summaryrefslogtreecommitdiffstats
path: root/src/plugins
AgeCommit message (Collapse)AuthorFilesLines
2018-07-12IGMP: validate the packets length in the DPNeale Ranns3-25/+55
thanks to coverity... validate that the length of the packet on wire matches the size of the header based on the number of groups and sources. drop those that don't match. Change-Id: Iab3f3a835f6a43d9c73c5d502ea5ceccdd6985b0 Signed-off-by: Neale Ranns <nranns@cisco.com>
2018-07-11avoid using thread local storage for thread indexDamjan Marion21-40/+40
It is cheaper to get thread index from vlib_main_t if available... Change-Id: I4582e160d06d9d7fccdc54271912f0635da79b50 Signed-off-by: Damjan Marion <damarion@cisco.com>
2018-07-11memif: fix max number of ringsDamjan Marion2-4/+4
Change-Id: Ie7621a38a44e7c692e23e58c43d27d8d2aab43e6 Signed-off-by: Damjan Marion <damarion@cisco.com>
2018-07-11avf: descriptor should be volatileDamjan Marion4-40/+60
Change-Id: I2cb4cf2167b6e958d2e57b461848a4a189e3fda0 Signed-off-by: Damjan Marion <damarion@cisco.com>
2018-07-11srv6-as: Adding rewrite countersFrancois Clad3-21/+72
Change-Id: I57f1db6fabfdb8ddfba514ad754707b24d47c962 Signed-off-by: Francois Clad <fclad@cisco.com>
2018-07-11VPP-1338: fix coverity warning in mactime pluginDave Barach1-1/+3
Add missing VALIDATE_SW_IF_INDEX macro / check. Net of this fix, a spurious warning will probably recur. Coverity will complain that sw_if_index is tainted. Please dismiss the warning. Change-Id: Iec31ce1d86f742e197e63b0c5d474cd5e496ee5f Signed-off-by: Dave Barach <dave@barachs.net>
2018-07-10IGMP: coverity found defectsNeale Ranns3-4/+10
Change-Id: Id6aba75c30712e9a0ac7b3075bd6cfc49d6bec36 Signed-off-by: Neale Ranns <nranns@cisco.com>
2018-07-10NAT44: multiple outside FIB tables (VPP-1314)Matus Fabian4-41/+178
Change-Id: I56eb15f8fd2d3049845287dc3df7870582764f8b Signed-off-by: Matus Fabian <matfabia@cisco.com>
2018-07-10Remove unused variablesIgor Mikhailov (imichail)1-4/+0
Change-Id: If4da80c7eefe55905594eaaba0946d75f0892da5 Signed-off-by: Igor Mikhailov (imichail) <imichail@cisco.com>
2018-07-10Do not translate packets destined for NAT64 inside interface (VPP-1331)Juraj Sloboda1-0/+29
Change-Id: Ieb8020f57ed5ad20daf552cd62ae3fdd8c573926 Signed-off-by: Juraj Sloboda <jsloboda@cisco.com>
2018-07-10pp2: increase recycle batch sizeBrian Brooks1-1/+3
Increase batch size when recycling buffers. This increases Mpps by 7%. Change-Id: I2a460611d9c36e9bf087b076fc4e187acf61108f Signed-off-by: Brian Brooks <brian.brooks@arm.com>
2018-07-10pp2: use configured RX queue sizeBrian Brooks1-1/+1
Change-Id: I5e5b2dd4f4bc3e257824015c723228ac5128d6a0 Signed-off-by: Brian Brooks <brian.brooks@arm.com>
2018-07-09IGMP improvementsNeale Ranns28-1736/+3770
- Enable/Disable an interface for IGMP - improve logging - refactor common code - no orphaned timers - IGMP state changes in main thread only - Large groups split over multiple state-change reports - SSM range configuration API. - more tests Change-Id: If5674f1044e7e97274a711f47807c9ba689d7b9a Signed-off-by: Neale Ranns <nranns@cisco.com>
2018-06-29memif: minor fixesDamjan Marion2-9/+9
Change-Id: Ib06d9ce0fad48b784fd47db13c7a2f353c845fca Signed-off-by: Damjan Marion <damarion@cisco.com>
2018-06-29igmp: bugfix and minor improvementsJakub Grajciar5-76/+60
