| Age | Commit message (Collapse) | Author | Files | Lines |
|---|
|
Change GRE tunnel to use the interface type where the same encap
node is used as output node for all GRE tunnels, instead of having
dedicated output and tx node for each tunnel. This allows for more
efficient tunnel creation and deletion at scale tested at 1000's
of GRE tunnels.
Add support for ERSPAN encap as another tunnel type, in addition
to the existing L3 and TEB types. The GRE ERSPAN encap supported
is type 2 thus GRE encap need to include sequence number and GRE-
ERSPAN tunnel can be created with user secified ERSPAN session ID.
The GRE tunnel lookup hash key is updated to inclue tunnel type
and session ID, in addition to SIP/DIP and FIB index.
Thus, GRE-ERSPAN tunnel can be created, with the appropriate
session ID, to be used as output interface for SPAN config to
send mirrored packets.
Change interface naming so that all GRE tunnels, irrespective of
tunnel type, uses "greN" where N is the instance number. Removed
interface reuse on tunnel creation and deletion to enable unfied
tunnel interface name.
Add support of user specified instance on GRE tunnel creation.
Thus, N in the "greN" interface name can optionally be specified
by user via CLI/API.
Optimize GRE tunnel encap DPO stacking to bypass load-balance DPO
node since packet output on GRE tunnel always belong to the same
flow after 5-tupple hash.
Change-Id: Ifa83915744a1a88045c998604777cc3583f4da52
Signed-off-by: John Lo <loj@cisco.com>
|
|
Change-Id: I7f5a3b8d92ef07d60315bab6e560eba49ea07249
Signed-off-by: Florin Coras <fcoras@cisco.com>
|
|
The issue observed in the output-node was actually
caused by one of the input-node pushing buffers to
the output node when not required. That is the case
with the parsing/handling of incoming packets like
the COOKIE_ACK, HEARTBEAT_ACK, DATA, SACK which do
not require a response to be sent to the other peer.
In all the mentioned cases the packets (buffers) need
to be consumed and dropped instead of heading to the
output-node.
Change-Id: I3dcbe5de1cedb2ab8b06fff4364749b525cc7ac6
Signed-off-by: Marco Varlese <marco.varlese@suse.com>
|
|
This patch takes care of some refactoring, including the initialization
of the timestamp to calculate the RTO, the output state-machine
validation which can be enabled (disabled by default) when debugging and
some clean-up of unused fields.
It also addresses the requirement of Karn's algorithm when computing the
RTO.
Change-Id: I6b875152369bff23cad085708cec1f7e1151cfa8
Signed-off-by: Marco Varlese <marco.varlese@suse.com>
|
|
We disable the client detect feature when we bind a DHCP address. Turn
it back on again when the lease expires. Otherwise, if the DHCP
server replies after an outage, we'll never see the reply.
Add dhcp packet tx counters, by packet type
Change-Id: Id54b05647d5d7bd8d3ab99e6584ee86d9e4ff7f9
Signed-off-by: Dave Barach <dave@barachs.net>
|
|
Memfd backed shared memory segments can only be negotiated over sockets.
For such scenarios, the existing redirect mechanism that establishes
cut-through sessions does not work anymore as the two peer application
do not share such a socket.
This patch adds support for local sessions, as opposed to sessions
backed by a transport connection, in a way that is almost transparent to
the two applications by reusing the existing binary api messages.
Moreover, all segment allocations are now entirely done through the
segment manager valloc, so segment overlaps due to independent
allocations previously required for redirects are completely avoided.
The one notable characteristic of local sessions (cut-through from app
perspective) notification messages is that they carry pointers to two
event queues, one for each app peer, instead of one. For
transport-backed sessions one of the queues can be inferred but for
local session they cannot.
