summaryrefslogtreecommitdiffstats
path: root/src/plugins
AgeCommit message (Collapse)AuthorFilesLines
2018-06-15NAT44: endpoint dependent mode (VPP-1273)Matus Fabian7-1453/+3450
To enable NAT plugin endpoint dependent mode add following to statrup config: nat { endpoint-dependent } Enable endpoint dependent filtering and mapping for all sessions. Move some existing functionality such as service load balancing, twice nat, out2in-only static mappings and unknown protocol dynamic translations, which use endpoint dependent lookup hash tables before. Basically split to vanilla NAT44 and extra features NAT44. Change-Id: I3925eb5ddcc8f1ec4cf6af4e2a618a7ec7aa9735 Signed-off-by: Matus Fabian <matfabia@cisco.com>
2018-06-15TLS async supportPing Yu4-23/+739
Change-Id: I26194e00dfb85e5cd1c65ff4e6ffd665be2d719b Signed-off-by: Ping Yu <ping.yu@intel.com>
2018-06-14acl-plugin: VAT: add an option to load entire ACL from a ClassBench ruleset ↵Andrew Yourtchenko1-0/+190
file for testing Add a command "acl_add_replace_from_file" to VAT which can load a ruleset and add an ACL with it. There are a few options which augment the ACL being created: "permit+reflect" or "permit" alter the default action from deny on the ACEs created. "append-default-permit" adds an entry in the end with the "permit+reflect" if the default action has been changed to permit+reflect, or with a simple permit otherwise. This command is IPv4-only because the available datasets were IPv4-only. Change-Id: I26b9f33ecb6b59e051d1d9cbafedbc47e8203392 Signed-off-by: Andrew Yourtchenko <ayourtch@gmail.com>
2018-06-14acl-plugin: use 16_8 bihash for IPv4 sessions and 40_8 bihash for IPv6 sessionsAndrew Yourtchenko7-84/+165
Add a new kv_16_8 field into 5tuple union, rename the existing kv into kv_40_8 for clarity, and add the compile-time alignment constraints. Change-Id: I9bfca91f34850a5c89cba590fbfe9b865e63ef94 Signed-off-by: Andrew Yourtchenko <ayourtch@gmail.com>
2018-06-13acl-plugin: change the src/dst L3 info in 5tuple struct to be always ↵Andrew Yourtchenko6-97/+156
contiguous with L4 data Using ip46_address_t was convenient from operational point of view but created some difficulties dealing with IPv4 addresses - the extra 3x of u32 padding are costly, and the "holes" mean we can not use the smaller key-value data structures for the lookup. This commit changes the 5tuple layout for the IPv4 case, such that the src/dst addresses directly precede the L4 information. That will allow to treat the same data within 40x8 key-value structure as a 16x8 key-value structure starting with 24 byte offset. Change-Id: Ifea8d266ca0b9c931d44440bf6dc62446c1a83ec Signed-off-by: Andrew Yourtchenko <ayourtch@gmail.com>
2018-06-13Fix clang compilation on aarch64: extraneous parenthesesSirshak Das1-6/+16
Fixes clang error: equality comparison with extraneous parentheses Changing all the #defines to inlines. Change-Id: I30a931679ac3325b23b249b1ae28c7c8cf54b012 Signed-off-by: Sirshak Das<sirshak.das@arm.com>
2018-06-13vxlan:offload RX floweyal bari1-1/+1
ip4 vxlan cli/api (using flow infra) to create flows and enable them on different hardware (currently tested with i40e) to offload a vxlan tunnel onto hw: set flow-offload vxlan hw TwentyFiveGigabitEthernet3/0/0 rx vxlan_tunnel1 to remove offload: set flow-offload vxlan hw TwentyFiveGigabitEthernet3/0/0 rx vxlan_tunnel1 del TODO:ipv6 handling Change-Id: I70e61f792ef8e3f007d03d7df70e97ea4725b101 Signed-off-by: Eyal Bari <ebari@cisco.com>
