summaryrefslogtreecommitdiffstats
path: root/src/plugins
AgeCommit message (Collapse)AuthorFilesLines
2018-06-21acl-plugin: fallback to linear ACL search for fragmentsAndrew Yourtchenko2-38/+34
Trying to accomodate fragments as first class citizens has shown to be more trouble than it's worth. So fallback to linear ACL search in case it is a fragment packet. Delete the corresponding code from the hash matching. Change-Id: Ic9ecc7c800d575615addb33dcaa89621462e9c7b Signed-off-by: Andrew Yourtchenko <ayourtch@gmail.com>
2018-06-20Nested-loop index typo. Oops.Dave Barach1-6/+6
Change-Id: I73b5a4adcfce0d7cd1dd4cf6d9d6a5fb25256bcf Signed-off-by: Dave Barach <dave@barachs.net>
2018-06-20acl-plugin: acl-as-a-service: VPP-1248: fix the error if exports.h included ↵Andrew Yourtchenko10-207/+229
in more than one C file Including the exports.h from multiple .c files belonging to a single plugin results in an error. Rework the approach to require the table of function pointers to be filled in by the initialization function. Since the inline functions are compiled in the "caller" context, there is no knowledge about the acl_main structure used by the ACL plugin. To help with that, the signature of inline functions is slightly different, taking the p_acl_main pointer as the first parameter. That pointer is filled into the .p_acl_main field of the method table during the initialization - since the calling of non-inline variants would have required filling the method table, this should give minimal headaches during the use and switch between the two methods. Change-Id: Icb70695efa23579c46c716944838766cebc8573e Signed-off-by: Andrew Yourtchenko <ayourtch@gmail.com>
2018-06-19Driver level time-based src mac filterDave Barach9-0/+1498
Change-Id: I062d7653e00d77e73a61d8841e01ab4a159b6404 Signed-off-by: Dave Barach <dbarach@cisco.com>
2018-06-19Check get packet template allocation failure (VPP-1321)John Lo1-0/+6
After calling vlib_packet_template_get_packet(), make sure packet buffer is allocated before using it. Change-Id: Idb5199f4e2c9596137b2101e502d611f474a6ffe Signed-off-by: John Lo <loj@cisco.com>
2018-06-19flow:free lookup entries after packets are handledeyal bari3-13/+36
Change-Id: I737dad64bf6dd0743d36500d5cfa1cb1a6594b98 Signed-off-by: Eyal Bari <ebari@cisco.com>
2018-06-17acl-plugin: fix the high cpu usage caused by the connection cleanerAndrew Yourtchenko1-1/+2
The commit 4bc1796b346efd10f3fb19b176ff089179263a24 had incorrect calculation of the session lists minimal timeout, resulting in returned value of 0 which resulted in existing sessions constantly requeued, taking up the CPU. Fix this calculation. Change-Id: I9a789739f96a1f01522c68f91b0a02db2417837f Signed-off-by: Andrew Yourtchenko <ayourtch@gmail.com>
2018-06-17acl-plugin: split (L3) and (L4/pkt) logic of creation of 5tuple structure, ↵Andrew Yourtchenko1-46/+70
optimize stores in the (l4/pkt) Having two pieces of code - one for now much simpler to recreate L3 info, one for a more difficult do build L4/pkt metadata allows more degrees of freedom for optimizations. Also, construct the metadata in local variables first before saving it into the memory structure, this fewer memory stores and they are better aligned, allowing to coalesce with subsequent reads if needed. Change-Id: Icb35d933834b14294f875362c9b58db3feb38d99 Signed-off-by: Andrew Yourtchenko <ayourtch@gmail.com>
2018-06-16NAT44: fix coverityMatus Fabian1-1/+1
Change-Id: Ib1e4563dbc027571c77497e5c190201713adc72b Signed-off-by: Matus Fabian <matfabia@cisco.com>
2018-06-15avf: tx node fixesDamjan Marion1-9/+9
- missing RSV bit set in descriptor - wrong buffer offset Change-Id: I8b138266652a30a50e4541c6344e4fe3dec4d1ca Signed-off-by: Damjan Marion <damarion@cisco.com>
2018-06-15NAT44: endpoint dependent mode (VPP-1273)Matus Fabian7-1453/+3450