Change-Id: Ia443fb63e2d9d8e43490275062a708f039038175
Signed-off-by: Florin Coras <fcoras@cisco.com>
|
|
vxlan interfaces no longer create tx nodes and are "cheap" to create and delete
Change-Id: I7628d8ce86ec88609ed08162c94f5bc95df0d9f4
Signed-off-by: Eyal Bari <ebari@cisco.com>
|
|
Change-Id: I0ee18df69d5fe833c746d0d1e14aac14338a6e42
Signed-off-by: Eyal Bari <ebari@cisco.com>
|
|
This makes it possible to add BFD commands to scripts executed via
`exec' CLI.
Change-Id: Id0ed6c09baee6f8ac9ff183d305a470f55a1f885
Signed-off-by: Klement Sekera <ksekera@cisco.com>
|
|
Crash occurring With a worker thread configured and dhcp
client active on an interface. When a DHCP reply packet
is received, call to ethernet_get_main() from
dhcp_proxy_to_client_input() was causing a crash.
Replaced with a call to vnet_get_ethernet_main().
Once that was resolved, calling dhcp_client_acquire_address()
from a worker thread also caused a crash. Changed so the main
thread will do the address/route configuration.
Change-Id: Ib23984787102dea8cf6cfcde86188a751f15c1e1
Signed-off-by: Matthew Smith <mgsmith@netgate.com>
|
|
Change-Id: I070771794be92fd9a6e800ca0022e52d592cd1a4
Signed-off-by: Marco Varlese <marco.varlese@suse.com>
|
|
- setting MTU on an interface updates the L3 max bytes too
- value cached in the adjacency is also updated
- MTU exceeded generates ICMP to sender
Change-Id: I343ec71d8e903b529594c4bd0543f04bc7f370b3
Signed-off-by: Neale Ranns <neale.ranns@cisco.com>
|
|
Change-Id: Ib9eb65d2ba166f5883a8ce8d37298c696113f2be
Signed-off-by: Chun Li <chunl2@cisco.com>
|
|
L2 ACL
There was no test coverage for the L2 ACL (other than indirect by
means of ACL plugin tests), so the enabling of the outbound ACL
got fumbled throughout the revisions of the refactoring.
Fix both issues - the error and the lack of test coverage for L2 ACL.
Change-Id: Ib7f42780ef84b4a4f70bd88d7319aeeda866cf06
Signed-off-by: Andrew Yourtchenko <ayourtch@gmail.com>
|
|
Change-Id: Ib04a8787038fb536470a04d99fdc165102edfb5a
Signed-off-by: Damjan Marion <damarion@cisco.com>
|
|
In the case that vhostuser server accepted more than one client connection,
'vui->clib_file_index' will be overwritten directly without release the possible
existed resource, so file descriptor leak occurs
Change-Id: I89d08133dae31a12a815df2631334dbf0aefeb1e
Signed-off-by: Haiyang Tan <haiyang.tan.dev@gmail.com>
|
|
This patch addresses some bugs discovered with the shutdown phase which
were causing the actual chunks not to leave the output_node.
While fixing the issue some minor refactoring was also performed to
align the internal functions to a 'common' design.
Change-Id: Ieac4f6e78cffad2e6982536f8e9f190a66f328f7
Signed-off-by: Marco Varlese <marco.varlese@suse.com>
|
|
Needed to allow other code paths to reuse them.
Change-Id: I9e469527c6b2e9a6fec7af5f17d8b400a2e85826
Signed-off-by: Vijayabhaskar Katamreddy <vkatamre@cisco.com>
|
|
If one is not selected by the user, the next available id
will be allocated, thus maintaining backward compatibility.
Change-Id: I4691ed0638b8072f9cfa9f20b9fe4f981e708800
Signed-off-by: Jon Loeliger <jdl@netgate.com>
|
|
(VPP-1085)
The NEON implementation searches particular address in
VHOST_MEMORY_MAX_NREGIONS regions. Searching two regions at a
time.
