Age | Commit message (Collapse) | Author | Files | Lines |
|
Type: fix
When a VR is added, multicast accept routes are added which allow
inbound packets sent to the VRRP group address on the interface of the
VR so advertisements from peers can be received. If this is the first
VR added, also add a local forward route for the VRRP group address so
the packets will be processed by the VRRP input nodes.
When deciding whether to add/delete the local forward route, the total
number of VRs configured was being checked. If there are no VRs
configured initially and a VR is added for IPv4, this check would
correctly see that this was the first VR and add an IPv4 route. If an
IPv6 VR was configured subsequently, this check would find that a VR
was already configured and incorrectly decide that no route needed to
be added and IPv6 VRRP advertisements from peers would be dropped
as a result. The opposite would occur if you first added an IPv6 VR
followed by adding an IPv4 VR - whichever address family was added
first would work correctly and the other one would not work.
Since a route is needed for each address family, check on the per
address family count of VRs when deciding whether to add/delete the
local forward route instead of checking on the global count of VRs.
Change-Id: I851a7ef8a4f9e4e370d08b0832284a13387eb083
Signed-off-by: Matthew Smith <mgsmith@netgate.com>
|
|
Custom ACL-plugin heap was useful in early stages,
but it interferes with other infra optimizations.
Remove it and use global heap.
Change-Id: I2300548f1d1798dec27bc5a2a41cf37f9fcda95d
Type: improvement
Signed-off-by: Andrew Yourtchenko <ayourtch@gmail.com>
|
|
Type: improvement
Change-Id: Iab623a2e11bd5787f4cae549143f49888e0dd9c4
Signed-off-by: Damjan Marion <damarion@cisco.com>
|
|
Type: improvement
Change-Id: I381fc3dec8580208d0e24637d791af69011aa83b
Signed-off-by: Damjan Marion <damarion@cisco.com>
|
|
Type: fix
Signed-off-by: Steven Luong <sluong@cisco.com>
Change-Id: Ica4601c9d17e182cbc348989a9f75ab1cb18b78a
|
|
outbound:
wrong header len computation
gso size and header length need to be set in the first segment of the
chain
inbound:
EOP may have zero length descriptor to terminate the chain
missing endian conversion for ethertype
Type: fix
Signed-off-by: Steven Luong <sluong@cisco.com>
Change-Id: Iaa003c0e9af3ead4df6c6c0d5772a179d2ff15c4
|
|
The syntax of the deprecated flag has evolved.
Clean up usage to be "option deprecated;".
Type: fix
Signed-off-by: Ole Troan <ot@cisco.com>
Change-Id: If2b639f275eb8db58b36c457f9245fe35a4d8cb1
|
|
Type: feature
Ticket: VPP-1861
Signed-off-by: jan_cavojsky <Jan.Cavojsky@pantheon.tech>
Change-Id: Iaeff13b19a712257223a4e77893cfd9398c18327
|
|
Type: fix
Signed-off-by: Neale Ranns <nranns@cisco.com>
Change-Id: I7f98d0c7847ecc40b90b78e5ae83f320575be310
|
|
Type: fix
Change-Id: Id61aa407eeeb4d44cf47ed39283a0c79ed3abbee
Signed-off-by: Damjan Marion <damarion@cisco.com>
|
|
Type: fix
Signed-off-by: Neale Ranns <nranns@cisco.com>
Change-Id: Ib1eabbc87a573c660ac251602d631f167928259b
|
|
Type: fix
Signed-off-by: Neale Ranns <nranns@cisco.com>
Change-Id: Icc1c458474d357c7d9b3b4df1897500de0c314a1
|
|
The dslite plugin would on plugin load initialize large bihash datastructures.
Postpone until configured.
Type: improvement
Change-Id: Ie790ab8c5fc39fac18153acd54dcd051805e763a
Signed-off-by: Ole Troan <ot@cisco.com>
|
|
Type: fix
Change-Id: If44c807d188b3e88d819f4132d73e6a34402a525
Signed-off-by: Filip Tehlar <ftehlar@cisco.com>
|
|
Type: fix
add UT for sneding handshale init and transport packets
Signed-off-by: Neale Ranns <nranns@cisco.com>
Change-Id: Iab1ed8864c666d5a0ae0b2364a9ca4de3c8770dc
|
|
Type: fix
Change-Id: I4c19636c2be8a577c6cba272708cb04bcc24785b
Signed-off-by: Nathan Skrzypczak <nathan.skrzypczak@gmail.com>
|
|
Type: fix
Signed-off-by: Chenmin Sun <chenmin.sun@intel.com>
Change-Id: Ie328834159687cdb4314c37d36697f2fb9081fbd
|
|
Type: improvement
Change-Id: Ib64c9b8207776986656e5a26c13a221edc6cc950
Signed-off-by: Damjan Marion <damarion@cisco.com>
|
|
Avoid situations where promisc mode is chaged while avf process
is suspended in the middle of adminq operation.