Change-Id: I8d284117a668dc55c06a6d68fe358a3d7e26c738 Signed-off-by: Jakub Grajciar <jgrajcia@cisco.com>
2018-06-27acl: fix for loop initial declarationFlorin Coras1-1/+2
Change-Id: Ie899ccbaae4df7cce4ebbba47ed6c3cce5269bdb Signed-off-by: Florin Coras <fcoras@cisco.com>
2018-06-27avf: binary API and configurable RX/TX queue sizeJakub Grajciar10-13/+580
Change-Id: Ibd3a8d28d8f1df2bc14c42e48498f6ac26081192 Signed-off-by: Jakub Grajciar <jgrajcia@cisco.com>
2018-06-27gcc8 and Wstringop-truncationMarco Varlese1-1/+1
gcc8 introduced a new warning (Wstringop-truncation) which in our case is being treated as error. Disabling the warning globally might introduce bugs related to string truncation which are not desired by the developer (e.g. bug). Instead, this patch disables the warning only for those occurences which have been verified to be non-bugs but the desired behaviour as per developer will. Change-Id: I0f04ff6b4fad44061e80a65af633fd7e0148a0c5 Signed-off-by: Marco Varlese <marco.varlese@suse.com>
2018-06-27acl-plugin: tm: avoid hash calculation dependency on a memory store operationAndrew Yourtchenko1-1/+9
A small store into a middle of a larger structure that was subsequently loaded for calculating the bihash key was noticeably impacting the performance. Change-Id: If7f33e1b66e8b438ba7cc91abc0ca749850c6e45 Signed-off-by: Andrew Yourtchenko <ayourtch@gmail.com>
2018-06-27acl-plugin: tm: add tuplemerge algorithm for relaxing the hashtable masksAndrew Yourtchenko3-5/+625
Slightly refactored from the initial implementation of the TupleMerge [1] algorithm by Valerio Bruschi (valerio.bruschi@telecom-paristech.fr) [1] James Daly, Eric Torng "TupleMerge: Building Online Packet Classifiers by Omitting Bits", In Proc. IEEE ICCCN 2017, pp. 1-10 Also add startup parameters to turn on/off the algorithm ("use tuple merge 1/0"), and a startup parameter to be able to tweak the split threshold ("tuple merge split threshold N"), the default value of the split threshold is 39 as per paper, but some more tuning might be necessary to find the best value. This change, alongside with the optimizations which avoid extra lookups, significantly reduces the slowdown on the ClassBench generated ACLs, which are supposed to resemble realistic ACLs seen in use in the field. Change-Id: I9713e4673970e9a62d4d9e9718365293375fab7b Signed-off-by: Andrew Yourtchenko <ayourtch@gmail.com>
2018-06-26dpdk: display rx/tx burst function name in "show hardware detail"Damjan Marion1-0/+20
Change-Id: I6fa4c6bf9c4e96ba4502a06907bdecc654ace665 Signed-off-by: Damjan Marion <damarion@cisco.com>
2018-06-26NAT44: fix nat44_ed_not_translate_output_feature (VPP-1329)Matus Fabian1-0/+5
Change-Id: Iddb0b848c53da03116524e203c7112c82b401ac5 Signed-off-by: Matus Fabian <matfabia@cisco.com>
2018-06-26L3DSR fix ip checksum issue and add testHongjun Ni1-9/+12
Change-Id: Iedebbac71d3e694b915d6a126c80ecc3b5473a4a Signed-off-by: Hongjun Ni <hongjun.ni@intel.com>
2018-06-26acl-plugin: tm: optimize multi-lookups and prepare to add tuplemergeAndrew Yourtchenko6-252/+456
