aboutsummaryrefslogtreecommitdiffstats
path: root/src/vnet
AgeCommit message (Collapse)AuthorFilesLines
2019-02-23vhoat: potential crash in map_guest_mem using debug imageSteven Luong1-1/+14
map_guest_mem may be called from worker-thread/dataplane. It has a call to vlib_log and may crash inside vlib_log's ASSERT statement /* make sure we are running on the main thread to avoid use in dataplane code, for dataplane logging consider use of event-logger */ ASSERT (vlib_get_thread_index () == 0); The fix is to convert the vlib_log call in map_guest_map to event logger Change-Id: Iaaf6d86782aa8a18d25e0209f22dc31f04668d56 Signed-off-by: Steven Luong <sluong@cisco.com>
2019-02-23session: separate local session logicFlorin Coras10-529/+607
Move local session to separate header and source files. First step to refactoring local sessions. Change-Id: I280fdfef20ba8a0977d15c1c8ce030ea2fb72dde Signed-off-by: Florin Coras <fcoras@cisco.com>
2019-02-22tcp: keep snd sack block free listFlorin Coras3-2/+7
Instead of constantly reallocating the new sack block list, keep the old one as a reusable free list. Change-Id: Iad79a72204f97b96352c1c6eea66c2839a35cfe6 Signed-off-by: Florin Coras <fcoras@cisco.com>
2019-02-22IPSEC: header exportsNeale Ranns8-1/+10
Change-Id: I7d48a4e236c6e7b11b0c9750a30fb68e829d64a5 Signed-off-by: Neale Ranns <nranns@cisco.com>
2019-02-22Callback functions must have the correct signatureNeale Ranns3-4/+8
Change-Id: I642823bdc3c7006a0b719ec1e3a9cd75b2b37253 Signed-off-by: Neale Ranns <nranns@cisco.com>
2019-02-22tcp: send enough dupacks to cover all sack holesFlorin Coras4-14/+37
Make sure we send enough dupacks to cover all the holes created in the last frame received. Also make sure we send all the blocks, not just the first. Change-Id: I9597a34ac14473d1cc3ad07d65bc37043e3d0582 Signed-off-by: Florin Coras <fcoras@cisco.com>
2019-02-22session/vcl: fix coverity warningsFlorin Coras1-1/+1
Change-Id: I9b0e6d65255e516cf5bf18757d4769176ef76e92 Signed-off-by: Florin Coras <fcoras@cisco.com>
2019-02-22tapv2: coverity strikes backSteven Luong1-5/+4
while https://gerrit.fd.io/r/#/c/16590/ fixed the leaked fd which coverity reported at that time, new coverity run reports simailar leaked fd in a different goto punt path. It would be nice if coverity reported both of them at the same time. Or perhaps it did and I just missed it. Anyway, the new fix is to put the close (fd) statement prior to the return of tap_create_if routine which should catch all goto's. Change-Id: I0a51ed3710e32d5d74c9cd9b5066a667153e2f9d Signed-off-by: Steven Luong <sluong@cisco.com>
2019-02-22Add no-append flag to vlib_frame_tDamjan Marion2-0/+2
Change-Id: I01c4f5755d579282773ac227b0bc24f8ddbb2bd1 Signed-off-by: Damjan Marion <damarion@cisco.com>
2019-02-21vhost: VPP stalls with vhost performing control plane actionsSteven Luong3-214/+259
Symptom ------- With NDR traffic blasting at VPP, bringing up a new VM with vhost connection to VPP causes packet drops. I am able to recreate this problem easily using a simple setup like this. TREX-------------- switch ---- VPP |---------------| |-------| Cause ----- The reason for the packet drops is due to vhost holding onto the worker barrier lock for too long in vhost_user_socket_read(). There are quite a few of system calls inside the routine. At the end of the routine, it unconditionally calls vhost_user_update_iface_state() for all message types. vhost_user_update_iface_state() also unconditionally calls vhost_user_rx_thread_placement() and vhost_user_tx_thread_placement(). vhost_user_rx_thread_placement scraps out all existing cpu/queue mappings for the interface and creates brand new cpu/queue mappings for the interface. This process is very disruptive and very expensive. In my opinion, this area of code needs a makeover. Fixes ----- * vhost_user_socket_read() is rewritten that it should not hold onto the worker barrier lock for system calls, or at least minimize the need for doing it. * Remove the call to vhost_user_update_iface_state as a default route at the end of