2018-06-12avf: fix crash if device is busyJakub Grajciar1-1/+8
Change-Id: I170d78c8e5f7e16a264c9f226a09693109aece5e Signed-off-by: Jakub Grajciar <jgrajcia@cisco.com>
2018-06-12MTU assigning to itself (Coverity)Ole Troan1-4/+0
Change-Id: Iee8de25ab3c68ae3698c79852195dc336050914c Signed-off-by: Ole Troan <ot@cisco.com>
2018-06-11MTU: Software interface / Per-protocol MTU supportOle Troan1-10/+5
This patch separates setting of hardware interfaec and software interface MTU. Software MTU is L2 payload MTU (i.e. not including L2 header). Per-protocol MTU for IPv4, IPv6 and MPLS can also be set. Currently only IP4, IP6 are enabled in adjacency / rewrite code. Documentation in src/vnet/MTU.md Change-Id: Iee2fd6f0bbc8210748dd8e073ab9fab87d323690 Signed-off-by: Ole Troan <ot@cisco.com>
2018-06-11Fix multiple NAT translation with interface address as externalAlexander Chernavin1-4/+4
Change-Id: Idd65c6d0489bf83984a2c34d22d3f94000fc7018 Signed-off-by: Alexander Chernavin <achernavin@netgate.com>
2018-06-10IGMP: use simple u32 bit hash keyNeale Ranns3-18/+15
some IGMP hashse use only a u32 key, which is not stored in the object, so don't use memory based hash Change-Id: Iaa4eddf568ea0164bc2a812da4cc502f1811b93c Signed-off-by: Neale Ranns <nranns@cisco.com>
2018-06-09avf: properly cofigure RSS LUTDamjan Marion2-13/+40
Change-Id: I85cfab692ae0a72277ae561cdba7dcbc1f60aca3 Signed-off-by: Damjan Marion <damarion@cisco.com>
2018-06-09avf: add support for intel X722 NICsDamjan Marion1-0/+1
Change-Id: I3e07070eed4948e813ad1490963c7f8ef7f4262e Signed-off-by: Damjan Marion <damarion@cisco.com>
2018-06-08Add reaper functions to want events APIs (VPP-1304)Neale Ranns2-32/+43
Change-Id: Iaeb52d94cb6da63ee93af7c1cf2dade6046cba1d Signed-off-by: Neale Ranns <nranns@cisco.com>
2018-06-08LB: reply message id and table length are wrong.Hongjun Ni1-2/+2
Change-Id: Iea2c661cb3e0728bb2d10b06791ed84fed00f6a7 Signed-off-by: Hongjun Ni <hongjun.ni@intel.com>
2018-06-07dpdk: fix interface naming issueDamjan Marion1-2/+9
... introduced with dpdk 18.05 support patch Change-Id: Idf2283888f81d7652599651c0d65476e451f9343 Signed-off-by: Damjan Marion <damarion@cisco.com>
2018-06-07dpdk: failsafe PMD initialization codeRui Cai2-1/+26
Added code to initialize failsafe PMD This is part of initial effort to enable vpp running over dpdk on failsafe PMD in Microsoft Azure(4/4). Change-Id: Ia2469c7087ca4b5c7881dfb11ec5c4fcebaa1d04 Signed-off-by: Rui Cai <rucai@microsoft.com>
2018-06-07Add support for DPDK 18.05Damjan Marion5-44/+119
Change-Id: I205932bc727c990011bbbe1dc6c0cf5349d19806 Signed-off-by: Damjan Marion <damarion@cisco.com>
2018-06-05bond: send gratuitous arp when the active slave went down in active-backup modeSteven2-9/+4
- Modify the API send_ip6_na and send_ip4_garp to take sw_if_index instead of vnet_hw_interface_t and add call to build_ethernet_rewrite to support subinterface/vlan - Add code to bonding driver to send an event to bond_process when the first interface becomes active or when the active interface is down - Create a bond_process to walk the interface and the corresponding subinterfaces to send garp/ip6_na when an event is received. - Minor cleanup in bonding/node.c Note: dpdk bonding driver does not send garp/ip6_na for subinterfaces. There is no attempt to fix it here. But the infra is now done and should be easy to add the support. Change-Id: If3ecc4cd0fb3051330f7fa11ca0dab3e18557ce1 Signed-off-by: Steven <sluong@cisco.com>