- instantiate the per-use mask type entry for a given hash ACE this prepares to adding tuplemerge where the applied ACE may have a different mask type due to relaxing of the tuples - store the vector of the colliding rules for linear lookups rather than traversing the linked list. - store the lowest rule index for a given mask type inside the structure. This allows to skip looking up at the later mask types if we already matched an entry that is in front of the very first entry in the new candidate mask type, thus saving a worthless hash table lookup. - use a vector of mask type indices rather than bitmap, in the sorted order (by construction) of ascending lowest rule index - this allows to terminate the lookups early. - adapt the debug cli outputs accordingly to show the data - propagate the is_ip6 into the inner calls Change-Id: I7a67b271e66785c6eab738b632b432d5886a0a8a Signed-off-by: Andrew Yourtchenko <ayourtch@gmail.com>
2018-06-25dpdk: Enhancement to call crypto start api at initializationSachin Saxena1-0/+4
- Some crypto devices rely on rte_cryptodev_start() API to be called by application to enable a pre-configured H/W Crypto device. - NXP dpaa2 is one of the example. Change-Id: I2ad8ca0060604fb4e0541161e91bdebc6642f4da Signed-off-by: Sachin Saxena <sachin.saxena@nxp.com>
2018-06-25acl-plugin: remove the noisy debug outputAndrew Yourtchenko1-1/+1
Change-Id: I6a3cfcb24f5027ec0f2cd2ec21ea47a01fef331b Signed-off-by: Andrew Yourtchenko <ayourtch@gmail.com>
2018-06-25MAP: Move MAP-E/T to a plugin.Ole Troan21-0/+9135
Only remaining traces of MAP in the src/vnet is now in buffer.h. Awaiting a new buffer opaque API (hint, hint). Change-Id: Ie165561484731f1d7ed6e0f604b43624e06db3f0 Signed-off-by: Ole Troan <ot@cisco.com>
2018-06-23Tx feature node, for accounting purposesDave Barach3-136/+204
Switch to combined allow/drop counters Show matching ip4 neighbor address if known Add static-allow mactime entries for unknown mac addresses Add the "clear mactime" command Change-Id: Ib963981438dfb8a123df1b3c023bd5fcc27f888f Signed-off-by: Dave Barach <dbarach@cisco.com>
2018-06-21VPP-1042: Fix the DPDK no-hugetbl flagsJessica Tallon1-5/+8
Change-Id: I7c611d3fa7fabe82294fc22a61d5a3927a2da39d Signed-off-by: Jessica Tallon <tsyesika@igalia.com>
2018-06-21configurable per-dispatch-cycle sleepDave Barach3-27/+0
Workaround for lack of driver interrupt support. Also quite handy for home gateway, laptop/vagrant, other use-cases not requiring maximum vectors/second for proper operation. Change-Id: Ifc4b98112450664beef67b89ab8a6940a3bf24b5 Signed-off-by: Dave Barach <dave@barachs.net>
2018-06-21FastLinQ QL41000 Series PCI vendor and device idsIgor Mikhailov (imichail)1-0/+3
Change-Id: I23caebf602e3e6ff45fdec106a0da88f6de7a284 Signed-off-by: Igor Mikhailov (imichail) <imichail@cisco.com>
2018-06-21Null terminate name stringDave Barach1-1/+1
Change-Id: If7bcc6ae3358b5e39bf76481ee58f4dbaa53d895 Signed-off-by: Dave Barach <dave@barachs.net>
2018-06-21dpdk/ipsec: add support for UDP encap/decapRadu Nicolau2-17/+65
Change-Id: I024c1d398fcb51e5a20f9049d16a87b3b1ba0c20 Signed-off-by: Radu Nicolau <radu.nicolau@intel.com>
2018-06-21acl-plugin: fallback to linear ACL search for fragmentsAndrew Yourtchenko2-38/+34
Trying to accomodate fragments as first class citizens has shown to be more trouble than it's worth. So fallback to linear ACL search in case it is a fragment packet. Delete the corresponding code from the hash matching. Change-Id: Ic9ecc7c800d575615addb33dcaa89621462e9c7b Signed-off-by: Andrew Yourtchenko <ayourtch@gmail.com>