To enable NAT plugin endpoint dependent mode add following to statrup config: nat { endpoint-dependent } Enable endpoint dependent filtering and mapping for all sessions. Move some existing functionality such as service load balancing, twice nat, out2in-only static mappings and unknown protocol dynamic translations, which use endpoint dependent lookup hash tables before. Basically split to vanilla NAT44 and extra features NAT44. Change-Id: I3925eb5ddcc8f1ec4cf6af4e2a618a7ec7aa9735 Signed-off-by: Matus Fabian <matfabia@cisco.com>
2018-06-15TLS async supportPing Yu4-23/+739
Change-Id: I26194e00dfb85e5cd1c65ff4e6ffd665be2d719b Signed-off-by: Ping Yu <ping.yu@intel.com>
2018-06-14acl-plugin: VAT: add an option to load entire ACL from a ClassBench ruleset ↵Andrew Yourtchenko1-0/+190
file for testing Add a command "acl_add_replace_from_file" to VAT which can load a ruleset and add an ACL with it. There are a few options which augment the ACL being created: "permit+reflect" or "permit" alter the default action from deny on the ACEs created. "append-default-permit" adds an entry in the end with the "permit+reflect" if the default action has been changed to permit+reflect, or with a simple permit otherwise. This command is IPv4-only because the available datasets were IPv4-only. Change-Id: I26b9f33ecb6b59e051d1d9cbafedbc47e8203392 Signed-off-by: Andrew Yourtchenko <ayourtch@gmail.com>
2018-06-14acl-plugin: use 16_8 bihash for IPv4 sessions and 40_8 bihash for IPv6 sessionsAndrew Yourtchenko7-84/+165
Add a new kv_16_8 field into 5tuple union, rename the existing kv into kv_40_8 for clarity, and add the compile-time alignment constraints. Change-Id: I9bfca91f34850a5c89cba590fbfe9b865e63ef94 Signed-off-by: Andrew Yourtchenko <ayourtch@gmail.com>
2018-06-13acl-plugin: change the src/dst L3 info in 5tuple struct to be always ↵Andrew Yourtchenko6-97/+156
contiguous with L4 data Using ip46_address_t was convenient from operational point of view but created some difficulties dealing with IPv4 addresses - the extra 3x of u32 padding are costly, and the "holes" mean we can not use the smaller key-value data structures for the lookup. This commit changes the 5tuple layout for the IPv4 case, such that the src/dst addresses directly precede the L4 information. That will allow to treat the same data within 40x8 key-value structure as a 16x8 key-value structure starting with 24 byte offset. Change-Id: Ifea8d266ca0b9c931d44440bf6dc62446c1a83ec Signed-off-by: Andrew Yourtchenko <ayourtch@gmail.com>
2018-06-13Fix clang compilation on aarch64: extraneous parenthesesSirshak Das1-6/+16
Fixes clang error: equality comparison with extraneous parentheses Changing all the #defines to inlines. Change-Id: I30a931679ac3325b23b249b1ae28c7c8cf54b012 Signed-off-by: Sirshak Das<sirshak.das@arm.com>
2018-06-13vxlan:offload RX floweyal bari1-1/+1
ip4 vxlan cli/api (using flow infra) to create flows and enable them on different hardware (currently tested with i40e) to offload a vxlan tunnel onto hw: set flow-offload vxlan hw TwentyFiveGigabitEthernet3/0/0 rx vxlan_tunnel1 to remove offload: set flow-offload vxlan hw TwentyFiveGigabitEthernet3/0/0 rx vxlan_tunnel1 del TODO:ipv6 handling Change-Id: I70e61f792ef8e3f007d03d7df70e97ea4725b101 Signed-off-by: Eyal Bari <ebari@cisco.com>
2018-06-12avf: fix crash if device is busyJakub Grajciar1-1/+8
Change-Id: I170d78c8e5f7e16a264c9f226a09693109aece5e Signed-off-by: Jakub Grajciar <jgrajcia@cisco.com>
2018-06-12MTU assigning to itself (Coverity)Ole Troan1-4/+0
Change-Id: Iee8de25ab3c68ae3698c79852195dc336050914c Signed-off-by: Ole Troan <ot@cisco.com>
2018-06-11MTU: Software interface / Per-protocol MTU supportOle Troan1-10/+5
This patch separates setting of hardware interfaec and software interface MTU. Software MTU is L2 payload MTU (i.e. not including L2 header). Per-protocol MTU for IPv4, IPv6 and MPLS can also be set. Currently only IP4, IP6 are enabled in adjacency / rewrite code. Documentation in src/vnet/MTU.md Change-Id: Iee2fd6f0bbc8210748dd8e073ab9fab87d323690 Signed-off-by: Ole Troan <ot@cisco.com>
2018-06-11Fix multiple NAT translation with interface address as externalAlexander Chernavin1-4/+4
