| Age | Commit message (Collapse) | Author | Files | Lines |
|---|
|
For the reasons of modularity and security, it is useful
to have various functionality split into processes different from VPP.
However, this approach presents the challenges of managing those processes,
and is markedly different from simply running everything within VPP process.
This plugin is an experiment in having the VPP itself start off a monitor
process which in turn starts the child processes, and restarts them if they
quit.
If the VPP process ceases to exist, the monitor process terminates all
the descendant processes and quits itself.
This allows to preserve the "single entity to manage" approach of
simply running a barebones VPP.
An example of running it:
export DPDK_CONFIG=""
export DISABLED_PLUGINS=dpdk
export EXTRA_VPP_CONFIG="fateshare { monitor ./build-root/install-vpp_debug-native/vpp/bin/vpp_fateshare_monitor command ./test1 }"
make run
Signed-off-by: Andrew Yourtchenko <ayourtch@gmail.com>
Change-Id: I66221fd7403f220d9652fe76958ca499cfd070a7
Type: feature
|
|
fix lb static mapping
"nat44_ed_sm_o2i_add" laddr and lport
Type: fix
Signed-off-by: Wei Li <realbaseball2008@gmail.com>
Change-Id: I249a00919e8154d92cbce03f6db196c13612948f
|
|
lport and eport in Cli "nat44 add load-balancing static mapping" should hton()
Type: fix
Signed-off-by: Wei Li <realbaseball2008@gmail.com>
Change-Id: I2eadb7e341efb70cc406e10b3b189e5ebff09ff4
|
|
Type: fix
Change-Id: I4ab713811626c097c7927228f3819b7785bbb951
Signed-off-by: Benoît Ganne <bganne@cisco.com>
|
|
This is the initial commit of a NPTv6 (RFC6296) implementation for VPP.
It's restricted to a single internal to external binding and runs
as an output/input feature on the egress interface.
Type: feature
Change-Id: I0e3497af97f1ebd99377b84dbf599ecea935ca24
Signed-off-by: Ole Troan <otroan@employees.org>
|
|
This patch addresses coverity issues CID 322716 and CID 322717.
Type: fix
Signed-off-by: Piotr Bronowski <piotrx.bronowski@intel.com>
Change-Id: I59d6f40c1af8e829d8cb3c042a52e144aeaf1e6b
|
|
s/nat44 enable sessions/nat44 plugin enable sessions/
Type: docs
Change-Id: I93dbd161f085bff5b98df50cd29c9bedf5038307
Signed-off-by: Steven Luong <sluong@cisco.com>
|
|
Sw ring is renamed to the cache ring. This name better reflects the
puropse of this ring. We've introduced push/pop functions, as well as
other utility functions which remove code repetition. Error handlig
is improved: previously in case of an error all frame elements were
marked as bad, now only these for which errors occured have the error
status set.
Unnecessary stats counters have been removed.
Type: improvement
Signed-off-by: Piotr Bronowski <piotrx.bronowski@intel.com>
Change-Id: I2fd42a529ac84ce5ad260611d6b35a861d441c79
|
|
Type: feature
this patch adds a new tag "host" to interfaces for cnat-snat
if an interface is tagged pod and host we do not snat traffic outgoing through it
Change-Id: I71f5bfcb85581bb8508ba547374f0603f1079ac6
Signed-off-by: hedi bouattour <hedibouattour2010@gmail.com>
|
|
Add a new native idpf driver. This patch enables the device
initialization. Add some necessary functions and definations
for input and output. A new version of virtchnl is introduced.
Type: feature
Signed-off-by: Ting Xu <ting.xu@intel.com>
Change-Id: Ibbd9cd645e64469f1c4c8b33346c1301be3f6927
|
|
- Package update performed by
1. updating pip, pip-tools, setuptools
2. 'make test-refresh-deps' on ubuntu 22.04
3. fixing 'make test' and 'make docs' issues
on ubuntu 22.04
4. 'make test-refresh-deps' on ubuntu 20.04
- Add dependency for 'make test-refresh-deps'
to insure python venv is set up.