2018-06-05lb api: correct byte order of new_flows_table_length argumentAndrey "Zed" Zaikin1-1/+1
Change-Id: I3ac348a8cb1a515dfe1839eaa084c87719d282e1 Signed-off-by: Andrey "Zed" Zaikin <zed.0xff@gmail.com>
2018-06-04Configure or deduce CLIB_LOG2_CACHE_LINE_BYTES (VPP-1064)Dave Barach1-0/+2
Added configure argument "--with-log2-cache-line-bytes=5|6|7|auto" AKA 32, 64, or 128 bytes, or use the inferred value from the build host. produces build-xxx/vpp/vppinfra/config.h, which .../src/vppinfra/cache.h Kernels which implement the following pseudo-file (aka x86_64) are easy: /sys/devices/system/cpu/cpu0/cache/index0/coherency_line_size Otherwise, extract the cpuid from /proc/cpuinfo and map it to the cache line size. Change-Id: I7ff861e042faf82c3901fa1db98864fbdea95b74 Signed-off-by: Dave Barach <dave@barachs.net> Signed-off-by: Nitin Saxena <nitin.saxena@cavium.com>
2018-06-03dpdk: buffer free optimizationsDamjan Marion1-76/+61
~5 clocks/packet improvement... Change-Id: I1a78fa24dcd1b3ab7f45e10b9ded50f79517114a Signed-off-by: Damjan Marion <damarion@cisco.com>
2018-06-03dpdk: improve buffer alloc perfomanceDamjan Marion1-70/+56
This is ~50% improvement in buffer alloc performance. For a 256 buffer allocation, it was ~10 clocks/buffer, now is < 5 clocks. Change-Id: I97590e240a79a42bcab5eb26587fc2d11e6eb163 Signed-off-by: Damjan Marion <damarion@cisco.com>
2018-06-02AVF input node reworkDamjan Marion2-203/+334
Change-Id: Ib121b24935d5c706cfba6e4b6d321086a38cad91 Signed-off-by: Damjan Marion <damarion@cisco.com>
2018-06-02acl-plugin: multicore: session management fixesAndrew Yourtchenko6-151/+332
- implement a 1us purgatory for the session structures by adding a special connection list, where all connections about to be deleted go. - add per-list-head timeouts updated upon the list enqueue/dequeue for connection idle management - add a "unused" session list with list ID#0, which should never be used unless there is a logic error. Use this ID to initialize the sessions. - improve the maintainability of the session linked list structures by using symbolic bogus index name instead of ~0 - change the ordering of session creations - first reverse, then local. To minimize the potential for two workers competing for the same session in the corner case of the two packets on different workers creating the same logical session - reduce the maximum session count to keep the memory usage the same - add extra log/debug/trace to session cleaning logic - be more aggressive with cleaning up sessions - wind up the interrupts from the workers to themselves if there is more work to do Change-Id: I3aa1c91a925a08e83793467cb15bda178c21e426 Signed-off-by: Andrew Yourtchenko <ayourtch@gmail.com>
2018-05-31dpdk: Decoupling the meaning of xd->device_index in dpdk_pluginRui Cai9-81/+99
Prior to the change, dpdk plugin assumes xd->device_index is used both as index for internal dpdk_main->devices array and DPDK port index to call into DPDK APIs. However, when running on top of Failsafe PMDs, DPDK port index range may no longer be contiguous (as noted: http://dpdk.org/ml/archives/dev/2018-March/092375.html for related changes in DPDK). Because this, dpdk plugin can no longer iterate through all available DPDK ports with a for 0->rte_eth_dev_count() loop and the assumption of device_index no longer holds. This is part of initial effort to enable vpp running over dpdk on failsafe PMD in Microsoft Azure(3/4). Change-Id: I416fd80f2d40e12e139f8f3492814da98343eae7 Signed-off-by: Rui Cai <rucai@microsoft.com>