Change-Id: Idd65c6d0489bf83984a2c34d22d3f94000fc7018 Signed-off-by: Alexander Chernavin <achernavin@netgate.com>
2018-06-10IGMP: use simple u32 bit hash keyNeale Ranns3-18/+15
some IGMP hashse use only a u32 key, which is not stored in the object, so don't use memory based hash Change-Id: Iaa4eddf568ea0164bc2a812da4cc502f1811b93c Signed-off-by: Neale Ranns <nranns@cisco.com>
2018-06-09avf: properly cofigure RSS LUTDamjan Marion2-13/+40
Change-Id: I85cfab692ae0a72277ae561cdba7dcbc1f60aca3 Signed-off-by: Damjan Marion <damarion@cisco.com>
2018-06-09avf: add support for intel X722 NICsDamjan Marion1-0/+1
Change-Id: I3e07070eed4948e813ad1490963c7f8ef7f4262e Signed-off-by: Damjan Marion <damarion@cisco.com>
2018-06-08Add reaper functions to want events APIs (VPP-1304)Neale Ranns2-32/+43
Change-Id: Iaeb52d94cb6da63ee93af7c1cf2dade6046cba1d Signed-off-by: Neale Ranns <nranns@cisco.com>
2018-06-08LB: reply message id and table length are wrong.Hongjun Ni1-2/+2
Change-Id: Iea2c661cb3e0728bb2d10b06791ed84fed00f6a7 Signed-off-by: Hongjun Ni <hongjun.ni@intel.com>
2018-06-07dpdk: fix interface naming issueDamjan Marion1-2/+9
... introduced with dpdk 18.05 support patch Change-Id: Idf2283888f81d7652599651c0d65476e451f9343 Signed-off-by: Damjan Marion <damarion@cisco.com>
2018-06-07dpdk: failsafe PMD initialization codeRui Cai2-1/+26
Added code to initialize failsafe PMD This is part of initial effort to enable vpp running over dpdk on failsafe PMD in Microsoft Azure(4/4). Change-Id: Ia2469c7087ca4b5c7881dfb11ec5c4fcebaa1d04 Signed-off-by: Rui Cai <rucai@microsoft.com>
2018-06-07Add support for DPDK 18.05Damjan Marion5-44/+119
Change-Id: I205932bc727c990011bbbe1dc6c0cf5349d19806 Signed-off-by: Damjan Marion <damarion@cisco.com>
2018-06-05bond: send gratuitous arp when the active slave went down in active-backup modeSteven2-9/+4
- Modify the API send_ip6_na and send_ip4_garp to take sw_if_index instead of vnet_hw_interface_t and add call to build_ethernet_rewrite to support subinterface/vlan - Add code to bonding driver to send an event to bond_process when the first interface becomes active or when the active interface is down - Create a bond_process to walk the interface and the corresponding subinterfaces to send garp/ip6_na when an event is received. - Minor cleanup in bonding/node.c Note: dpdk bonding driver does not send garp/ip6_na for subinterfaces. There is no attempt to fix it here. But the infra is now done and should be easy to add the support. Change-Id: If3ecc4cd0fb3051330f7fa11ca0dab3e18557ce1 Signed-off-by: Steven <sluong@cisco.com>
2018-06-05lb api: correct byte order of new_flows_table_length argumentAndrey "Zed" Zaikin1-1/+1
Change-Id: I3ac348a8cb1a515dfe1839eaa084c87719d282e1 Signed-off-by: Andrey "Zed" Zaikin <zed.0xff@gmail.com>
2018-06-04Configure or deduce CLIB_LOG2_CACHE_LINE_BYTES (VPP-1064)Dave Barach1-0/+2
Added configure argument "--with-log2-cache-line-bytes=5|6|7|auto" AKA 32, 64, or 128 bytes, or use the inferred value from the build host. produces build-xxx/vpp/vppinfra/config.h, which .../src/vppinfra/cache.h Kernels which implement the following pseudo-file (aka x86_64) are easy: /sys/devices/system/cpu/cpu0/cache/index0/coherency_line_size Otherwise, extract the cpuid from /proc/cpuinfo and map it to the cache line size. Change-Id: I7ff861e042faf82c3901fa1db98864fbdea95b74 Signed-off-by: Dave Barach <dave@barachs.net> Signed-off-by: Nitin Saxena <nitin.saxena@cavium.com>
2018-06-03dpdk: buffer free optimizationsDamjan Marion1-76/+61
~5 clocks/packet improvement... Change-Id: I1a78fa24dcd1b3ab7f45e10b9ded50f79517114a Signed-off-by: Damjan Marion <damarion@cisco.com>
2018-06-03dpdk: improve buffer alloc perfomanceDamjan Marion1-70/+56
This is ~50% improvement in buffer alloc performance. For a 256 buffer allocation, it was ~10 clocks/buffer, now is < 5 clocks. Change-Id: I97590e240a79a42bcab5eb26587fc2d11e6eb163 Signed-off-by: Damjan Marion <damarion@cisco.com>
