Signed-off-by: Matus Fabian <matfabia@cisco.com>
2017-07-18TCP/UDP checksum offload APIDave Barach3-0/+52
Change-Id: I2cb6ce4e29813f6602b14e6e61713fb381fbcef8 Signed-off-by: Dave Barach <dave@barachs.net>
2017-07-14vnet_buffer_t flags cleanupDamjan Marion3-18/+19
Change-Id: I123eccea98abafeb31f25d2a162501e2eded60d4 Signed-off-by: Damjan Marion <damarion@cisco.com>
2017-07-14Introduce l{2,3,4}_hdr_offset fields in the buffer metadataDamjan Marion1-1/+7
To save space in the first cacheline following is changed: - total_length_not_including_first_buffer moved to the 2nd cacheline. This field is used only when VLIB_BUFFER_TOTAL_LENGTH_VALID and VLIB_BUFFER_NEXT_PRESENT are both set. - free_list_index is now stored in 4bits inside flags, which allows up to 16 free lists. In case we need more we can store index in the 2nd cachelin Change-Id: Ic8521350819391af470d31d3fa1013e67ecb7681 Signed-off-by: Damjan Marion <damarion@cisco.com>
2017-07-14flowprobe: Fixed assert error with less than 1 second passive timerAndrew Li1-2/+2
When passive timer has less than 1 second left, it'll be forcifully changed to 0 when converting from f64 to u64. As a result the assertion will fail at the beginning of the passive timer start fuction. This commit fixed this bug by adding a check of the delta. Change-Id: I899b6e0ab4967dcecc821daf7e812dbbc90969ce Signed-off-by: Andrew Li <zhaoxili@cisco.com>
2017-07-14dpdk: update buildSergio Gonzalez Monroy1-1/+6
Current optional DPDK PMDs are: - AESNI MB PMD (SW crypto) - AESNI GCM PMD (SW crypto) - MLX4 PMD - MLX5 PMD This change will always build DPDK SW crypto PMDs and required SW crypto libraries, while MLX PMDs are still optional and the user has to build required libraries. Now the configure script detects if any of the optional DPDK PMDs were built and link against their required libraries/dependencies. Change-Id: I1560bebd71035d6486483f22da90042ec2ce40a1 Signed-off-by: Sergio Gonzalez Monroy <sergio.gonzalez.monroy@intel.com>
2017-07-13dpdk: fix dpdk_buffer_pool_create nameChris Luke3-3/+6
- vnet_buffer_pool_create should probably be named dpdk_buffer_pool_create since that is what it does. - Its prototype should also be in a DPDK plugin header, not in vlib/buffer_funcs.h, since the implementation is in the plugin and nobody else should be calling it. Change-Id: I7ba259afa4b888bc94f3ad257305e286b41e7370 Signed-off-by: Chris Luke <chrisy@flirble.org>
2017-07-12Deprecate support for flattened output nodesDamjan Marion1-1/+0
Change-Id: Id117e219146d9994340fb38c00233ea67db8929b Signed-off-by: Damjan Marion <damarion@cisco.com>
2017-07-12dpdk: prefetch 2nd cacheline of rte_mbuf during txDamjan Marion1-1/+1
Change-Id: I0db02dd0147dbd47d4296fdb84280d0e7d321f3c Signed-off-by: Damjan Marion <damarion@cisco.com>
2017-07-11memif: avoid double buffer freeDamjan Marion1-1/+0
Change-Id: I902f54618c4e1f649af11497c1cb10922e43755a Signed-off-by: Damjan Marion <damarion@cisco.com>
2017-07-11SNAT: fixed bug in fallback to 3-tuple key for non TCP/UDP sessionsMatus Fabian1-0/+4
Change-Id: I1c4d5f92ec841b1cfe1a33eab4bb94e4001d0411 Signed-off-by: Matus Fabian <matfabia@cisco.com>
2017-07-10vlib: store buffer memory information in the buffer_mainDamjan Marion1-65/+4
Currently, buffer index is calculated as a offset to the physmem region shifted by log2_cacheline size. When DPDK is used we "hack" physmem data with information taken from dpdk mempool. This makes physmem code not usable with DPDK. This change makes buffer memory start and size independent of physmem basically allowing physmem to be used when DPDK plugin is loaded. Change-Id: Ieb399d398f147583b9baab467152a352d58c9c31 Signed-off-by: Damjan Marion <damarion@cisco.com>