Change-Id: Icc3c6746bc98e3a1fa71424e51b64f62efbfdc74
Signed-off-by: Nitin Saxena <nitin.saxena@cavium.com>
|
|
In multi-worker cases, af-packet tx was subject to a pretty
serious race condition as the device lock was obtained
after some queue values were read from queue.
Result could go from packet loss to queue inconsistency, leading
to tx being stuck for 'some time'.
The fix is really simple. Finding the problem was not...
Change-Id: Ib18967b7459a8609428a56de934c577cea87b165
Signed-off-by: Pierre Pfister <ppfister@cisco.com>
|
|
For implementation of MACIP ACLs enhancement (VPP-1088), an outbound
classifier-based ACL would be needed. There was an existing incomplete
code for outbound ACLs, it looked almost exact copy of input ACLs, minus
the various enhancements, trying to sync that code seemed error-prone
and cumbersome to maintain in the longer run.
This change refactors the input+output ACLs processing into a unified
routine (thus any changes will have effect on both), and also adds
the API to set the output interface ACL, with the same format
and semantics as the existing input one (except working on output
ACL of course).
WARNING: IP outbound ACL in L3 mode clobbers the ip.* fields
in the vnet_buffer_opaque_t, since the code is using l2_classify.*
The net_buffer (p0)->ip.save_rewrite_length is rescued into
l2_classify.pad.l2_len, and used to rewind the header in case of
drop, so that ipX_drop prints something sensible.
Change-Id: I62f814f1e3650e504474a3a5359edb8a0a8836ed
Signed-off-by: Andrew Yourtchenko <ayourtch@gmail.com>
|
|
Change-Id: I853386aebfe488ebb10328435b81b6e3403c5dd0
Signed-off-by: Damjan Marion <damarion@cisco.com>
|
|
Change-Id: Iba7c398a398e24b96eb536bbcefa841bd153a205
Signed-off-by: Marco Varlese <marco.varlese@suse.com>
|
|
error: passing an object that undergoes default argument promotion to
'va_start' has undefined behavior [-Werror,-Wvarargs]
Change-Id: Id342beea916ec73e29e399087532caecfa19055f
Signed-off-by: Damjan Marion <damarion@cisco.com>
|
|
Change-Id: I1771a1cca2a4bc394677b2a18f14c47f0633fa77
Signed-off-by: Damjan Marion <damarion@cisco.com>
|
|
This patch teaches worer threads to sleep and to be waken up by
kernel if there is activity on file desctiptors assigned to that thread.
It also adds counters to epoll file descriptors and new
debug cli 'show unix file'.
Change-Id: Iaf67869f4aa88ff5b0a08982e1c08474013107c4
Signed-off-by: Damjan Marion <damarion@cisco.com>
|
|
This patch address the need to send/receive heartbeats between peers.
At the same time, the number of unacked heartbeats is tracked and when
the peer requests to send DATA to the remote-peer the value of unacked
heartbeats needs to be checked against the maximum value allowed for
retransmissions. If the unacked heartbeats value is higher then the
remote-peer is considered unreachable and the connetion needs to be
shutdown.
Change-Id: I2b1a21c26775e734dbe82486f40982ed5702dc63
Signed-off-by: Marco Varlese <marco.varlese@suse.com>
|
|
Change-Id: I2421197b76be58099e5f8ed5554410adff202109
Signed-off-by: Neale Ranns <neale.ranns@cisco.com>
|
|
When the number of threads results being more than 1, the spinlock
structure requires to be initialized otherwise subsequent calls to
the "lock" API (clib_spinlock_lock_if_init) would result in a void
operation.
Change-Id: Ia268c4687252e41962bb3f1217f0a849d8c40385
Signed-off-by: Marco Varlese <marco.varlese@suse.com>
|
|
- use valloc as a 'central' segment baseva manager
- use per segment manager segment pools and use rwlocks to guard them
- add session test that exercises segment creation
- embed segment manager properties into application since they're shared
- fix rw locks
Change-Id: I761164c147275d9e8a926f1eda395e090d231f9a
Signed-off-by: Florin Coras <fcoras@cisco.com>
|
|
Add an ASSERT to vlib_process_signal_event_helper to catch future
instances of passing node_index = 0 to vlib_process_signal_event().
