summaryrefslogtreecommitdiffstats
path: root/src/plugins
AgeCommit message (Collapse)AuthorFilesLines
2020-09-04vrrp: improve RFC compliance for ARP/NDMatthew Smith2-38/+48
Type: fix The ARP/ND feature nodes reply to requests for a VR virtual IP address when a VR is in the master state. If the VR is in the backup state, the request is passed to the next node on the feature arc. This can cause an incorrect response to be sent. If some other feature (e.g. NAT) causes a virtual IP address to be configured as a "local" address on the system, a later node on the feature arc may respond to an ARP/ND request with the real MAC address of the interface. RFC 5798 says that a router must respond to ARP/ND requests for VR virtual IP addresses with the VR virtual MAC address. And it says a router must not respond to ARP/ND requests for VR virtual IP addresses when the VR is in the backup state. Ensure that ARP/ND requests for VR virtual IP addresses are dropped when in the backup state rather than allowing them to continue on the feature arc where another node may end up responding. In order to do this, enable/disable the feature nodes when leaving or entering the init state instead of the master state. Change-Id: I416f83e125cbf91deb90c3b6eb00ba3207de24ad Signed-off-by: Matthew Smith <mgsmith@netgate.com>
2020-09-04dpdk-ipsec: use init function instead of one-time processChristian Hopps1-11/+3
Use VLIB_MAIN_LOOP_ENTER_FUNCTION to do post init initialization for dpdk crypto rather than create a one-time process to do the same. Type: fix Signed-off-by: Christian Hopps <chopps@labn.net> Change-Id: I06e480b028c8e1fc1b0024a66b2338eb21a797ca
2020-09-04dpdk-ipsec: fix show outputChristian Hopps3-3/+3
Fix the shown crypto inflight counts which were reversed. Also improve a couple error descriptions to tell them apart when viewed. Type: fix Signed-off-by: Christian Hopps <chopps@labn.net> Change-Id: I6d4054c64aa842658cfcde8969c7aa48f6d21207
2020-09-04ip: enhance vtep4_check of tunnel by vector wayZhiyong Yang1-12/+30
This patch aims to improve decap performance by reducing expensive hash_get callings as less as possible using AVX512 on XEON. e.g. vxlan, vxlan_gpe, geneve, gtpu. For the existing code, if vtep4 of the current packet match the last vtep4_key_t well, expensive hash computation can be avoided and the code returns directly. This patch improves tunnel decap multiple flows case greatly by leveraging 512bit vector register on XEON accommodating 8 vtep4_keys. It enhances the possiblity of avoiding unnecessary hash computing once hash key of the current packet hits any one of 8 in the 512bit cache. The oldest element in vtep4_cache_t is updated in round-robin order. vlib_get_buffers is also leveraged in the meanwhile. Type: improvement Signed-off-by: Zhiyong Yang <zhiyong.yang@intel.com> Signed-off-by: Ray Kinsella <mdr@ashroe.eu> Signed-off-by: Junfeng Wang <drenfong.wang@intel.com> Change-Id: I313103202bd76f2dd638cd942554721b37ddad60
2020-09-03crypto: Add async crypto APIsNathan Skrzypczak5-0/+132
Type: feature This adds api calls for the following CLIs: * set sw_scheuduler worker <N> crypto on|off * set crypto async dispatch polling|interrupt * set crypto handler * set crypto async handler Change-Id: Ic701d149c440e42ea4575da42b9f69e4c8759602 Signed-off-by: Nathan Skrzypczak <nathan.skrzypczak@gmail.com>
2020-09-03crypto: SW scheduler async crypto enginePiotrX Kleski4-2/+795