- Update of python formatter, black,
caused reformating of 41 python code
files.
Type: make
Change-Id: I7cafdf4b5189065ac57cb6b254937f6e0897a924
Signed-off-by: Dave Wallace <dwallacelf@gmail.com>
|
|
As per discussion on the VPP call, since they are being
used in CSIT tests and have not seen changes in a while,
mark the messages as production from the change process
standpoint.
Type: improvement
Signed-off-by: Andrew Yourtchenko <ayourtch@gmail.com>
Change-Id: I7fda71edd923b798d034380320a869f7c35cb5a6
|
|
Type: fix
Signed-off-by: Florin Coras <fcoras@cisco.com>
Change-Id: I910c8ce1713c6d346cc5ea4eb58a89c1c30a10a1
|
|
+ Checkstyle demanded indentation edits.
Type: fix
Ticket: VPP-2083
Fixes: 9a9604b09f15691d7c4ddf29afd99a31e7e31eed
Change-Id: Ie2d33d290330247d36435a073675b732bb64ae93
Signed-off-by: Vratko Polak <vrpolak@cisco.com>
|
|
Move from synchronous flushing of io and ctrl events from transports to
applications to an async model via a new session_input input node that
runs in interrupt mode. Events are coalesced per application worker.
On the one hand, this helps by minimizing message queue locking churn.
And on the other, it opens the possibility for further optimizations of
event message generation, obviates need for rx rescheduling rpcs and is
a first step towards a fully async data/io rx path.
Type: improvement
Signed-off-by: Florin Coras <fcoras@cisco.com>
Change-Id: Id6bebcb65fc9feef8aa02ddf1af6d9ba6f6745ce
|
|
Type: improvement
Remove rwlock contention on timestamps. ~10% pps with
10k sessions. Use fixed-size-pools of increasing sizes
starting with 4K, and with a x2 step each time.
We don't free/shrink allocated pools.
Change-Id: I5fea51faba40430106c823275a6356e81709d118
Signed-off-by: Nathan Skrzypczak <nathan.skrzypczak@gmail.com>
|
|
This replace the cnat ip4/ip6 to client
lookups previously done with a regular
hash, by a bihash lookup.
Type: improvement
Do the client lookup in a bihash instead of
a hash.
Change-Id: I730c1893525c002b44ada8e290a36802835e88e9
Signed-off-by: Nathan Skrzypczak <nathan.skrzypczak@gmail.com>
|
|
This adds a flag on the translation
asking the VIP & input-feature nodes
not to create the return session when
translating / load-balancing an incoming
flow. This is needed with maglev & DSR
Type: feature
Change-Id: I699012310ddc59f6ceeeb4878638eac6da5128dc
Signed-off-by: Nathan Skrzypczak <nathan.skrzypczak@gmail.com>
|
|
Type: improvement
Change-Id: I830f7a2ea3ac0aff5185698b9fa7a278c45116b0
Signed-off-by: Benoît Ganne <bganne@cisco.com>
|
|
more generic version of clib_sysfs_link_to_name with support for
format strings...
Type: improvement
Change-Id: I0cb263748970378c661415196eb7e08450370677
Signed-off-by: Damjan Marion <damarion@cisco.com>
|
|
This patch removes zero checks for new_addr, new_port
meaning sessions with zero values will rewrite the packet
with a 0 value instead of leaving it in place. This allows
to reduce branchiness in the code, and sessions are fully
resolved at creation time anyway.
This also adds support for checksum offloads:
- IP checksum offload : we always compute the checksum to
avoid issues with drivers. We'll revert this if we realize
cost gets too important.
- TCP/UDP checksum offload : we add the implementation for
pseudo header checksum computation. This is needed for the
drivers that do not re-compute this pseudo-checksum before
the packet is TX-ed (e.g. a few DPDK drivers).
Type: improvement
Change-Id: I6543f3aec8c120ec50f4219108609138283620ef
Signed-off-by: Nathan Skrzypczak <nathan.skrzypczak@gmail.com>
|
|
Since gre is a plugin, nsh should not use symbol names directly.