Change-Id: Iec896fc7c3917feb2fd3198cea42851ba88e64e5
Signed-off-by: Dave Barach <dave@barachs.net>
|
|
This patch addresses the need to calculate the RTO / RTT and RTTVAR
according to the rules depicted by the RFC4960 at section 6.3.1
Change-Id: I1d346f3c67610070b3f602f32c7738d58b99ffed
Signed-off-by: Marco Varlese <marco.varlese@suse.com>
|
|
1. Replace the magic number '-1' with MAP_FAILED
2. On x86 platform, QEMU uses vhostuser required the memory back-end is file based,
the file could be tmpfs(4K page size) or hugetlbfs(2M or 1G page size)
Change-Id: If1818cb6833728d641f68e4d4a3bc645e70f2ee6
Signed-off-by: Haiyang Tan <haiyang.tan.dev@gmail.com>
|
|
Change-Id: Ide577f036d9d8dcedd99cdb4666a0eaf8a19b92e
Signed-off-by: Klement Sekera <ksekera@cisco.com>
|
|
Change-Id: Idddb60bbc7fcc701d39212f6422a6b2f6dc75221
Signed-off-by: Florin Coras <fcoras@cisco.com>
(cherry picked from commit cba3675fabe618194bf80a9de0e9c53b89a541ca)
|
|
This patch addresses the need to handle out-of-order data chunks
received by a peer. To do that effectively, we had to add the handling
of data chunks flags (E/B/U bit) to understand whether the stream is
fragmenting user-message data and in that case if a fragment is the
FIRST/MIDDLE/LAST one of a transmission.
The same patch also addresses the security requirement to have a HMAC
calculated and incorporated in the INIT_ACK and COOKIE_ECHO chunks. The
algorithm used is the HMAC-SHA1.
Change-Id: Ib6a9a80492e2aafe5c8480d6e02da895efe9f90b
Signed-off-by: Marco Varlese <marco.varlese@suse.com>
|
|
Change-Id: Ic5dcadd13c88b8a5e7896dab82404509c081614a
Signed-off-by: Klement Sekera <ksekera@cisco.com>
|
|
Prior to this commit, the VXLAN "create" API assumed
the vrf_id belonged to only the IPv4 FIB tables space.
With this commit, the FIB table is found in either the
IPv4 or IPv6 table as determined by the is_ipv6 flag.
This follows the same pattern that was already being
done in the CLI code for the VXLAN "create" command.
Change-Id: I35d5e37db24efa858e4696dc2c004fa64bb4a4a8
Signed-off-by: Jon Loeliger <jdl@netgate.com>
|
|
Rather than having multiple copies of the same function
scattered around, promote the function into the FIB
PROTOCOL definitions in fib_types.h.
Change-Id: I11c4d85931167d3a5f3dc1278afecc8845b23cd7
Signed-off-by: Jon Loeliger <jdl@netgate.com>
|
|
Fixed a typo in tcp_push_header(). The typo only kicks in when the macro
VLIB_BUFFER_TRACE_TRAJECTORY is enabled.
Change-Id: I62832a4932ec5b14e3063d5eac113780851aae59
Signed-off-by: Steven <sluong@cisco.com>
|
|
Change-Id: I670e41bcfc61a45555431603c937f8dad4d165e9
Signed-off-by: Damjan Marion <damarion@cisco.com>
|
|
a crash on debug image (VPP-1151)
In debug image, there is extra code to validate the buffer when it is
freed. It uses the hash table to lookup the buffer index with spinlock
to prevent contention. However, there is one spinlock for each worker
thread. So allocating the buffer on thread-x and freeing the same buffer
on thread-y causes the validation to fail on thread-y. The fix is to
have only one spinlock, stored in vlib_global_main.