2018-06-20Nested-loop index typo. Oops.Dave Barach1-6/+6
Change-Id: I73b5a4adcfce0d7cd1dd4cf6d9d6a5fb25256bcf Signed-off-by: Dave Barach <dave@barachs.net>
2018-06-20acl-plugin: acl-as-a-service: VPP-1248: fix the error if exports.h included ↵Andrew Yourtchenko10-207/+229
in more than one C file Including the exports.h from multiple .c files belonging to a single plugin results in an error. Rework the approach to require the table of function pointers to be filled in by the initialization function. Since the inline functions are compiled in the "caller" context, there is no knowledge about the acl_main structure used by the ACL plugin. To help with that, the signature of inline functions is slightly different, taking the p_acl_main pointer as the first parameter. That pointer is filled into the .p_acl_main field of the method table during the initialization - since the calling of non-inline variants would have required filling the method table, this should give minimal headaches during the use and switch between the two methods. Change-Id: Icb70695efa23579c46c716944838766cebc8573e Signed-off-by: Andrew Yourtchenko <ayourtch@gmail.com>
2018-06-19Driver level time-based src mac filterDave Barach9-0/+1498
Change-Id: I062d7653e00d77e73a61d8841e01ab4a159b6404 Signed-off-by: Dave Barach <dbarach@cisco.com>
2018-06-19Check get packet template allocation failure (VPP-1321)John Lo1-0/+6
After calling vlib_packet_template_get_packet(), make sure packet buffer is allocated before using it. Change-Id: Idb5199f4e2c9596137b2101e502d611f474a6ffe Signed-off-by: John Lo <loj@cisco.com>
2018-06-19flow:free lookup entries after packets are handledeyal bari3-13/+36
Change-Id: I737dad64bf6dd0743d36500d5cfa1cb1a6594b98 Signed-off-by: Eyal Bari <ebari@cisco.com>
2018-06-17acl-plugin: fix the high cpu usage caused by the connection cleanerAndrew Yourtchenko1-1/+2
The commit 4bc1796b346efd10f3fb19b176ff089179263a24 had incorrect calculation of the session lists minimal timeout, resulting in returned value of 0 which resulted in existing sessions constantly requeued, taking up the CPU. Fix this calculation. Change-Id: I9a789739f96a1f01522c68f91b0a02db2417837f Signed-off-by: Andrew Yourtchenko <ayourtch@gmail.com>
2018-06-17acl-plugin: split (L3) and (L4/pkt) logic of creation of 5tuple structure, ↵Andrew Yourtchenko1-46/+70
optimize stores in the (l4/pkt) Having two pieces of code - one for now much simpler to recreate L3 info, one for a more difficult do build L4/pkt metadata allows more degrees of freedom for optimizations. Also, construct the metadata in local variables first before saving it into the memory structure, this fewer memory stores and they are better aligned, allowing to coalesce with subsequent reads if needed. Change-Id: Icb35d933834b14294f875362c9b58db3feb38d99 Signed-off-by: Andrew Yourtchenko <ayourtch@gmail.com>
2018-06-16NAT44: fix coverityMatus Fabian1-1/+1
Change-Id: Ib1e4563dbc027571c77497e5c190201713adc72b Signed-off-by: Matus Fabian <matfabia@cisco.com>
2018-06-15avf: tx node fixesDamjan Marion1-9/+9
- missing RSV bit set in descriptor - wrong buffer offset Change-Id: I8b138266652a30a50e4541c6344e4fe3dec4d1ca Signed-off-by: Damjan Marion <damarion@cisco.com>
2018-06-15NAT44: endpoint dependent mode (VPP-1273)Matus Fabian7-1453/+3450