Type: fix
Fixes: cefb178aa487a217d4ac75d7d4fa62db4b7d70fd
Change-Id: I1a1c20740aabdaafd69f507cd71016c3109b0205
Signed-off-by: Benoît Ganne <bganne@cisco.com>
|
|
Avoid explicit manipulation of session state and generate closing event
if need be.
Type: fix
Signed-off-by: Florin Coras <fcoras@cisco.com>
Change-Id: I07cda1db08a2673b27b496ea1371b0dfd8e6f98a
|
|
Change-Id: Ieafbed6f2db3dec65e4b43d84a4661f6a1bbe891
Type: improvement
Signed-off-by: Damjan Marion <damarion@cisco.com>
|
|
Type: test
Change-Id: Ib1131eedb8eeaa9adfed9cfc47beeb1c7c8adb5c
Signed-off-by: Filip Tehlar <ftehlar@cisco.com>
|
|
The following issues are fixed:
* in responder code: do lookup again as the old pointer could be
invalidated during the cleanup operation
* in initiar code: do the cleanup of session if there're no child SAs or
if there's no response from the responder during initial request (this
can easily happen if the response packet was lost/dropped/etc)
* print the state of ikev2 profile (for easier tshooting)
Type: fix
Change-Id: I853d9851c0cf131696585e3c98fa97e66789badd
Signed-off-by: Stanislav Zaikin <stanislav.zaikin@46labs.com>
|
|
Type: improvement
Change-Id: Ie0bad9e03ac2e29da23af01ee7f63cb44489ad9c
Signed-off-by: Filip Tehlar <ftehlar@cisco.com>
|
|
clang-16 complains about signed one-bit bitfield value changes
from 1 to -1. Use unsigned type instead.
Type: fix
Signed-off-by: Tianyu Li <tianyu.li@arm.com>
Change-Id: I84f8cf314d36183a5e6f544cd756c01d1d10a1a5
|
|
Type: improvement
Support SO_ORIGINAL_DST socket option to get original dst_ip4 and dst_port if nat44 rule enabled.
Change-Id: If00e00d03e48f3b78a23a68f1b078954d79dd0f7
Signed-off-by: qinyang <qiny@yusur.tech>
|
|
Type: fix
Signed-off-by: Florin Coras <fcoras@cisco.com>
Change-Id: Ieb2d1e6e0949844a70c81b218ca7dc83690776ca
|
|
Before this fix, the src_ip_sticky flag was passed as an argument to
the lb_node_get_hash function, which computes a hash value for a packet.
However, in per-port-vip case, the value of src_ip_sticky flag may be
different for each port number. As a result, the value is the same for
all port numbers, even though it is a per-port-vip case.
This commit fixes the src_ip_sticky evaluation by delaying it until the
packet is received, so that the correct value is obtained. Also, the
unit test case has been enhanced for this bug fix.
The steps to reproduce this bug are described below:
https://lists.fd.io/g/vpp-dev/message/23248
Type: fix
Fixes: 613e6dc0bf92 ("lb: add source ip based sticky load balancing")
Change-Id: I483492b214a1768e7a21fd86edd5151b3c46528b
Signed-off-by: Nobuhiro MIKI <nmiki@yahoo-corp.jp>
|
|
nl_route_add() recently started to use its optional argument to check
whether replace flag is set for the message. When notification messages
are processed, the argument is a pointer to the corresponding message
info. However, when dump replies are processed, the argument is a null
pointer. This leads to null pointer dereference and crash when dump of
routes is processed.
With this fix, check for replace flag only if message info was passed
to nl_route_add(). Otherwise, assume the flag is not set. Dump replies
do not have it set.
Type: fix
Change-Id: Icb04a1146e09cc965b623018c28f91b347be0eab
Signed-off-by: Alexander Chernavin <achernavin@netgate.com>
|
|
Type: improvement
Change-Id: I95023d2e6034b77952e0423d0430b433ea0dab15
Signed-off-by: Damjan Marion <damarion@cisco.com>
|
|
1) Imports ENCAP_MPLS labels from IPv4/IPv6 routes.
Note that this requires libnl 3.6.0 or newer.