Type: fix
Change-Id: Ia1fc6551e83218b5938630ad3a15d4f3f0ceceff
Signed-off-by: Damjan Marion <damarion@cisco.com>
|
|
Multiple (> 1) workers leads to handoff node being enabled.
This node pops next feature index to nat.arc_next to make sure
that packet will be pushed to the next feature in the arc.
But node nat44-ed-in2out-output also pops next feature and changes
arc_next. So actual next feature will be skipped in that case.
It leads to all nat44-ed-in2out packets being dropped if we have
multiple workers (handoff node enabled).
To resolve this a new node was added (nat-pre-in2out-output) to fill
arc_next in single worker case and multiple worker case is already
handled by handoff node.
Type: fix
Signed-off-by: Vladimir Isaev <visaev@netgate.com>
Change-Id: I9dfba68f00164d2d5ab867224871811bef4411ed
|
|
device pool my grow during suspemd which will cause crash in avf process
after it exits from suspend.
Type: fix
Change-Id: I51fec90088c909cfbaaca6c245272a28c0827ca0
Signed-off-by: Damjan Marion <damarion@cisco.com>
|
|
Type: fix
Change-Id: Icf6ce0ddb5fe9d078503e9d9ff7e7b26423f53f8
Signed-off-by: Filip Varga <fivarga@cisco.com>
|
|
It may happen that process node is suspended while it waits for response
from adminq and during that time CLI or API process can call
avf_delete_if. When avf process node resumes, it may happen that device
is not there anymeore.
This patch delegates interface deletion to process node, so CLI/API
process just sends signal instead of deleting device instance itself.
Type: fix
Change-Id: I7f12e12df3071650f6e60ad7eb5af23b7acfe335
Signed-off-by: Damjan Marion <damarion@cisco.com>
|
|
- make sure everything is freed on cleanup
- reuse already allocated vectors where possible
Type: fix
Change-Id: Ibd8da1edb37126522dc2d525596521d32dceb73a
Signed-off-by: Benoît Ganne <bganne@cisco.com>
|
|
Type: fix
Signed-off-by: Aloys Augustin <aloaugus@cisco.com>
Change-Id: Ic51ba3450b3d0722ebff4280127f526b5a9934b1
|
|
Type: fix
Change-Id: I96e8c5c9c792b1d9aefd39ce3e240d220827b7d1
Signed-off-by: Artem Glazychev <artem.glazychev@xored.com>
|
|
Type: docs
Change-Id: If8602d4b73cc1f04e42d19b8df60a05f67aa90c9
Signed-off-by: Mohammed Hawari <mohammed@hawari.fr>
|
|
Type: feature
The main information about plugin you can see in README.md
vpp# wireguard ?
wireguard create wireguard create listen-port <port> private-key <key> src <IP> [generate-key]
wireguard delete wireguard delete <interface>
wireguard peer add wireguard peer add <wg_int> public-key <pub_key_other>endpoint <ip4_dst> allowed-ip <prefix>dst-port [port_dst] persistent-keepalive [keepalive_interval]
wireguard peer remove wireguard peer remove <index>
Change-Id: I85eb0bfc033ccfb2045696398d8a108b1c64b8d9
Signed-off-by: Artem Glazychev <artem.glazychev@xored.com>
Signed-off-by: Damjan Marion <damarion@cisco.com>
Signed-off-by: Jim Thompson <jim@netgate.com>
Signed-off-by: Neale Ranns <nranns@cisco.com>
Signed-off-by: Damjan Marion <damarion@cisco.com>
|
|
Type: feature
This patch updateds cryptodev engine uses new DPDK Cryptodev
API planned to be upstreamed in DPDK 20.11.
