Age | Commit message (Collapse) | Author | Files | Lines |
|
Trying to accomodate fragments as first class citizens
has shown to be more trouble than it's worth. So
fallback to linear ACL search in case it is a fragment
packet. Delete the corresponding code from the hash
matching.
Change-Id: Ic9ecc7c800d575615addb33dcaa89621462e9c7b
Signed-off-by: Andrew Yourtchenko <ayourtch@gmail.com>
|
|
Change-Id: I73b5a4adcfce0d7cd1dd4cf6d9d6a5fb25256bcf
Signed-off-by: Dave Barach <dave@barachs.net>
|
|
in more than one C file
Including the exports.h from multiple .c files belonging to a single plugin results in an error.
Rework the approach to require the table of function pointers to be filled in by
the initialization function.
Since the inline functions are compiled in the "caller" context,
there is no knowledge about the acl_main structure used by the ACL
plugin. To help with that, the signature of inline functions is slightly
different, taking the p_acl_main pointer as the first parameter.
That pointer is filled into the .p_acl_main field of the method
table during the initialization - since the calling of non-inline variants
would have required filling the method table, this should give
minimal headaches during the use and switch between the two methods.
Change-Id: Icb70695efa23579c46c716944838766cebc8573e
Signed-off-by: Andrew Yourtchenko <ayourtch@gmail.com>
|
|
Change-Id: I062d7653e00d77e73a61d8841e01ab4a159b6404
Signed-off-by: Dave Barach <dbarach@cisco.com>
|
|
After calling vlib_packet_template_get_packet(), make sure
packet buffer is allocated before using it.
Change-Id: Idb5199f4e2c9596137b2101e502d611f474a6ffe
Signed-off-by: John Lo <loj@cisco.com>
|
|
Change-Id: I737dad64bf6dd0743d36500d5cfa1cb1a6594b98
Signed-off-by: Eyal Bari <ebari@cisco.com>
|
|
The commit 4bc1796b346efd10f3fb19b176ff089179263a24 had incorrect
calculation of the session lists minimal timeout, resulting
in returned value of 0 which resulted in existing sessions
constantly requeued, taking up the CPU. Fix this calculation.
Change-Id: I9a789739f96a1f01522c68f91b0a02db2417837f
Signed-off-by: Andrew Yourtchenko <ayourtch@gmail.com>
|
|
optimize stores in the (l4/pkt)
Having two pieces of code - one for now much simpler to recreate L3 info,
one for a more difficult do build L4/pkt metadata allows more
degrees of freedom for optimizations.
Also, construct the metadata in local variables first before
saving it into the memory structure, this fewer memory stores
and they are better aligned, allowing to coalesce with
subsequent reads if needed.
Change-Id: Icb35d933834b14294f875362c9b58db3feb38d99
Signed-off-by: Andrew Yourtchenko <ayourtch@gmail.com>
|
|
Change-Id: Ib1e4563dbc027571c77497e5c190201713adc72b
Signed-off-by: Matus Fabian <matfabia@cisco.com>
|
|
- missing RSV bit set in descriptor
- wrong buffer offset
Change-Id: I8b138266652a30a50e4541c6344e4fe3dec4d1ca
Signed-off-by: Damjan Marion <damarion@cisco.com>
|
|
To enable NAT plugin endpoint dependent mode add following to statrup config:
nat { endpoint-dependent }
Enable endpoint dependent filtering and mapping for all sessions.
Move some existing functionality such as service load balancing, twice nat,
out2in-only static mappings and unknown protocol dynamic translations, which
use endpoint dependent lookup hash tables before. Basically split to vanilla
NAT44 and extra features NAT44.
Change-Id: I3925eb5ddcc8f1ec4cf6af4e2a618a7ec7aa9735
Signed-off-by: Matus Fabian <matfabia@cisco.com>
|
|
Change-Id: I26194e00dfb85e5cd1c65ff4e6ffd665be2d719b
Signed-off-by: Ping Yu <ping.yu@intel.com>
|
|
file for testing
Add a command "acl_add_replace_from_file" to VAT which can load a ruleset and
add an ACL with it. There are a few options which augment the ACL being created:
"permit+reflect" or "permit" alter the default action from deny on the ACEs
created.
"append-default-permit" adds an entry in the end with the "permit+reflect"
if the default action has been changed to permit+reflect, or with a simple
permit otherwise.
This command is IPv4-only because the available datasets were IPv4-only.
Change-Id: I26b9f33ecb6b59e051d1d9cbafedbc47e8203392
Signed-off-by: Andrew Yourtchenko <ayourtch@gmail.com>
|
|
Add a new kv_16_8 field into 5tuple union, rename
the existing kv into kv_40_8 for clarity, and
add the compile-time alignment constraints.