In previous patches, the fib_path_ext_t had a path ID of -1.
After a long investigation, it turned out to be caused by route weight
being set to 0. There is a comment explaining more details.
2) Handles MPLS routes.
MPLS routes were wrongly added as IPv4 routes before.
POP and SWAP are now both supported.
All the routes are installed as NON-EOS and EOS routes,
as the Linux kernel does not differentiate.
EOS POP used in PHP uses the next-hop address family
to determine the resulting address family.
This patch is sufficient for P setups.
PE setups with implicit null should also function okay, as long as a
seperate label gets programmed per address family.
PE setups with explicit null will also forward packets,
but punting is a bit odd and needs MPLS input enabled on the LCP host
device.
3) Propagate MPLS input state to LCP Pair and Linux.
Since the Linux kernel uses the MPLS routes itself,
the LCP pair tap needs MPLS enabled to allow host originated packets.
This also syncs the Linux `net.mpls.conf.<host_if>.input` sysctl to
allow punted packets to have MPLS labels, mostly explicit nulls.
In addition, a special feature is enabled to cross connect MPLS packets
coming from Linux directly to interface-output untouched.
Make sure to enable MPLS/add a table in VPP first and load the
MPLS kernel modules!!
Type: feature
Change-Id: Ie4184bb4cc96905bf8b483a27e7ca6d251697374
Signed-off-by: Adrian Pistol <vifino@posteo.net>
Signed-off-by: Pim van Pelt <pim@ipng.nl>
|
|
List of changed messages:
- lcp_itf_pair_add_del
- lcp_itf_pair_add_del_reply
- lcp_itf_pair_add_del_v2
- lcp_itf_pair_add_del_v2_reply
This change is part of VPP API cleanup initiative.
Type: fix
Signed-off-by: Ondrej Fabry <ofabry@cisco.com>
Change-Id: Ic20a852dd1fb27858c8776095f9c98757b89bfe8
|
|
List of changed messages:
- memif_socket_filename_add_del
- memif_socket_filename_add_del_reply
- memif_create
- memif_create_reply
This change is part of VPP API cleanup initiative.
Type: fix
Signed-off-by: Ondrej Fabry <ofabry@cisco.com>
Change-Id: Id334990584b64a0efa3c28a3d8b6b641adab8c09
|
|
This patch introduces sw_ring to the crypto op data path implementation,
so that raw data path and crypto op data path use same mechanism of processing
async frames. Crypto op ring has been removed from the implementation.
Type: improvement
Signed-off-by: Piotr Bronowski <piotrx.bronowski@intel.com>
Change-Id: Id823f80a88cfa0ff40252616a36de8bb044c7f45
|
|
Change-Id: I342de0a375b783725aa2b621c1c70bc8bf646450
Signed-off-by: Mohammed Hawari <mohammed@hawari.fr>
Type: improvement
|
|
Change-Id: I7a988fafe98599e4fcf7cdaa307a69b9d76650f0
Signed-off-by: Mohammed Hawari <mohammed@hawari.fr>
Type: improvement
|
|
When vlib buffer is processed on vnet side its length is corrected by
cipher padding and icv_sz. These changes need to be reflected in
the mbuf internals.
Type: fix
Signed-off-by: Piotr Bronowski <piotrx.bronowski@intel.com>
Change-Id: I0aa03f67f556dfc8f9a577ca1967210527221e02
|
|
List of changed messages:
- af_packet_create
- af_packet_create_reply
- af_packet_create_v2
- af_packet_create_v2_reply
This change is part of VPP API cleanup initiative.
Type: fix
Signed-off-by: Ondrej Fabry <ofabry@cisco.com>
Change-Id: Ia065c3bbc2c7923de64f47417099aea1aa1216b1
|
|
List of changed messages:
- vxlan_add_del_tunnel
- vxlan_add_del_tunnel_v2
- vxlan_add_del_tunnel_reply
- vxlan_add_del_tunnel_v2_reply
- vxlan_tunnel_dump
- vxlan_tunnel_details
This change is part of VPP API cleanup initiative.