2017-07-10memif: mask interrupts on startup if we are in the polling modeDamjan Marion1-0/+8
Change-Id: Ief02eb1109a1bc463665d9747e9fa4e0c0e3d7e0 Signed-off-by: Damjan Marion <damarion@cisco.com>
2017-07-08lldp packet transmission on a bonded interfaceSteve Shin1-3/+3
LLDP packets are dropped at interface output node if each slave's link is configured as the LLDP interface. The admin state is configured and managed by the bonded interface, so slave link's state is down by default. The checking for the admin state UP should be ignored for the slave link. Change-Id: I06ca250f42fcb8cc50e0ea3a3817a2c5b56865df Signed-off-by: Steve Shin <jonshin@cisco.com>
2017-07-07SNAT: Fallback to 3-tuple key for non TCP/UDP sessions (VPP-884)Matus Fabian5-79/+578
Change-Id: I4868ff6e81c579b29d3ea066976ae145f8b83e9e Signed-off-by: Matus Fabian <matfabia@cisco.com>
2017-07-06dpdk: add FiftyGigabitEtherenet interface supportDamjan Marion3-0/+7
Change-Id: Ied8b26179cdf4add34440a9c396cb821716cfb8e Signed-off-by: Damjan Marion <damarion@cisco.com>
2017-07-06unix: mkdir VPP_RUN_DIR before opening a socket in itChris Luke1-9/+5
Change https://gerrit.fd.io/r/#/c/7230/ added a Unix domain CLI socket in the default startup.conf; however unless you had previously run VPP with the DPDK plugin enabled the directory that it is created in. /run/vpp, would not exist and startup would fail. This directory is typically hosted in a tmpfs ramdisk and is thus ephemeral. This patch adds a function that attempts to mkdir VPP_RUN_DIR and uses it in both the DPDK plugin and the CLI code if the CLI socket is to be created in that directory. Change-Id: Ibbf925819099dce2b5eb0fa238b9edca1036d6fd Signed-off-by: Chris Luke <chrisy@flirble.org>
2017-07-06Send GARP/NA on bonded intf slave up/down if in active-backup modeJohn Lo3-8/+85
If a bonded interface is in active-backup mode and configured with IPv4 and/or IPv6 addresses, on slave interface link up/down, send a GARP packet if configured with an IPv4 address and an unsolcited NA if configured with an IPv6 address. These packets can help with faster route convergence in the next hop router/switch. Change-Id: I68ccb11a4a40cda414704fa08ee0171c952befa2 Signed-off-by: John Lo <loj@cisco.com>
2017-07-04acl-plugin: VPP-897: applying of large number of ACEs is slowAndrew Yourtchenko2-20/+45
When applying ACEs, in the new hash-based scheme, for each ACE the lookup in the hash table is done, and either that ACE is added to the end of the existing list if there is a match, or a new list is created if there is no match. Usually ACEs do not overlap, so this operation is fast, however, the fragment-permit entries in case of a large number of ACLs create a huge list which needs to be traversed for every other ACE being added, slowing down the process dramatically. The solution is to add an explicit flag to denote the first element of the chain, and use the "prev" index of that element to point to the tail element. The "next" field of the last element is still ~0 and if we touch that one, we do the linear search to find the first one, but that is a relatively infrequent operation. Change-Id: I352a3becd7854cf39aae65f0950afad7d18a70aa Signed-off-by: Andrew Yourtchenko <ayourtch@gmail.com> (cherry picked from commit 204cf74aed51ca07933df7c606754abb4b26fd82)