Type: feature This patch adds new sw_scheduler async crypto engine. The engine transforms async frames info sync crypto ops and delegates them to active sync engines. With the patch it is possible to increase the single worker crypto throughput by offloading the crypto workload to multiple workers. By default all workers in the system will attend the crypto workload processing. However a worker's available cycles are limited. To avail more cycles to one worker to process other workload (e.g. the worker core that handles the RX/TX and IPSec stack processing), a useful cli command is added to remove itself (or add it back later) from the heavy crypto workload but only let other workers to process the crypto. The command is: - set sw_scheduler worker <idx> crypto <on|off> It also adds new interrupt mode to async crypto dispatch node. This mode signals the node when new frames are enqueued as opposed to polling mode that continuously calls dispatch node. New cli commands: - set crypto async dispatch [polling|interrupt] - show crypto async status (displays mode and nodes' states) Signed-off-by: PiotrX Kleski <piotrx.kleski@intel.com> Signed-off-by: DariuszX Kazimierski <dariuszx.kazimierski@intel.com> Reviewed-by: Fan Zhang <roy.fan.zhang@intel.com> Change-Id: I332655f347bb9e3bc9c64166e86e393e911bdb39
2020-09-02nat: twice-nat static mapping pool addressFilip Varga10-95/+354
Let twice-nat static mapping pick specific address from the twice-nat pool. Type: improvement Change-Id: Iadaa036af2fa3b0e6e9a68ff6e68b4bbe1650eb1 Signed-off-by: Filip Varga <fivarga@cisco.com>
2020-09-01crypto-openssl: add chacha20-poly1305 to crypto-opensslArtem Glazychev3-9/+223
Type: feature Signed-off-by: Artem Glazychev <artem.glazychev@xored.com> Change-Id: Iec28fb11b6edff1bee23117f56aa3a3e5729541a Signed-off-by: Damjan Marion <damarion@cisco.com>
2020-09-01misc: fix uninitialized use warnings with gcc-{8,9}Aloys Augustin2-3/+3
Change-Id: I4930c3c2a8025ec9ceb17e994137be67d88d455f Type: fix Signed-off-by: Aloys Augustin <aloaugus@cisco.com>
2020-09-01ip: fix ip zero checksum verificationBenoît Ganne5-8/+8
In one's complement, there are two representations of zero: the all zero and the all one bit values, often referred to as +0 and -0. See RFC 1624 section 3 for more details. This used to be taken care of in ip4_header_checksum(), but it is no longer the case. The check ip->checksum == ip4_header_checksum (ip) is no longer correct in the -0 case. Always use ip4_header_checksum_is_valid() instead (which behaves correctly since 9a79a1ab931c3b5a7ae07d6f0fcfef7c4368a2c4). Type: fix Fixes: e5f0050c7a5d411f96af6401797529d58825e2af Change-Id: Iacc6b60645a834287b085aecb9e3fdb4554cf0cf Signed-off-by: Benoît Ganne <bganne@cisco.com>
2020-09-01dpdk: fix mac address length was wrongjiangxiaoming1-1/+1
Type: fix Signed-off-by: jiangxiaoming <jiangxiaoming@outlook.com> Change-Id: I87c6f423ea8fdd9fb764693055eb1509f994d6f1
2020-09-01cnat: Fix typo in ts handlingNathan Skrzypczak1-1/+0
Type: fix Change-Id: I5287f6326726780c09e515eede0992bafb413bb2 Signed-off-by: Nathan Skrzypczak <nathan.skrzypczak@gmail.com>
2020-08-31nat: fix type in api messageKlement Sekera4-2/+204
Translation memory size is internally a uword, but in api it was u32, resulting in the returned value being 0 all the time. Fix the "incorrect" API reply to return a u32 capped to 0xffffffff if the u64 is larger than that, introduce the message with the correct type, deprecate the message with the incorrect type. Also, while we are updating the message definition, add the max translations / max users per worker thread into the new message. Type: fix Signed-off-by: Klement Sekera <ksekera@cisco.com> Change-Id: I92e38a6a2bcb70fc8d1b129bbe416bf7f9e54280 Signed-off-by: Andrew Yourtchenko <ayourtch@gmail.com>
2020-08-31vppinfra: convert A_extend_to_B to B_from_A format of vector inlinesDamjan Marion1-2/+2
Make it shorter and same format when converting to biggor or smaller types. Type: refactor Change-Id: I443d67e18ae65d779b4d9a0dce5406f7d9f0e4ac Signed-off-by: Damjan Marion <damarion@cisco.com>