Signed-off-by: Fan Zhang <roy.fan.zhang@intel.com>
Signed-off-by: Piotr Bronowski <piotrX.bronowski@intel.com>
Change-Id: I8dd1a8ac643f1e952deb787e466b76ea7aa5f420
|
|
This patch adds the RSS steering queues set interface, and it's
implementation in DPDK device:
/* Interface to set rss queues of the interface */
typedef clib_error_t *(vnet_interface_rss_queues_set_t)
(struct vnet_main_t * vnm, struct vnet_hw_interface_t * hi,
clib_bitmap_t *bitmap);
This patch also introduces a command line to set the RSS queues:
set interface rss queues <interface> <list <queue-list>>
To display the rss queues, use "show hardware-interfaces"
Below is the example to configure rss queues for interface Gig0:
vpp# set interface rss queues Gig0 list 0,2,4-7
vpp# show hardware-interfaces brief
Name Idx Link Hardware
VirtualFunctionEthernet18/1/0 1 down VirtualFunctionEthernet18/1/0
Link speed: unknown
RSS queues: 0 2 4 5 6 7
local0 0 down local0
Link speed: unknown
vpp#
Users can also configure the rss queues on a dpdk interface in
startup.conf:
dpdk {
dev 0000:18:01.0 {
rss-queues 0,2,5-7
}
}
Type: feature
Signed-off-by: Chenmin Sun <chenmin.sun@intel.com>
Change-Id: I1835595a1c54016a84eabee9fd62ce137935385d
|
|
Type: fix
Signed-off-by: Ryujiro Shibuya <ryujiro.shibuya@owmobility.com>
Change-Id: If5a8313262da828616db8b1d9ef831d42b11d952
|
|
Type: fix
Signed-off-by: Christian Hopps <chopps@labn.net>
Change-Id: I4dee2ea723631e1bd95b33a74b9431d984565aef
|
|
- These were displaying blank, apparently dpdk extended stat strings
must be within the heap so they are identified as vectors by
format_c_identifier even though they are not.
Type: fix
Change-Id: I2b153b100203b9856ce3af6d5ecb2daae410fb5b
Signed-off-by: Christian Hopps <chopps@labn.net>
|
|
Was seeing imissed counter become negative. Reuse the RX_ERROR code for all
three error counters to avoid the problem.
Type: fix
Change-Id: I99a69c8816326682745785ecd30e18a131ac2969
Signed-off-by: Christian Hopps <chopps@labn.net>
|
|
Type: fix
- Document that ooo dequeues with ooo lookups cannot be done in
combination with in order dequeues.
- Added assert to capture this scenario and de-initialized rbtrees for
cut-through tx fifo
Signed-off-by: Florin Coras <fcoras@cisco.com>
Change-Id: Ic40d020b3f0391fcf022ea3c906b86121744144f
|
|
Add the ability to configure the pp2 rx and tx queue sizes in the CLI.
Type: improvement
Signed-off-by: Christian E. Hopps <chopps@chopps.org>
Change-Id: I6a824f92e22fa47fec3d84525cc2d82524ddf639
|
|
Type: docs
Change-Id: Ib985ed6a644ae3f4c330bf6a27dc69c49a489a2f
Signed-off-by: Nathan Skrzypczak <nathan.skrzypczak@gmail.com>
|
|
Otherwise, the debug CLI command is unusable in a script because it
will eat (and complain about) subsequent lines in the script. Missing
this guitar lick, etc:
/* Get a line of input. */
if (!unformat_user (input, unformat_line_input, line_input))
return 0;
Type: fix
Signed-off-by: Dave Barach <dave@barachs.net>
Change-Id: Id328e6f1cc4d2e1672c3946db3865ab5a1a3af8d
|
|
Type: fix
Change-Id: I9e102e0028274cc084e59c106d1cd4be174b1205
Signed-off-by: MathiasRaoul <mathias.raoul@gmail.com>
|
|
Type: fix
The ARP/ND feature nodes reply to requests for a VR virtual IP address
when a VR is in the master state. If the VR is in the backup state, the
request is passed to the next node on the feature arc.
This can cause an incorrect response to be sent. If some other feature
(e.g. NAT) causes a virtual IP address to be configured as a "local"
address on the system, a later node on the feature arc may respond to
an ARP/ND request with the real MAC address of the interface.
RFC 5798 says that a router must respond to ARP/ND requests for VR
virtual IP addresses with the VR virtual MAC address. And it says a
router must not respond to ARP/ND requests for VR virtual IP addresses
when the VR is in the backup state. Ensure that ARP/ND requests for
VR virtual IP addresses are dropped when in the backup state rather
than allowing them to continue on the feature arc where another node
may end up responding.
In order to do this, enable/disable the feature nodes when leaving
or entering the init state instead of the master state.
Change-Id: I416f83e125cbf91deb90c3b6eb00ba3207de24ad
Signed-off-by: Matthew Smith <mgsmith@netgate.com>
|
|
Use VLIB_MAIN_LOOP_ENTER_FUNCTION to do post init initialization for
dpdk crypto rather than create a one-time process to do the same.
Type: fix
Signed-off-by: Christian Hopps <chopps@labn.net>
Change-Id: I06e480b028c8e1fc1b0024a66b2338eb21a797ca
|
|
Fix the shown crypto inflight counts which were reversed. Also improve a
couple error descriptions to tell them apart when viewed.