2018-05-31Fix TLS issue to load certification and keyPing Yu1-0/+2
Change-Id: If1ef2d4bc6f90a4d4b6a345c63723117834c6504 Signed-off-by: Ping Yu <ping.yu@intel.com>
2018-05-30vppinfra: explicitely state for signed types that they are signedDamjan Marion6-10/+10
This fixes some compilation warnings with clang on AArch64. Change-Id: Idb941944e3f199f483c80e143a9e5163a031c4aa Signed-off-by: Damjan Marion <damarion@cisco.com>
2018-05-30dpdk: rename port_id to *_instance_numDamjan Marion4-9/+10
port_id be used for dpdk port_id Change-Id: Ia7d8cdc5dec2ad658c11f9c0f3ef8005a470ac3c Signed-off-by: Damjan Marion <damarion@cisco.com>
2018-05-29Revert "dpdk: set dmamap iova address value according to eal_iova_mode"Damjan Marion1-4/+1
This breaks VFIO operation. This reverts commit d3b3baa4f8e9e4d95264aff16fe85434ef8061bd. Change-Id: I2482e0da2d1ebfc365d13668c4b992b040f561b4 Signed-off-by: Damjan Marion <damarion@cisco.com>
2018-05-29Add VLIB_NODE_FN() macro to simplify multiversioning of node functionsDamjan Marion12-202/+63
Change-Id: Ibab5e27277f618ceb2d543b9d6a1a5f191e7d1db Signed-off-by: Damjan Marion <damarion@cisco.com>
2018-05-29dpdk: Add PMD type for Cavium LiquidIO II CN23XXchuhong yao3-1/+13
1、Adding PMD type for support Cavium LiquidIO II CN23XX NIC; 2、Our company is using VPP + DPDK +Cavium LiquidIO II CN23XX NIC, Unfortunately, the latest VPP code does not support Cavium LiquidIO II CN23XX pci. So I increased the PMD type to support LiquidIO NIC, and can run normally, we most subsequent projects are based on VPP + DPDK + Cavium LiquidIO II CN23XX NIC model, so I hope VPP team can adopt this requirement, thanks a lot. Change-Id: I604ae444d69b37c2e26962bfe4ccdfe983b75041 Signed-off-by: chuhong yao <ych@panath.cn>
2018-05-29dpdk: mempool priv intialization must be done before releasing buffers to poolSachin Saxena1-8/+7
- Currently mempool priv size is getting initialized after releasing buffers to pool. This is causing mismatch in expected & real metadata size value and buffers are getting released with wrong offset. (when metadata offset is in use for a given platform) - Since private data size is 0 initially, metadata size don't include space for VLIB_BUFFER_HDR. Change-Id: I780c4d518104631a3dcf192185bacf58b3598e65 Signed-off-by: Sachin Saxena <sachin.saxena@nxp.com>
2018-05-28NAT44: code cleanup and refactor (VPP-1285)Matus Fabian17-463/+631
Change-Id: I088163f10ae5515d7a9115781cc13ef563fafed5 Signed-off-by: Matus Fabian <matfabia@cisco.com>
2018-05-28add missing lb_put_writer_lock() to lb_vip_add() invalid args casesAndrey "Zed" Zaikin1-2/+7
Change-Id: I9343672c5765a5a4cb56c99fa5de176ddcac62c7 Signed-off-by: Andrey "Zed" Zaikin <zed.0xff@gmail.com>
2018-05-28acl-plugin: move to per-frame buffer pointer calculations and enqueue to ↵Andrew Yourtchenko1-208/+191
next nodes Use the new frame-at-once functions vlib_get_buffers() and vlib_buffer_enqueue_to_next() to calculate the buffer pointers and to dispatch the packets after the processing. This simplifies the dataplane node processing loop. Change-Id: I454308f847aac76a199f8dd7490c1e176414bde7 Signed-off-by: Andrew Yourtchenko <ayourtch@gmail.com>
2018-05-28dpdk: set dmamap iova address value according to eal_iova_modeSachin Saxena1-1/+4