2020-08-31af_xdp: AF_XDP input pluginBenoît Ganne14-0/+2206
Type: feature Change-Id: I85aa4ad6b68c1aa0e51938002dc691a4b11c545c Signed-off-by: Damjan Marion <damarion@cisco.com> Signed-off-by: Benoît Ganne <bganne@cisco.com>
2020-08-31rdma: bugfix in the descriptor refill logic. In case of a partial ↵Mohammed Hawari1-1/+1
allocation, the remainder modulo 8 must be returned to the pool so that the number of kept buffers is a multiple of 8. Type: fix Change-Id: Ifd97b03ea220300e7e6fe81a8ff4a25060fea6c1 Signed-off-by: Mohammed Hawari <mohammed@hawari.fr>
2020-08-31flow: code refactorChenmin Sun2-392/+197
This is the code refactor for vnet/flow infra and the dpdk_plugin flow implementation. The main works of the refactor are: 1. Added two base flow type: VNET_FLOW_TYPE_IP4 and VNET_FLOW_TYPE_IP6 as the base the flow type 2. All the other flows are derived from the base flow types 3. Removed some flow types that are not currently supported by the hardware, and VPP won't leverage them either: IP4_GTPU_IP4, IP4_GTPU_IP6, IP6_GTPC, IP6_GTPU, IP6_GTPU_IP4, IP6_GTPU_IP6 4. Re-implemented the vnet/flow cli as well as the dpdk_plugin implementation 5. refine cli prompt 6. refine display info in command "show flow entry" Type: refactor Signed-off-by: Chenmin Sun <chenmin.sun@intel.com> Change-Id: Ica5e61c5881adc73b28335fd83e36ec1cb420c96
2020-08-31cnat: Destination based NATNeale Ranns22-0/+4950
Type: feature Signed-off-by: Neale Ranns <nranns@cisco.com> Change-Id: I64a99a4fbc674212944247793fd5c1fb701408cb
2020-08-27dpdk: fix blacklistsVladimir Ratnikov2-2/+10
When we have both format blacklisted devices like: blacklist 1234:5678 blacklist 1234:56:78.0 unformat with fmt=%x:%x matches for both strings and the rest 78.0 substring is kept in input and it can't be parsed for init args This patch checks first if device format matches PCI address and just then if it matches Vendor and Product Type: fix Change-Id: If111762c0e0a424b052e4f6dc0f67731bf89dc2a Signed-off-by: Vladimir Ratnikov <vratnikov@netgate.com>
2020-08-27tests: "force solo" testcase supportAndrew Yourtchenko4-0/+16
Some of the tests are time-sensitive, and at present require a non-trivial modification in order to run at high concurrency. Without these modifications, they intermittently fail, and require the test retries. Rather than setting them to the extended tests and forgetting about them, put them into a "solo" set, which gets run in a single-threaded mode after the rest of the tests are done. Mark a few of the tests that showed errors during TEST_JOBS=48 as forced-solo. Also, give a better diagnostic if the testcase misses a docstring needed to represent it in the diagnostic outputs. Type: fix Change-Id: I33fe62eb17edc1885bd2c3523892051d52da6546 Signed-off-by: Andrew Yourtchenko <ayourtch@gmail.com>
2020-08-25api: register endian handlers for reply messagesOle Troan2-4/+1
Endian handlers was not registered for reply messages. Causing endian-neutral handlers to crash. Type: fix Signed-off-by: Ole Troan <ot@cisco.com> Change-Id: Id14173300ee1ab2601e92d58c70d2fa260814b69
2020-08-24vmxnet3: enhance debug CLI error handlingSteven Luong2-2/+18
- Display the interface name upon successfully creating the interface. - Don't go silent when error occurs. Be explicit about it. Type: improvement Signed-off-by: Steven Luong <sluong@cisco.com> Change-Id: Ie4fdaf323f8b3833ad4a7af3872290141204aba8
2020-08-22hsa: set connected mode for udp serverjiangxiaoming1-0/+4
Type: fix Signed-off-by: jiangxiaoming <jiangxiaoming@outlook.com> Change-Id: I32a28a944fcee11657c4dd0ba34ad6d73de89263
2020-08-20tcp: track reorder with sacksFlorin Coras1-1/+5