Type: fix
Signed-off-by: Christian Hopps <chopps@labn.net>
Change-Id: I6d4054c64aa842658cfcde8969c7aa48f6d21207
|
|
This patch aims to improve decap performance by reducing expensive
hash_get callings as less as possible using AVX512 on XEON.
e.g. vxlan, vxlan_gpe, geneve, gtpu.
For the existing code, if vtep4 of the current packet match the last
vtep4_key_t well, expensive hash computation can be avoided and the
code returns directly.
This patch improves tunnel decap multiple flows case greatly by
leveraging 512bit vector register on XEON accommodating 8 vtep4_keys.
It enhances the possiblity of avoiding unnecessary hash computing
once hash key of the current packet hits any one of 8 in the 512bit
cache.
The oldest element in vtep4_cache_t is updated in round-robin order.
vlib_get_buffers is also leveraged in the meanwhile.
Type: improvement
Signed-off-by: Zhiyong Yang <zhiyong.yang@intel.com>
Signed-off-by: Ray Kinsella <mdr@ashroe.eu>
Signed-off-by: Junfeng Wang <drenfong.wang@intel.com>
Change-Id: I313103202bd76f2dd638cd942554721b37ddad60
|
|
Type: feature
This adds api calls for the following CLIs:
* set sw_scheuduler worker <N> crypto on|off
* set crypto async dispatch polling|interrupt
* set crypto handler
* set crypto async handler
Change-Id: Ic701d149c440e42ea4575da42b9f69e4c8759602
Signed-off-by: Nathan Skrzypczak <nathan.skrzypczak@gmail.com>
|
|
Type: feature
This patch adds new sw_scheduler async crypto engine.
The engine transforms async frames info sync crypto ops and
delegates them to active sync engines. With the patch it
is possible to increase the single worker crypto throughput
by offloading the crypto workload to multiple workers.
By default all workers in the system will attend the crypto
workload processing. However a worker's available cycles
are limited. To avail more cycles to one worker to process
other workload (e.g. the worker core that handles the RX/TX
and IPSec stack processing), a useful cli command is added
to remove itself (or add it back later) from the heavy
crypto workload but only let other workers to process the
crypto. The command is:
- set sw_scheduler worker <idx> crypto <on|off>
It also adds new interrupt mode to async crypto dispatch node.
This mode signals the node when new frames are enqueued
as opposed to polling mode that continuously calls dispatch node.
New cli commands:
- set crypto async dispatch [polling|interrupt]
- show crypto async status (displays mode and nodes' states)
Signed-off-by: PiotrX Kleski <piotrx.kleski@intel.com>
Signed-off-by: DariuszX Kazimierski <dariuszx.kazimierski@intel.com>
Reviewed-by: Fan Zhang <roy.fan.zhang@intel.com>
Change-Id: I332655f347bb9e3bc9c64166e86e393e911bdb39
|
|
Let twice-nat static mapping pick specific
address from the twice-nat pool.
Type: improvement
Change-Id: Iadaa036af2fa3b0e6e9a68ff6e68b4bbe1650eb1
Signed-off-by: Filip Varga <fivarga@cisco.com>
|
|
Type: feature
Signed-off-by: Artem Glazychev <artem.glazychev@xored.com>
Change-Id: Iec28fb11b6edff1bee23117f56aa3a3e5729541a
Signed-off-by: Damjan Marion <damarion@cisco.com>
|
|
Change-Id: I4930c3c2a8025ec9ceb17e994137be67d88d455f
Type: fix
Signed-off-by: Aloys Augustin <aloaugus@cisco.com>
|
|
In one's complement, there are two representations of zero: the all
zero and the all one bit values, often referred to as +0 and -0. See
RFC 1624 section 3 for more details.
This used to be taken care of in ip4_header_checksum(), but it is no
longer the case. The check ip->checksum == ip4_header_checksum (ip) is
no longer correct in the -0 case.
Always use ip4_header_checksum_is_valid() instead (which behaves
correctly since 9a79a1ab931c3b5a7ae07d6f0fcfef7c4368a2c4).
Type: fix
Fixes: e5f0050c7a5d411f96af6401797529d58825e2af
Change-Id: Iacc6b60645a834287b085aecb9e3fdb4554cf0cf
Signed-off-by: Benoît Ganne <bganne@cisco.com>
|
|
Type: fix
Signed-off-by: jiangxiaoming <jiangxiaoming@outlook.com>
Change-Id: I87c6f423ea8fdd9fb764693055eb1509f994d6f1
|