To enable NAT plugin endpoint dependent mode add following to statrup config: nat { endpoint-dependent } Enable endpoint dependent filtering and mapping for all sessions. Move some existing functionality such as service load balancing, twice nat, out2in-only static mappings and unknown protocol dynamic translations, which use endpoint dependent lookup hash tables before. Basically split to vanilla NAT44 and extra features NAT44. Change-Id: I3925eb5ddcc8f1ec4cf6af4e2a618a7ec7aa9735 Signed-off-by: Matus Fabian <matfabia@cisco.com>
2018-06-15TLS async supportPing Yu4-23/+739
Change-Id: I26194e00dfb85e5cd1c65ff4e6ffd665be2d719b Signed-off-by: Ping Yu <ping.yu@intel.com>
2018-06-14acl-plugin: VAT: add an option to load entire ACL from a ClassBench ruleset ↵Andrew Yourtchenko1-0/+190
file for testing Add a command "acl_add_replace_from_file" to VAT which can load a ruleset and add an ACL with it. There are a few options which augment the ACL being created: "permit+reflect" or "permit" alter the default action from deny on the ACEs created. "append-default-permit" adds an entry in the end with the "permit+reflect" if the default action has been changed to permit+reflect, or with a simple permit otherwise. This command is IPv4-only because the available datasets were IPv4-only. Change-Id: I26b9f33ecb6b59e051d1d9cbafedbc47e8203392 Signed-off-by: Andrew Yourtchenko <ayourtch@gmail.com>
2018-06-14acl-plugin: use 16_8 bihash for IPv4 sessions and 40_8 bihash for IPv6 sessionsAndrew Yourtchenko7-84/+165
Add a new kv_16_8 field into 5tuple union, rename the existing kv into kv_40_8 for clarity, and add the compile-time alignment constraints. Change-Id: I9bfca91f34850a5c89cba590fbfe9b865e63ef94 Signed-off-by: Andrew Yourtchenko <ayourtch@gmail.com>
2018-06-13acl-plugin: change the src/dst L3 info in 5tuple struct to be always ↵Andrew Yourtchenko6-97/+156
contiguous with L4 data Using ip46_address_t was convenient from operational point of view but created some difficulties dealing with IPv4 addresses - the extra 3x of u32 padding are costly, and the "holes" mean we can not use the smaller key-value data structures for the lookup. This commit changes the 5tuple layout for the IPv4 case, such that the src/dst addresses directly precede the L4 information. That will allow to treat the same data within 40x8 key-value structure as a 16x8 key-value structure starting with 24 byte offset. Change-Id: Ifea8d266ca0b9c931d44440bf6dc62446c1a83ec Signed-off-by: Andrew Yourtchenko <ayourtch@gmail.com>
2018-06-13Fix clang compilation on aarch64: extraneous parenthesesSirshak Das1-6/+16
Fixes clang error: equality comparison with extraneous parentheses Changing all the #defines to inlines. Change-Id: I30a931679ac3325b23b249b1ae28c7c8cf54b012 Signed-off-by: Sirshak Das<sirshak.das@arm.com>
2018-06-13vxlan:offload RX floweyal bari1-1/+1
ip4 vxlan cli/api (using flow infra) to create flows and enable them on different hardware (currently tested with i40e) to offload a vxlan tunnel onto hw: set flow-offload vxlan hw TwentyFiveGigabitEthernet3/0/0 rx vxlan_tunnel1 to remove offload: set flow-offload vxlan hw TwentyFiveGigabitEthernet3/0/0 rx vxlan_tunnel1 del TODO:ipv6 handling Change-Id: I70e61f792ef8e3f007d03d7df70e97ea4725b101 Signed-off-by: Eyal Bari <ebari@cisco.com>