vhost_user_socket_read(). There is only a couple of message types which really need to call vhost_user_update_iface_state(). We put the call to those message types which need it. * Remove vhost_user_rx_thread_placement() and vhost_user_tx_thread_placement from vhost_user_update_iface_state(). There is no need to repetatively change the cpu/queue mappings. * vhost_user_rx_thread_placement() is actually quite expensive. It should be called only once per queue for the interface. There is no need to scrap the existing cpu/queue mappings and create new cpu/queue mappings when the additional queues becomes active/enable. * Change to create the cpu/queue mappings for the first RX when the interface is created. Dont remove the cpu/queue mapping when the interface is disconnected. Remove the cpu/queue mapping only when the interface is deleted. The create vhost user interface CLI also has some very expensive system calls if the command is entered with the optional keyword "server" As a bonus, This patch makes the create vhost user interface binary-api and CLI thread safe. Do the protection for the small amount of code which is thread unsafe. Change-Id: I4a19cbf7e9cc37ea01286169882e5603e6d7eb77 Signed-off-by: Steven Luong <sluong@cisco.com>
2019-02-21Revert "bond: problem switching from l2 to l3"Peter Mikus1-11/+0
During CSIT testing we discovered that LACP tests were failing and producing coredumps. Reverting this patch fix the problem with VPP crashing. This reverts commit f23890138e02d4218c828c427f687f8ecdb0e165. Change-Id: Icf97053ce1473350add885cbebe591f7f3efcbea Signed-off-by: Peter Mikus <pmikus@cisco.com>
2019-02-21vcl/session: send unlisten over message queueFlorin Coras3-2/+39
Change-Id: I68cd6c0e6be3e8088792df3885ae190bb00462b0 Signed-off-by: Florin Coras <fcoras@cisco.com>
2019-02-21tcp: drop outstanding data when entering closing stateFlorin Coras4-7/+16
Change-Id: I92a009b9630b0d882ea3c5c99aad88ed6f5109a0 Signed-off-by: Florin Coras <fcoras@cisco.com>
2019-02-20pg: fix payload hex-string bugKingwel Xie1-6/+8
Change-Id: I0ea98bf9c203398d9cf85d22994a10217bb511d2 Signed-off-by: Kingwel Xie <kingwel.xie@ericsson.com>
2019-02-20pg: fix tracing when device-input feature arc is usedDamjan Marion1-6/+4
Change-Id: I82240b43d3a5f3f33ac9ab2de106b3ec0ea31780 Signed-off-by: Damjan Marion <damarion@cisco.com>
2019-02-20pg: fix crash when multiple streams are enqueuing to the same nextDamjan Marion1-1/+1
Only with debug image and when next node is not ethernet-input... Change-Id: Iaa404b5d35d5c04996ff48cd16877858092b78d7 Signed-off-by: Damjan Marion <damarion@cisco.com>
2019-02-20pg: remove no-recycle optionDamjan Marion2-6/+0
Change-Id: Ic47bde2d08b2719b5c6c87cb2e9a8af0d2160e6e Signed-off-by: Damjan Marion <damarion@cisco.com>
2019-02-20session: fix local sessions disconnectsFlorin Coras2-22/+21
Change-Id: Ib4ca472aa2413ced7f82d87e4fee65ca86ab1f2b Signed-off-by: Florin Coras <fcoras@cisco.com>
2019-02-20tls: add vcl testFlorin Coras3-7/+7
Change-Id: If4c7efaf6506a827e7a95a56c2f6b6060df03fa1 Signed-off-by: Florin Coras <fcoras@cisco.com>
2019-02-20IPSEC: API coverity error of unitialised stat_index valueNeale Ranns1-0/+2
Change-Id: If884a3840f34090e33ce7808d38e50f919290d9f Signed-off-by: Neale Ranns <nranns@cisco.com>
2019-02-20IPSEC-GRE: no clib_warning in the DPNeale Ranns1-3/+0
Change-Id: If30c7334de55d32e57554cf1601c529cd807b834 Signed-off-by: Neale Ranns <nranns@cisco.com>
2019-02-19reassembly: handle ip6 atomic fragmentsKlement Sekera1-6/+3
Change-Id: Ide3425f144fb17201dcde7ba89f39e460048100d Signed-off-by: Klement Sekera <ksekera@cisco.com>
2019-02-19reassembly: fix buffer usage counterKlement Sekera1-5/+7
Change-Id: I713904f8eb2f724cb08dba494c160c14cc8b24a1 Signed-off-by: Klement Sekera <ksekera@cisco.com>
2019-02-19VPP-1568:when entry src cover change, recursive-loop fib still can not work.mu.duojiao1-0/+9
Change-Id: I90762b59f94175f278380c95776471a30bc94d34 Signed-off-by: mu.duojiao <mu.duojiao@zte.com.cn>
2019-02-19tap gso: experimental supportAndrew Yourtchenko14-59/+786