- Fix the issue where eal iova mode is Virtual Address (RTE_IOVA_VA) but setting DMA iova address to Physical address value always. Change-Id: Ib1e9c1596d95885c7eff11723338121627203e61 Signed-off-by: Sachin Saxena <sachin.saxena@nxp.com>
2018-05-27acl-plugin: use clib_bihash_search_inline_2_40_8 rather than ↵Andrew Yourtchenko2-5/+3
clib_bihash_search_40_8 for session lookups Use inline version rather than calling the function, this gives slightly better performance. The straighforward diff uncovered an interesting problem: the stateful ACL IPv4 unit tests would fail for the "make test" but succeed in "make test-debug". Also, they would succeed even in "make test", if before calling the clib_bihash_search_inline_2_40_8 we would change the code to store the key in a temporary variable. Debugging revealed that the generated optimized code is not what one would expect: the zeroing of the u64s overlaying the memcpy into ipv4 value of ip46_address_t made the optimizer not notice the latter, and think that those fields should be always zero in the bihash, thus generating incorrect assembly for the bihash key comparison for the ipv4 nodes. Changing the zeroing to be non-overlapping by zeroing only the pad fields resulted in the optimizer generating the correct code and the tests pass. Change-Id: Ib0f55cef2b5fe70c931d17ca4dc32a5755d160cd Signed-off-by: Andrew Yourtchenko <ayourtch@gmail.com>
2018-05-27VPP-1294: add missing feature arc constraintDave Barach1-1/+2
the ip4-dhcp-client-detect feature MUST run prior to nat44-out2in, or inbound dhcp broadcast packets will be dropped. Certain dhcp servers answer lease renewal dhcp-request packets with broadcast dhcp-acks, leading to unrecoverable lease loss. In detail, this constraint: VNET_FEATURE_INIT (ip4_snat_out2in, static) = { .arc_name = "ip4-unicast", .node_name = "nat44-out2in", .runs_after = VNET_FEATURES ("acl-plugin-in-ip4-fa"), }; doesn't get the job done: ip4-unicast: [17] nat44-out2in [23] ip4-dhcp-client-detect [26] ip4-not-enabled Add a proper constraint: VNET_FEATURE_INIT (ip4_snat_out2in, static) = { .arc_name = "ip4-unicast", .node_name = "nat44-out2in", .runs_after = VNET_FEATURES ("acl-plugin-in-ip4-fa", "ip4-dhcp-client-detect"), }; and the interface feature order is OK, at least in this regard: ip4-unicast: [17] ip4-dhcp-client-detect [18] nat44-out2in [26] ip4-not-enabled We need to carefully audit (especially) the ip4-unicast feature arc, which has [gasp] 37 features on it! Change-Id: I5e749ead7ab2a25d80839a331de6261e112977ad Signed-off-by: Dave Barach <dave@barachs.net>
2018-05-26dpdk: enable RX for no-multi-segZhiyong Yang1-0/+5
The option no-multi-seg doesn't take effect for RX since MTU which is too large is passed to DPDK lib, Which causes PMDs are running XXX_scattered_rx function. The patch fixes the issue. Change-Id: I91a6fb23fd118e872c8a52a6c35c36a86cb2c02b Signed-off-by: Zhiyong Yang <zhiyong.yang@intel.com>
2018-05-26acl-plugin: create forward and return sessions in lieu of making a special ↵Andrew Yourtchenko5-121/+156