Type: fix
Signed-off-by: Ondrej Fabry <ofabry@cisco.com>
Change-Id: I0a7227e76a493731fd136f8e6310ad372fab2494
|
|
Namespace keyword is reverved c++ word, so it's not possible to include
vapi header for af_xdp plugin and use it.
Type: fix
Signed-off-by: Stanislav Zaikin <stanislav.zaikin@46labs.com>
Change-Id: I42a0e0a89ff2c407090d3c18c1bc5a5605ddf032
|
|
Type: fix
Change-Id: I7c6fb783e5200773cbd02c86d39fd241efcc39f9
Signed-off-by: Benoît Ganne <bganne@cisco.com>
|
|
This rework tries to address issues found on SPR QAT, for traffic
reaching max possible throughoutput for single QAT PF packet drops were
observed.
Fix changes enq/deq scheme by utilizing software ring in enq call from
VNET but enq and deq to QAT happens only in deq callback function what
should enable better utlization of hardware resources.
Type: improvement
Signed-off-by: Dastin Wilski <dastin.wilski@gmail.com>
Signed-off-by: Piotr Bronowski <piotrx.bronowski@intel.com>
Change-Id: I2e8c473d20a269fd5e93f0c8d1f8c8aa193712bd
|
|
The af_xdp plugin does not support chained buffers; attempting to send
chain buffers will result truncated packets or even send other packet's
data. As a workaround, turn any buffer chain into a single buffer before
tx.
Type: fix
Change-Id: I05dec912455eb2bb6c8122a28cd646f88983aa9a
Signed-off-by: Shmuel Hazan <shmuel.h@siklu.com>
|
|
This patch introduces sw_ring. This ring is used in next set of patchas
and plays role of a buffer for QAT, allowing collecting frame elements
in case QAT queue is fully utilized, and assembling frame
from QAT dequeued elements.
Type: improvement
Signed-off-by: Piotr Bronowski <piotrx.bronowski@intel.com>
Signed-off-by: Dastin Wilski <dastin.wilski@gmail.com>
Change-Id: I20718e200986ab4dba5cbc31c05a904072a6981a
|
|
Make sure the same frame is not used for multiple interfaces, otherwise it breaks the ETH_INPUT_FRAME_F_SINGLE_SW_IF_IDX promise.
Type: fix
Signed-off-by: Artem Glazychev <artem.glazychev@xored.com>
Change-Id: I02546259ceaea36f65cb9f78b9b3ee45ed4075c9
|
|
AF_XDP socket will only tx enqueued packets up to a max batch size so
we need to retry until everything has been sent.
Type: fix
Change-Id: Ia487ab63d3e85a478471cd1d679c5fb471804ba3
Signed-off-by: Benoît Ganne <bganne@cisco.com>
|
|
The async frames pool may be resized once drained. This will cause 2 problems: original pool pointer is invalidated and pool size changed, both problems will confuse the crypto infra user graph nodes (like IPsec and Wireguard) and crypto engines if they expect the pool pointers always valid and the pool size never changed (for performance reason).
This patch introduces fixed size of the async frames pool. This helps zeroing surprise to the components shown above and avoiding segmentation fault when pool resizing happened. In addition, the crypto engine may take advantage of the feature to sync its own pool/vector with crypto infra.
Type: improvement
Signed-off-by: Gabriel Oginski <gabrielx.oginski@intel.com>
Signed-off-by: Piotr Bronowski <piotrx.bronowski@intel.com>
Change-Id: I2a71783b90149fa376848b9c4f84ce8c6c034bef
|
Andrew Yourtchenko
Wei Li
Benoît Ganne
Ole Troan
Piotr Bronowski
Steven Luong
HediBouattour
Ting Xu
Dave Wallace
Florin Coras
Vratko Polak
Nathan Skrzypczak
Damjan Marion
Filip Tehlar
Denys Haryachyy
Tianyu Li
qinyang
Nobuhiro MIKI
Alexander Chernavin
Adrian Pistol
Ondrej Fabry
Mohammed Hawari
Stanislav Zaikin
Shmuel Hazan
Artem Glazychev
gaoginskx