2018-06-02AVF input node reworkDamjan Marion2-203/+334
Change-Id: Ib121b24935d5c706cfba6e4b6d321086a38cad91 Signed-off-by: Damjan Marion <damarion@cisco.com>
2018-06-02acl-plugin: multicore: session management fixesAndrew Yourtchenko6-151/+332
- implement a 1us purgatory for the session structures by adding a special connection list, where all connections about to be deleted go. - add per-list-head timeouts updated upon the list enqueue/dequeue for connection idle management - add a "unused" session list with list ID#0, which should never be used unless there is a logic error. Use this ID to initialize the sessions. - improve the maintainability of the session linked list structures by using symbolic bogus index name instead of ~0 - change the ordering of session creations - first reverse, then local. To minimize the potential for two workers competing for the same session in the corner case of the two packets on different workers creating the same logical session - reduce the maximum session count to keep the memory usage the same - add extra log/debug/trace to session cleaning logic - be more aggressive with cleaning up sessions - wind up the interrupts from the workers to themselves if there is more work to do Change-Id: I3aa1c91a925a08e83793467cb15bda178c21e426 Signed-off-by: Andrew Yourtchenko <ayourtch@gmail.com>
2018-05-31dpdk: Decoupling the meaning of xd->device_index in dpdk_pluginRui Cai9-81/+99
Prior to the change, dpdk plugin assumes xd->device_index is used both as index for internal dpdk_main->devices array and DPDK port index to call into DPDK APIs. However, when running on top of Failsafe PMDs, DPDK port index range may no longer be contiguous (as noted: http://dpdk.org/ml/archives/dev/2018-March/092375.html for related changes in DPDK). Because this, dpdk plugin can no longer iterate through all available DPDK ports with a for 0->rte_eth_dev_count() loop and the assumption of device_index no longer holds. This is part of initial effort to enable vpp running over dpdk on failsafe PMD in Microsoft Azure(3/4). Change-Id: I416fd80f2d40e12e139f8f3492814da98343eae7 Signed-off-by: Rui Cai <rucai@microsoft.com>
2018-05-31Fix TLS issue to load certification and keyPing Yu1-0/+2
Change-Id: If1ef2d4bc6f90a4d4b6a345c63723117834c6504 Signed-off-by: Ping Yu <ping.yu@intel.com>
2018-05-30vppinfra: explicitely state for signed types that they are signedDamjan Marion6-10/+10
This fixes some compilation warnings with clang on AArch64. Change-Id: Idb941944e3f199f483c80e143a9e5163a031c4aa Signed-off-by: Damjan Marion <damarion@cisco.com>
2018-05-30dpdk: rename port_id to *_instance_numDamjan Marion4-9/+10
port_id be used for dpdk port_id Change-Id: Ia7d8cdc5dec2ad658c11f9c0f3ef8005a470ac3c Signed-off-by: Damjan Marion <damarion@cisco.com>
2018-05-29Revert "dpdk: set dmamap iova address value according to eal_iova_mode"Damjan Marion1-4/+1
This breaks VFIO operation. This reverts commit d3b3baa4f8e9e4d95264aff16fe85434ef8061bd. Change-Id: I2482e0da2d1ebfc365d13668c4b992b040f561b4 Signed-off-by: Damjan Marion <damarion@cisco.com>
2018-05-29Add VLIB_NODE_FN() macro to simplify multiversioning of node functionsDamjan Marion12-202/+63
Change-Id: Ibab5e27277f618ceb2d543b9d6a1a5f191e7d1db Signed-off-by: Damjan Marion <damarion@cisco.com>
2018-05-29dpdk: Add PMD type for Cavium LiquidIO II CN23XXchuhong yao3-1/+13
1、Adding PMD type for support Cavium LiquidIO II CN23XX NIC; 2、Our company is using VPP + DPDK +Cavium LiquidIO II CN23XX NIC, Unfortunately, the latest VPP code does not support Cavium LiquidIO II CN23XX pci. So I increased the PMD type to support LiquidIO NIC, and can run normally, we most subsequent projects are based on VPP + DPDK + Cavium LiquidIO II CN23XX NIC model, so I hope VPP team can adopt this requirement, thanks a lot. Change-Id: I604ae444d69b37c2e26962bfe4ccdfe983b75041 Signed-off-by: chuhong yao <ych@panath.cn>
2018-05-29dpdk: mempool priv intialization must be done before releasing buffers to poolSachin Saxena1-8/+7