This commit adds a "gso" parameter to existing "create tap..." CLI, and a "no-gso" parameter for the compatibility with the future, when/if defaults change. It makes use of the lowest bit of the "tap_flags" field in the API call in order to allow creation of GSO interfaces via API as well. It does the necessary syscalls to enable the GSO and checksum offload support on the kernel side and sets two flags on the interface: virtio-specific virtio_if_t.gso_enabled, and vnet_hw_interface_t.flags & VNET_HW_INTERFACE_FLAG_SUPPORTS_GSO. The first one, if enabled, triggers the marking of the GSO-encapsulated packets on ingress with VNET_BUFFER_F_GSO flag, and setting vnet_buffer2(b)->gso_size to the desired L4 payload size. VNET_HW_INTERFACE_FLAG_SUPPORTS_GSO determines the egress packet processing in interface-output for such packets: When the flag is set, they are sent out almost as usual (just taking care to set the vnet header for virtio). When the flag is not enabled (the case for most interfaces), the egress path performs the re-segmentation such that the L4 payload of the transmitted packets equals gso_size. The operations in the datapath are enabled only when there is at least one GSO-compatible interface in the system - this is done by tracking the count in interface_main.gso_interface_count. This way the impact of conditional checks for the setups that do not use GSO is minimized. "show tap" CLI shows the state of the GSO flag on the interface, and the total count of GSO-enabled interfaces (which is used to enable the GSO-related processing in the packet path). This commit lacks IPv6 extension header traversal support of any kind - the L4 payload is assumed to follow the IPv6 header. Also it performs the offloads only for TCP (TSO - TCP segmentation offload). The UDP fragmentation offload (UFO) is not part of it. For debug purposes it also adds the debug CLI: "set tap gso {<interface> | sw_if_index <sw_idx>} <enable|disable>" Change-Id: Ifd562db89adcc2208094b3d1032cee8c307aaef9 Signed-off-by: Andrew Yourtchenko <ayourtch@gmail.com>
2019-02-19VPP-1573 fix crash in ip6 reassemblyKlement Sekera1-1/+1
Change-Id: I3a3076c7d87446b5ec2a02e70d3b6d05f1875875 Signed-off-by: Klement Sekera <ksekera@cisco.com>
2019-02-19ip6-local: fix uninitialized variable errorDamjan Marion1-1/+1
Change-Id: I245a8cc8f237242efadcf10d47b76222a6497e89 Signed-off-by: Damjan Marion <damarion@cisco.com>
2019-02-18tls: fix openssl/mbedtls use of app_wrk indexFlorin Coras2-15/+15
Change-Id: I7ccc948357d815a1bd4279a7079cf4db2949183c Signed-off-by: Florin Coras <fcoras@cisco.com>
2019-02-18session: move fifo allocation logic to app workerFlorin Coras8-175/+158
Change-Id: I1662ec4b5503cb64a8a86a2441842311d959b3a6 Signed-off-by: Florin Coras <fcoras@cisco.com>
2019-02-18tcp: harden for high scale scenariosFlorin Coras9-35/+82
- Better handle buffer starvation scenarios - Handle case when both peers enter recovery due to packet loss. - Fix passive open establish cleanup Change-Id: I2f28baa2ff0383bb8f5f6d2452b49aa38ce69bce Signed-off-by: Florin Coras <fcoras@cisco.com>
2019-02-18DHCP: trace flags copied from old to new not vice-versaNeale Ranns2-2/+2
Change-Id: I6c13af7e97753da013cdd5b212302d008cbd616d Signed-off-by: Neale Ranns <nranns@cisco.com>
2019-02-18Explicit dual-loop in ip6-localBenoît Ganne1-72/+134
Makes ip6-local node dual-loop explicit. This is only a style change. Change-Id: Ic8e7cecb3f51e98b8a069b501f5c338156934a6d Signed-off-by: Benoît Ganne <bganne@cisco.com>
2019-02-18IPSEC: move SA counters into the stats segmentNeale Ranns11-18/+66
1) stats are accessed via the stat segment which is more condusive to monitoring 2) stats are accurate in the presence of multiple threads. There's no guarantee that an SA is access from only one worker. Change-Id: Id5e217ea253ddfc9480aaedb0d008dea031b1148 Signed-off-by: Neale Ranns <nranns@cisco.com>
2019-02-18tcp: fix handling of retransmitted synsFlorin Coras2-16/+26
Change-Id: I88fdeb0ca56d3a5d9c0f36def13c6de8142f59f0 Signed-off-by: Florin Coras <fcoras@cisco.com>