Change-Id: I9bfca91f34850a5c89cba590fbfe9b865e63ef94
Signed-off-by: Andrew Yourtchenko <ayourtch@gmail.com>
|
|
contiguous with L4 data
Using ip46_address_t was convenient from operational point of view but created
some difficulties dealing with IPv4 addresses - the extra 3x of u32 padding
are costly, and the "holes" mean we can not use the smaller key-value
data structures for the lookup.
This commit changes the 5tuple layout for the IPv4 case, such that
the src/dst addresses directly precede the L4 information.
That will allow to treat the same data within 40x8 key-value
structure as a 16x8 key-value structure starting with 24 byte offset.
Change-Id: Ifea8d266ca0b9c931d44440bf6dc62446c1a83ec
Signed-off-by: Andrew Yourtchenko <ayourtch@gmail.com>
|
|
Fixes clang error: equality comparison with extraneous parentheses
Changing all the #defines to inlines.
Change-Id: I30a931679ac3325b23b249b1ae28c7c8cf54b012
Signed-off-by: Sirshak Das<sirshak.das@arm.com>
|
|
ip4 vxlan cli/api (using flow infra) to create flows and enable them on
different hardware (currently tested with i40e)
to offload a vxlan tunnel onto hw:
set flow-offload vxlan hw TwentyFiveGigabitEthernet3/0/0 rx vxlan_tunnel1
to remove offload:
set flow-offload vxlan hw TwentyFiveGigabitEthernet3/0/0 rx vxlan_tunnel1 del
TODO:ipv6 handling
Change-Id: I70e61f792ef8e3f007d03d7df70e97ea4725b101
Signed-off-by: Eyal Bari <ebari@cisco.com>
|
|
Change-Id: I170d78c8e5f7e16a264c9f226a09693109aece5e
Signed-off-by: Jakub Grajciar <jgrajcia@cisco.com>
|
|
Change-Id: Iee8de25ab3c68ae3698c79852195dc336050914c
Signed-off-by: Ole Troan <ot@cisco.com>
|
|
This patch separates setting of hardware interfaec and software
interface MTU. Software MTU is L2 payload MTU (i.e. not including L2
header). Per-protocol MTU for IPv4, IPv6 and MPLS can also be set.
Currently only IP4, IP6 are enabled in adjacency / rewrite code.
Documentation in src/vnet/MTU.md
Change-Id: Iee2fd6f0bbc8210748dd8e073ab9fab87d323690
Signed-off-by: Ole Troan <ot@cisco.com>
|
|
Change-Id: Idd65c6d0489bf83984a2c34d22d3f94000fc7018
Signed-off-by: Alexander Chernavin <achernavin@netgate.com>
|
|
some IGMP hashse use only a u32 key, which is not stored in the object, so don't use memory based hash
Change-Id: Iaa4eddf568ea0164bc2a812da4cc502f1811b93c
Signed-off-by: Neale Ranns <nranns@cisco.com>
|
|
Change-Id: I85cfab692ae0a72277ae561cdba7dcbc1f60aca3
Signed-off-by: Damjan Marion <damarion@cisco.com>
|
|
Change-Id: I3e07070eed4948e813ad1490963c7f8ef7f4262e
Signed-off-by: Damjan Marion <damarion@cisco.com>
|
|
Change-Id: Iaeb52d94cb6da63ee93af7c1cf2dade6046cba1d
Signed-off-by: Neale Ranns <nranns@cisco.com>
|
|
Change-Id: Iea2c661cb3e0728bb2d10b06791ed84fed00f6a7
Signed-off-by: Hongjun Ni <hongjun.ni@intel.com>
|
|
... introduced with dpdk 18.05 support patch
Change-Id: Idf2283888f81d7652599651c0d65476e451f9343
Signed-off-by: Damjan Marion <damarion@cisco.com>
|
|
Added code to initialize failsafe PMD
This is part of initial effort to enable vpp running over
dpdk on failsafe PMD in Microsoft Azure(4/4).
Change-Id: Ia2469c7087ca4b5c7881dfb11ec5c4fcebaa1d04
Signed-off-by: Rui Cai <rucai@microsoft.com>
|
|
Change-Id: I205932bc727c990011bbbe1dc6c0cf5349d19806
Signed-off-by: Damjan Marion <damarion@cisco.com>
|
|
- Modify the API send_ip6_na and send_ip4_garp to take sw_if_index instead
of vnet_hw_interface_t and add call to build_ethernet_rewrite to support
subinterface/vlan
- Add code to bonding driver to send an event to bond_process when the first
interface becomes active or when the active interface is down
- Create a bond_process to walk the interface and the corresponding
subinterfaces to send garp/ip6_na when an event is received.