Type: feature Change-Id: I041bff2e8d589c171661de286fa1503531dff891 Signed-off-by: Florin Coras <fcoras@cisco.com>
2020-08-20nat: fixed cli nat summary and nat limitFilip Varga3-50/+109
Type: fix Change-Id: I78017b02015116f93b579c7381119f618351c98d Signed-off-by: Filip Varga <fivarga@cisco.com>
2020-08-19nat: session cli command fixFilip Varga1-3/+11
Type: fix Change-Id: I57ae649d1b26d5bea2df89c209f257372e565b49 Signed-off-by: Filip Varga <fivarga@cisco.com>
2020-08-17nat: det: replace speculative buffer enqueue modelKlement Sekera2-948/+897
Replace speculative buffer enqueue coding model with vlib_get_buffers(...)/vlib_buffer_enqueue_to_next(...). Type: improvement Signed-off-by: Klement Sekera <ksekera@cisco.com> Change-Id: Ib5a32d60592fb17ed0ba1ac074047e39780f74be
2020-08-17nat: sessions get expired when fib table removedFilip Varga7-9/+348
fib table removal would leave lingering sessions in vpp this patch is aimed at solving this issue by grouping sessions by source and destionation fib. if one of the fibs gets removed this grouping is tagged as expired and session won't be passed to non existing fib table Ticket: VPPSUPP-93 Type: improvement Change-Id: I45b1205a8b58d91f174e6feb862554ec2f6cffad Signed-off-by: Filip Varga <fivarga@cisco.com>
2020-08-13nat: move deterministic nat to det44 sub featureFilip Varga27-3108/+4484
Type: refactor Change-Id: I0bb203102a0e13dd7448e2125925ab356bbd7937 Signed-off-by: Filip Varga <fivarga@cisco.com>
2020-08-13nat: remove non-error error countersKlement Sekera16-507/+585
Some statistics counters were implemented as error counters. Move them to stat segment, where they belong. Type: improvement Change-Id: I5600bec1b4e0496282297374ec1e79d909cdaf8a Signed-off-by: Klement Sekera <ksekera@cisco.com>
2020-08-13acl: use the global heap when allocating the lookup contextAndrew Yourtchenko1-0/+3
The "ACL as a service" lookup infra is shared, so a global heap must be used. Type: fix Signed-off-by: Andrew Yourtchenko <ayourtch@gmail.com> Change-Id: I86894254b737392c1968b6a581b5a37590376428
2020-08-13stats: remove offsets on vpp sideOle Troan1-16/+14
Represent pointers directly in shared memory and require clients to adjust for shared memory segment being mapped at different base address. Deprecated: stat_segment_pointer() / stat_segment_offset() Added: stat_segment_adjust() Bumped the stat segment version to 2. Type: refactor Signed-off-by: Ole Troan <ot@cisco.com> Change-Id: I33e756187b8903b45dcd353e6c1a101b7a4acb79
2020-08-07vrrp: change init of vrrp key in VR lookupMatthew Smith1-5/+7
Type: fix A struct that is used as a hash key was being initialized in its declaration. On CentOS 8 this caused some hash lookups to fail. This seems to be caused by uninitialized padding. Use clib_memset() to initialize the key with 0's to avoid the issue. Change-Id: I00555c201a1ab34133971313ba14f20f4e867a30 Signed-off-by: Matthew Smith <mgsmith@netgate.com>
2020-08-06memif: wrong interface counter is incrementedSteven Luong1-2/+2
vlib_increment_combined_counter takes sw_if_index, not hw_if_index. Type: fix Signed-off-by: Steven Luong <sluong@cisco.com> Change-Id: Iecde2697ed490940f0eff796d28d15381405b895
2020-08-06misc: harmonize namesDave Barach15-150/+157
Type: fix Signed-off-by: Dave Barach <dave@barachs.net> Change-Id: Ibad744788e200ce012ad88ff59c2c34920742454
2020-08-03unittest: add clib_count_equal_u8/16/32/64 testsBenoît Ganne1-4/+100
Type: test Change-Id: I490c1b1a2fa49badda038e6be014c77b9bee6c56 Signed-off-by: Benoît Ganne <bganne@cisco.com>
2020-07-31nsim: limit tx burst size and refactor input nodeFlorin Coras2-64/+30
Type: improvement Signed-off-by: Florin Coras <fcoras@cisco.com> Change-Id: Ic93a598051d437a5801d794b678edf6e73d42a47