Change-Id: Ic383846cefe84a3e262255afcf82276742f0f62e
Signed-off-by: Steven <sluong@cisco.com>
(cherry picked from commit a7effa1b072463f12305a474f082aeaffb7ada4b)
|
|
now we get
00:00:03:665501: pg-input
...
00:00:03:665681: ethernet-input
...
00:00:03:665691: ip6-input
UDP: 2001::1 -> ffef::1
tos 0x00, flow label 0x0, hop limit 64, payload length 108
UDP: 1234 -> 1234
length 108, checksum 0x7b25
00:00:03:665695: ip6-not-enabled
UDP: 2001::1 -> ffef::1
tos 0x00, flow label 0x0, hop limit 64, payload length 108
UDP: 1234 -> 1234
length 108, checksum 0x7b25
00:00:03:665706: error-drop
ethernet-input: no error
Same goes for IPv4
Change-Id: Ia360df39b43281d3a0aa1b686f04b73cfa37c546
Signed-off-by: Neale Ranns <nranns@cisco.com>
|
|
This patch addresses the missing field in various data-structures to
track valuable information to implement the congestion-control
algorithms and manage sub-connections states.
It adds the possibility to queue up to 2 SACKs chunks when the connection
is not gapping.
At the same time, it pushes some variable/field renaming for better
readibility.
Change-Id: Idcc53512983456779600a75e78e21af078e46602
Signed-off-by: Marco Varlese <marco.varlese@suse.de>
|
|
Add an SELinux profile such that VPP can run under SELinux on RPM based
platforms. The SELinux Policy is currently only implemented for RPM
packages, specifically, Fedora, CentOS and RHEL. Doxygen User
Documentation has been included (selinux_doc.md). Once some discussion
on file locations has completed (see vpp-devlist), updates to the Debug
CLI documentation will also need to be updated.
Additional changes:
Patch Set 2:
- Rework selinux_doc.md such that each line is only 80 characters
instead of each sentence on a line. Made additonal minor chnages
to the text.
- Update vHost Debug CLI documentation to reflex new socket location.
Cleaned up some text from when I originally wrote it, to better
reflex proper use.
- Update exec Debug CLI documentation to be more inline with suggested
helptext, added text regarding recommended script file location.
- For Debian builds, create the /var/log/vpp/ directory. I don't use
Debian very much, so please pay extra attention to
build-data/platforms.mk and build-root/deb/debian/.gitignore.
- Per discussion on VPP call, changed the default log location to
/var/log/vpp/vpp.log.
- Changed the socket location for vHost in AutoConfig to
/var/run/vpp/.
Patch Set 3:
- Update selinux_doc.md based on comments.
Change-Id: I400520dc33f1ca51012d09ef8fe5a7b7b96c631e
Signed-off-by: Billy McFall <bmcfall@redhat.com>
|
|
returned in the fixup function
Change-Id: I458e6e03b03e27775df33a2fd302743126d6ac44
Signed-off-by: Neale Ranns <nranns@cisco.com>
|
|
Change-Id: I1df3d23c1c5668b83d52b41f51c0e3f24183af9e
Signed-off-by: Vijayabhaskar Katamreddy <vkatamre@cisco.com>
|
|
Change-Id: If0f8472c0de5e324b24c9c672c0f8b57cc9f49a8
Signed-off-by: Neale Ranns <neale.ranns@cisco.com>
|
|
Change-Id: I68933d709ce9cc686ba06466e136434b663920ef
Signed-off-by: Florin Coras <fcoras@cisco.com>
|
John Lo
Florin Coras
Marco Varlese
Dave Barach
Eyal Bari
Klement Sekera
Matthew Smith
Neale Ranns
Chun Li
Andrew Yourtchenko
Damjan Marion
Haiyang Tan
Vijayabhaskar Katamreddy
Jon Loeliger
Nitin Saxena
Pierre Pfister
Steven
Neale Ranns
Marco Varlese
Billy McFall