- Minor cleanup in bonding/node.c
Note: dpdk bonding driver does not send garp/ip6_na for subinterfaces. There is
no attempt to fix it here. But the infra is now done and should be easy to
add the support.
Change-Id: If3ecc4cd0fb3051330f7fa11ca0dab3e18557ce1
Signed-off-by: Steven <sluong@cisco.com>
|
|
Change-Id: I3ac348a8cb1a515dfe1839eaa084c87719d282e1
Signed-off-by: Andrey "Zed" Zaikin <zed.0xff@gmail.com>
|
|
Added configure argument "--with-log2-cache-line-bytes=5|6|7|auto"
AKA 32, 64, or 128 bytes, or use the inferred value from the build host.
produces build-xxx/vpp/vppinfra/config.h, which .../src/vppinfra/cache.h
Kernels which implement the following pseudo-file (aka x86_64) are
easy: /sys/devices/system/cpu/cpu0/cache/index0/coherency_line_size
Otherwise, extract the cpuid from /proc/cpuinfo and map it to the
cache line size.
Change-Id: I7ff861e042faf82c3901fa1db98864fbdea95b74
Signed-off-by: Dave Barach <dave@barachs.net>
Signed-off-by: Nitin Saxena <nitin.saxena@cavium.com>
|
|
~5 clocks/packet improvement...
Change-Id: I1a78fa24dcd1b3ab7f45e10b9ded50f79517114a
Signed-off-by: Damjan Marion <damarion@cisco.com>
|
|
This is ~50% improvement in buffer alloc performance.
For a 256 buffer allocation, it was ~10 clocks/buffer, now is < 5 clocks.
Change-Id: I97590e240a79a42bcab5eb26587fc2d11e6eb163
Signed-off-by: Damjan Marion <damarion@cisco.com>
|
|
Change-Id: Ib121b24935d5c706cfba6e4b6d321086a38cad91
Signed-off-by: Damjan Marion <damarion@cisco.com>
|
|
- implement a 1us purgatory for the session structures
by adding a special connection list, where all connections
about to be deleted go.
- add per-list-head timeouts updated upon the list enqueue/dequeue
for connection idle management
- add a "unused" session list with list ID#0, which should
never be used unless there is a logic error. Use this ID
to initialize the sessions.
- improve the maintainability of the session linked list
structures by using symbolic bogus index name instead of ~0
- change the ordering of session creations - first reverse, then
local. To minimize the potential for two workers competing for
the same session in the corner case of the two packets
on different workers creating the same logical session
- reduce the maximum session count to keep the memory usage the same
- add extra log/debug/trace to session cleaning logic
- be more aggressive with cleaning up sessions - wind up the
interrupts from the workers to themselves if there is more
work to do
Change-Id: I3aa1c91a925a08e83793467cb15bda178c21e426
Signed-off-by: Andrew Yourtchenko <ayourtch@gmail.com>
|
|
Prior to the change, dpdk plugin assumes xd->device_index is
used both as index for internal dpdk_main->devices array
and DPDK port index to call into DPDK APIs.
However, when running on top of Failsafe PMDs,
DPDK port index range may no longer be contiguous (as noted:
http://dpdk.org/ml/archives/dev/2018-March/092375.html
for related changes in DPDK). Because this, dpdk plugin can
no longer iterate through all available DPDK ports
with a for 0->rte_eth_dev_count() loop and the assumption of
device_index no longer holds.
This is part of initial effort to enable vpp running over
dpdk on failsafe PMD in Microsoft Azure(3/4).
Change-Id: I416fd80f2d40e12e139f8f3492814da98343eae7
Signed-off-by: Rui Cai <rucai@microsoft.com>
|
|
Change-Id: If1ef2d4bc6f90a4d4b6a345c63723117834c6504
Signed-off-by: Ping Yu <ping.yu@intel.com>
|
|
This fixes some compilation warnings with clang on AArch64.
Change-Id: Idb941944e3f199f483c80e143a9e5163a031c4aa
Signed-off-by: Damjan Marion <damarion@cisco.com>
|
|
port_id be used for dpdk port_id
Change-Id: Ia7d8cdc5dec2ad658c11f9c0f3ef8005a470ac3c
Signed-off-by: Damjan Marion <damarion@cisco.com>
|
|
This breaks VFIO operation.
This reverts commit d3b3baa4f8e9e4d95264aff16fe85434ef8061bd.