2019-02-15Optimize ip6-localBenoît Ganne1-246/+187
Optimize IPv6 ip6-local node by rewriting the dual/single loop with prefetch and simpler unrolling. My local, unrepresentative tests for GRE4 termination over IPv6 show a performance improvement of ~40% for ip6-local node alone and ~5% globally. Change-Id: I11e1e86d3838dd3c081aa6be5e25dae16ed6e2d8 Signed-off-by: Benoît Ganne <bganne@cisco.com>
2019-02-15Fix connexion segfault in session api affecting tcp_echoNathan Skrzypczak1-1/+2
Change-Id: If6d45f7f6e6dab70eecd6ec7241126968a34ad6b Signed-off-by: Nathan Skrzypczak <nathan.skrzypczak@gmail.com>
2019-02-15FIB: pass a copy the walk contextNeale Ranns1-1/+3
since it can realloc when new ctx are added. If not we can get some nasty memory corruption. Change-Id: I617709c3013acbcb8aee07dc147894f0de896555 Signed-off-by: Neale Ranns <nranns@cisco.com>
2019-02-14ipsec: memory leak fixupKingwel Xie1-1/+4
Change-Id: Ib2ad196bec1005d6678589d5b5c199b8a541c720 Signed-off-by: Kingwel Xie <kingwel.xie@ericsson.com>
2019-02-14Add -fno-common compile optionBenoît Ganne21-16/+28
-fno-common makes sure we do not have multiple declarations of the same global symbol across compilation units. It helps debug nasty linkage bugs by guaranteeing that all reference to a global symbol use the same underlying object. It also helps avoiding benign mistakes such as declaring enum as global objects instead of types in headers (hence the minor fixes scattered across the source). Change-Id: I55c16406dc54ff8a6860238b90ca990fa6b179f1 Signed-off-by: Benoît Ganne <bganne@cisco.com>
2019-02-13ip6: convert code to new multiarchDamjan Marion3-97/+87
Change-Id: Idd09b5d0597336e4f2028113cae76c94fd1c5427 Signed-off-by: Damjan Marion <damarion@cisco.com>
2019-02-13IPSEC: restack SAs on backend changeNeale Ranns3-13/+42
Change-Id: I5852ca02d684fa9d59e1690efcaca06371c5faff Signed-off-by: Neale Ranns <nranns@cisco.com>
2019-02-12ipsec: cli bug fixKingwel Xie1-6/+23
1. unformat_ip46_address must have ip-type specified 2. cannot unformat ip46_address_t with unformat_ip4_address Change-Id: I5f1eecfe71a808302428afb39f910ebf0c7cef71 Signed-off-by: Kingwel Xie <kingwel.xie@ericsson.com>
2019-02-11IPSEC-tun: The tunnel DB uses the network order SPI to save the byte swap in ↵Neale Ranns2-8/+11
the DP Change-Id: I78a1c39682d5afd356a3cfe70097fc682e8cb938 Signed-off-by: Neale Ranns <nranns@cisco.com>
2019-02-11session: add config for evt qs segment sizeFlorin Coras2-3/+6
Change-Id: I286d0d53a9ef2d6e28cd301eae25fc119d491f22 Signed-off-by: Florin Coras <fcoras@cisco.com>
2019-02-11session: cleanup application interfaceFlorin Coras15-653/+561
Change-Id: I89d240753b3f3c5e984aa303a7c8fa35fa59bf7f Signed-off-by: Florin Coras <fcoras@cisco.com>
2019-02-11ipsec: multi-arch, next-node-index cleanupKingwel Xie5-27/+55
1. specify ipsec_xxx_node.c in MULTIARCH_SOURCES 2. cleanup foreach_ipsec_output_next & foreach_ipsec_input_next, as next-nodes are actually added by ipsec_register_xx_backend dynamically thus, ipsec4-input-feature will point to ah4/esp4-encrypt, instead of pointing to ah6/esp6-encrypt 3. remove an unused count and add counter IPSEC_INPUT_ERROR_RX_MATCH_PKTS in ipsec-input Change-Id: Ifcf167812d2cc18187c2cea84b657a52b67e17d4 Signed-off-by: Kingwel Xie <kingwel.xie@ericsson.com>
2019-02-09buffers: fix typoDamjan Marion16-22/+21
Change-Id: I4e836244409c98739a13092ee252542a2c5fe259 Signed-off-by: Damjan Marion <damarion@cisco.com>
2019-02-09tls: move test certificates to separate header fileFlorin Coras8-76/+102
Change-Id: I543cb78e268d7a4a7fba590d305351ec79f4e4da Signed-off-by: Florin Coras <fcoras@cisco.com>
2019-02-09session: refactor listen logicFlorin Coras17-645/+598
Make app-listener the handle for app listens. Consequently transport and local listen sessions are now associated to the app-listener. Change-Id: I9397a26d42cccb100970b6b4794c15bac2e11465 Signed-off-by: Florin Coras <fcoras@cisco.com>
2019-02-07tcp: fix fib_index for v6 ll packetsFlorin Coras1-0/+7
Change-Id: Ie69bdb9860d61f2c599c0c80b0ea80dfdfe178bd Signed-off-by: Florin Coras <fcoras@cisco.com>