2020-07-31nsim: basic reorder supportFlorin Coras5-388/+416
Reorder delayed packets, i.e., flush instead of delay, with a configured rate. Type: feature Change-Id: Ib1294f5f1c9b6e98a12b1bb0be655e54facfed3a Signed-off-by: Florin Coras <fcoras@cisco.com>
2020-07-29hsa: fix handling active connection failures in the proxyIvan Shvedunov1-9/+16
Type: fix Signed-off-by: Ivan Shvedunov <ivan4th@gmail.com> Change-Id: I9c62bb6524247e2cd25de198263c16f3d9db0da9
2020-07-28http_static: fix session cleanupFlorin Coras1-41/+30
Type: fix Signed-off-by: Florin Coras <fcoras@cisco.com> Change-Id: Ibb380eecca76ed9c00ed14c167dfcf576f943db0
2020-07-28hsa: fix http server session cleanupFlorin Coras1-36/+31
Type: fix Signed-off-by: Florin Coras <fcoras@cisco.com> Change-Id: I6832e3f24a56e043415a32eb4072d0bfb7697251
2020-07-28bonding lacp: replace slave string with memberSteven Luong16-630/+631
- Replace textual string slave with member except APIs. - For APIs, mark the existing APIs as deprecated and introduce new APIs - While introducing sw_bond_interface_dump, add the optional filter by sw_if_index and enhance the testcases to make use of it. Type: improvement Signed-off-by: Steven Luong <sluong@cisco.com> Change-Id: Ib6626c514e45350308aeeda0decb70f3aba2f63e
2020-07-28ikev2: fix session re-initiate after SA expiresFilip Tehlar2-1/+3
Type: fix Change-Id: Ie3d24b3df02d08fbb74d97f4e5ab0d79c35b0c0d Signed-off-by: Filip Tehlar <ftehlar@cisco.com>
2020-07-28nat: limit resource consumption when out of portsKlement Sekera1-2/+7
Type: improvement Signed-off-by: Klement Sekera <ksekera@cisco.com> Change-Id: I83f44711264376389989152666f3c71216146bdd
2020-07-24lacp: fix vector overflowBenoît Ganne1-2/+2
Type: fix Change-Id: I8f776ce10ee8c29689db5ceef70df42dfb6b747c Signed-off-by: Benoît Ganne <bganne@cisco.com>
2020-07-24ikev2: add SA dump APIjan_cavojsky5-6/+907
Type: feature Ticket: VPP-1897 Change-Id: I0245aceeb344efd29b1f9217c35889a8bbe1f744 Signed-off-by: jan_cavojsky <Jan.Cavojsky@pantheon.tech> Signed-off-by: Filip Tehlar <ftehlar@cisco.com>
2020-07-23dpdk: device_id sorted order for cryptodevVladimir Ratnikov1-0/+16
By default, VPP automatically assignes for each tunnel next available QAT device by order dev_id-que-pair. In most cases we have more than one device and it can greatly increase ipsec perfomance without any actions with configuration from user if we use all the devices first and first que-pairs Type: feature Signed-off-by: Vladimir Ratnikov <vratnikov@netgate.com> Change-Id: Iac9fe74768775459e22f69bb3706b542090a9375
2020-07-23acl: correct acl vat help messageLijian.Zhang1-2/+2
"ipv4"/"ipv6" option is not supported in acl_add_replace and macip_acl_add_replace vat api. Update its help message per actual api usage. Type: fix Change-Id: I8d34fac5f98bd78a46a5e98df05cd35182988dd8 Signed-off-by: Lijian Zhang <Lijian.Zhang@arm.com> Reviewed-by: Jieqiang Wang <Jieqiang.Wang@arm.com> Reviewed-by: Govindarajan Mohandoss <Govindarajan.Mohandoss@arm.com>
2020-07-23hsa: proxy session cleanup fixesFlorin Coras2-95/+188
Type: fix Signed-off-by: Florin Coras <fcoras@cisco.com> Change-Id: I96673c984077876e69b18b4126b55e70dc07b50f
2020-07-23nat: fix port number selectionElias Rudberg2-6/+6
Change the port number selection for new NAT sessions so that it matches how the thread index is calculated from the port number for out2in packets. Before this change there was a problem when the largest port number in the range was used, that resulted in the wrong thread index being selected when out2in packets arrive for that session. Type: fix Signed-off-by: Elias Rudberg <elias.rudberg@bahnhof.net> Change-Id: I936c389eb0d5df6168e18e5e44754de1cdad6ad1 Signed-off-by: Klement Sekera <ksekera@cisco.com>