Change-Id: I2482e0da2d1ebfc365d13668c4b992b040f561b4
Signed-off-by: Damjan Marion <damarion@cisco.com>
|
|
Change-Id: Ibab5e27277f618ceb2d543b9d6a1a5f191e7d1db
Signed-off-by: Damjan Marion <damarion@cisco.com>
|
|
1、Adding PMD type for support Cavium LiquidIO II CN23XX NIC;
2、Our company is using VPP + DPDK +Cavium LiquidIO II CN23XX NIC,
Unfortunately, the latest VPP code does not support
Cavium LiquidIO II CN23XX pci.
So I increased the PMD type to support LiquidIO NIC,
and can run normally, we most subsequent projects are
based on VPP + DPDK + Cavium LiquidIO II CN23XX NIC model,
so I hope VPP team can adopt this requirement, thanks a lot.
Change-Id: I604ae444d69b37c2e26962bfe4ccdfe983b75041
Signed-off-by: chuhong yao <ych@panath.cn>
|
|
- Currently mempool priv size is getting initialized after releasing buffers
to pool. This is causing mismatch in expected & real metadata size value
and buffers are getting released with wrong offset. (when metadata offset
is in use for a given platform)
- Since private data size is 0 initially, metadata size don't include space
for VLIB_BUFFER_HDR.
Change-Id: I780c4d518104631a3dcf192185bacf58b3598e65
Signed-off-by: Sachin Saxena <sachin.saxena@nxp.com>
|
|
Change-Id: I088163f10ae5515d7a9115781cc13ef563fafed5
Signed-off-by: Matus Fabian <matfabia@cisco.com>
|
|
Change-Id: I9343672c5765a5a4cb56c99fa5de176ddcac62c7
Signed-off-by: Andrey "Zed" Zaikin <zed.0xff@gmail.com>
|
|
next nodes
Use the new frame-at-once functions vlib_get_buffers() and vlib_buffer_enqueue_to_next()
to calculate the buffer pointers and to dispatch the packets after the processing.
This simplifies the dataplane node processing loop.
Change-Id: I454308f847aac76a199f8dd7490c1e176414bde7
Signed-off-by: Andrew Yourtchenko <ayourtch@gmail.com>
|
|
- Fix the issue where eal iova mode is Virtual Address (RTE_IOVA_VA) but
setting DMA iova address to Physical address value always.
Change-Id: Ib1e9c1596d95885c7eff11723338121627203e61
Signed-off-by: Sachin Saxena <sachin.saxena@nxp.com>
|
|
clib_bihash_search_40_8 for session lookups
Use inline version rather than calling the function, this gives slightly better performance.
The straighforward diff uncovered an interesting problem: the stateful ACL IPv4 unit tests would fail
for the "make test" but succeed in "make test-debug". Also, they would succeed even in "make test",
if before calling the clib_bihash_search_inline_2_40_8 we would change the code
to store the key in a temporary variable.
Debugging revealed that the generated optimized code is not what one would expect:
the zeroing of the u64s overlaying the memcpy into ipv4 value of ip46_address_t
made the optimizer not notice the latter, and think that those fields should be
always zero in the bihash, thus generating incorrect assembly for the bihash key
comparison for the ipv4 nodes.
Changing the zeroing to be non-overlapping by zeroing only the pad fields resulted
in the optimizer generating the correct code and the tests pass.
Change-Id: Ib0f55cef2b5fe70c931d17ca4dc32a5755d160cd
Signed-off-by: Andrew Yourtchenko <ayourtch@gmail.com>
|
|
the ip4-dhcp-client-detect feature MUST run prior to nat44-out2in, or
inbound dhcp broadcast packets will be dropped. Certain dhcp servers
answer lease renewal dhcp-request packets with broadcast dhcp-acks, leading
to unrecoverable lease loss.
In detail, this constraint:
VNET_FEATURE_INIT (ip4_snat_out2in, static) = {
.arc_name = "ip4-unicast",
.node_name = "nat44-out2in",
.runs_after = VNET_FEATURES ("acl-plugin-in-ip4-fa"),
};
doesn't get the job done:
ip4-unicast:
[17] nat44-out2in
[23] ip4-dhcp-client-detect
[26] ip4-not-enabled
Add a proper constraint:
VNET_FEATURE_INIT (ip4_snat_out2in, static) = {
.arc_name = "ip4-unicast",
.node_name = "nat44-out2in",
.runs_after = VNET_FEATURES ("acl-plugin-in-ip4-fa",
"ip4-dhcp-client-detect"),
};
and the interface feature order is OK, at least in this regard:
ip4-unicast:
[17] ip4-dhcp-client-detect
[18] nat44-out2in
[26] ip4-not-enabled
We need to carefully audit (especially) the ip4-unicast feature arc,
which has [gasp] 37 features on it!
Change-Id: I5e749ead7ab2a25d80839a331de6261e112977ad
Signed-off-by: Dave Barach <dave@barachs.net>
|