- Currently mempool priv size is getting initialized after releasing buffers to pool. This is causing mismatch in expected & real metadata size value and buffers are getting released with wrong offset. (when metadata offset is in use for a given platform) - Since private data size is 0 initially, metadata size don't include space for VLIB_BUFFER_HDR. Change-Id: I780c4d518104631a3dcf192185bacf58b3598e65 Signed-off-by: Sachin Saxena <sachin.saxena@nxp.com>
2018-05-28NAT44: code cleanup and refactor (VPP-1285)Matus Fabian17-463/+631
Change-Id: I088163f10ae5515d7a9115781cc13ef563fafed5 Signed-off-by: Matus Fabian <matfabia@cisco.com>
2018-05-28add missing lb_put_writer_lock() to lb_vip_add() invalid args casesAndrey "Zed" Zaikin1-2/+7
Change-Id: I9343672c5765a5a4cb56c99fa5de176ddcac62c7 Signed-off-by: Andrey "Zed" Zaikin <zed.0xff@gmail.com>
2018-05-28acl-plugin: move to per-frame buffer pointer calculations and enqueue to ↵Andrew Yourtchenko1-208/+191
next nodes Use the new frame-at-once functions vlib_get_buffers() and vlib_buffer_enqueue_to_next() to calculate the buffer pointers and to dispatch the packets after the processing. This simplifies the dataplane node processing loop. Change-Id: I454308f847aac76a199f8dd7490c1e176414bde7 Signed-off-by: Andrew Yourtchenko <ayourtch@gmail.com>
2018-05-28dpdk: set dmamap iova address value according to eal_iova_modeSachin Saxena1-1/+4
- Fix the issue where eal iova mode is Virtual Address (RTE_IOVA_VA) but setting DMA iova address to Physical address value always. Change-Id: Ib1e9c1596d95885c7eff11723338121627203e61 Signed-off-by: Sachin Saxena <sachin.saxena@nxp.com>
2018-05-27acl-plugin: use clib_bihash_search_inline_2_40_8 rather than ↵Andrew Yourtchenko2-5/+3
clib_bihash_search_40_8 for session lookups Use inline version rather than calling the function, this gives slightly better performance. The straighforward diff uncovered an interesting problem: the stateful ACL IPv4 unit tests would fail for the "make test" but succeed in "make test-debug". Also, they would succeed even in "make test", if before calling the clib_bihash_search_inline_2_40_8 we would change the code to store the key in a temporary variable. Debugging revealed that the generated optimized code is not what one would expect: the zeroing of the u64s overlaying the memcpy into ipv4 value of ip46_address_t made the optimizer not notice the latter, and think that those fields should be always zero in the bihash, thus generating incorrect assembly for the bihash key comparison for the ipv4 nodes. Changing the zeroing to be non-overlapping by zeroing only the pad fields resulted in the optimizer generating the correct code and the tests pass. Change-Id: Ib0f55cef2b5fe70c931d17ca4dc32a5755d160cd Signed-off-by: Andrew Yourtchenko <ayourtch@gmail.com>
2018-05-27VPP-1294: add missing feature arc constraintDave Barach1-1/+2
the ip4-dhcp-client-detect feature MUST run prior to nat44-out2in, or inbound dhcp broadcast packets will be dropped. Certain dhcp servers answer lease renewal dhcp-request packets with broadcast dhcp-acks, leading to unrecoverable lease loss. In detail, this constraint: VNET_FEATURE_INIT (ip4_snat_out2in, static) = { .arc_name = "ip4-unicast", .node_name = "nat44-out2in", .runs_after = VNET_FEATURES ("acl-plugin-in-ip4-fa"), }; doesn't get the job done: ip4-unicast: [17] nat44-out2in [23] ip4-dhcp-client-detect [26] ip4-not-enabled Add a proper constraint: VNET_FEATURE_INIT (ip4_snat_out2in, static) = { .arc_name = "ip4-unicast", .node_name = "nat44-out2in", .runs_after = VNET_FEATURES ("acl-plugin-in-ip4-fa", "ip4-dhcp-client-detect"), }; and the interface feature order is OK, at least in this regard: ip4-unicast: [17] ip4-dhcp-client-detect [18] nat44-out2in [26] ip4-not-enabled We need to carefully audit (especially) the ip4-unicast feature arc, which has [gasp] 37 features on it! Change-Id: I5e749ead7ab2a25d80839a331de6261e112977ad Signed-off-by: Dave Barach <dave@barachs.net>