per-packet session key Using a separate session key has proven to be tricky for the following reasons: - it's a lot of storage to have what looks to be nearly identical to 5tuple, just maybe with some fields swapped - shuffling the fields from 5tuple adds to memory pressure - the fact that the fields do not coincide with the packet memory means for any staged processing we need to use up a lot of memory Thus, just add two entries into the bihash table pointing to the same session entry, so we could match the packets from either direction. With this we have the key layout of L3 info (which takes up the majority of space for IPv6 case) the same as in the packet, thus, opening up the possibility for other optimizations. Not having to create and store a separate session key should also give us a small performance win in itself. Also, add the routine to show the session bihash in a better way than a bunch of numbers. Alas, the memory usage in the bihash obviously doubles. Change-Id: I8fd2ed4714ad7fc447c4fa224d209bc0b736b371 Signed-off-by: Andrew Yourtchenko <ayourtch@gmail.com>
2018-05-25Add interface rx pcap tracingDave Barach4-66/+154
Should cost at most 1 clock per frame when not enabled. Add "pcap rx trace..." debug CLI, refactored "pcap tx trace" debug CLI to avoid duplicating code. Change-Id: I19ac75d1cf94a6a24c98facbf0753381d37963ea Signed-off-by: Dave Barach <dbarach@cisco.com>
2018-05-25memif: Add support for loggingJakub Grajciar3-56/+90
Change-Id: I0fe60a639c7589dc842d85db092c81c1a7441cb7 Signed-off-by: Jakub Grajciar <jgrajcia@cisco.com>
2018-05-25bond: performance harvestingSteven2-28/+8
- hash is great. But it is a bit too slow for the DP. Use direct array indexing to quickly retrieve the slave interface. - the algorithm used by flow hash is great. But it is a bit too slow for the DP. Use l2_hash_hash() extracted from lb_hash.h which ECMP is using. It makes use of intrinsic crc32 instruction set. - shortcut modulo arithmetic when the operand is 2**x (where x up to 4) to avoid division instruction. - special case for link count == 1 in bond_tx_fn() - use clib_mem_unaligned to access data for the packet to avoid alignment error - Fix some typos for packet tracing. Change-Id: I8eae3ad497061c5473aa675ba894ee0211120d25 Signed-off-by: Steven <sluong@cisco.com>
2018-05-23VPP-1283: IPv4 PMTU missing MTU value in ICMP4 message.Ole Troan1-1/+1
Change-Id: I7a4133c59ff45b0744b48e246a049d9f015026fc Signed-off-by: Ole Troan <ot@cisco.com>
2018-05-23dpdk:flow add vxlan flow supportEyal Bari1-12/+77
Change-Id: Ic9f98c022e32715af395c9ed618589434eb0e526 Signed-off-by: Eyal Bari <ebari@cisco.com>
2018-05-22avf plugin: add support for loggingJakub Grajciar2-5/+14
Change-Id: Ic8c5b527395fc99f1e1a72e51f8d41c9b4f415df Signed-off-by: Jakub Grajciar <jgrajcia@cisco.com>
2018-05-22acl-plugin: refactor to introduce multiarch dataplane functionsAndrew Yourtchenko6-1615/+2036
This commit splits the functions from fa_node.c into the pure dataplane node functions (which are multiarch-compiled), session management node functions (which are compiled only once), and session find/add/delete functions which are split out into the inlines. As part of the refactoring: - get rid of BV() macros in the affected chunk of code, rather use the explicit bihash function names. - add the magic trailer to the new files to ensure make checkstyle watches them. - move the bihash_template.c include for 40_8 bihash into acl.c Change-Id: I4d781e9ec4307ea84e92af93c09470ea2bd0c375 Signed-off-by: Andrew Yourtchenko <ayourtch@gmail.com>
2018-05-22CSIT-928 dpdk/ipsec: performance improvementRadu Nicolau3-112/+114
Replace hash with a vector to improve performance. Plus other minor performance improvements. Change-Id: I3f0ebd909782ce3727f6360ce5ff5ddd131f8574 Signed-off-by: Radu Nicolau <radu.nicolau@intel.com>