aboutsummaryrefslogtreecommitdiffstats
path: root/src/vnet
AgeCommit message (Collapse)AuthorFilesLines
2020-09-25bfd: add missing unlockKlement Sekera1-0/+1
Thanks to Martin Sustrik for spotting the bug introduced by a316744 and submitting the fix. Type: fix Signed-off-by: Klement Sekera <ksekera@cisco.com> Change-Id: I4984fc32503b0c7b6db3543834dfbbfed2a1f23c
2020-09-24virtio: refactor tx traceMohsin Kazmi1-33/+37
Type: refactor Signed-off-by: Mohsin Kazmi <sykazmi@cisco.com> Change-Id: I37fef2c32d0561b944b201a1012b87c7ac315e73
2020-09-24session tcp udp tls quic: improve cli formattingFlorin Coras7-16/+26
Type: improvement Signed-off-by: Florin Coras <fcoras@cisco.com> Change-Id: Iae5dbb8aaaf82d8e95c2ee8bbbe6844c9dd49f80
2020-09-23session: fix sapi coverity warningFlorin Coras1-0/+2
Type: fix Signed-off-by: Florin Coras <fcoras@cisco.com> Change-Id: Ib00ac02eabb06a300d01697b89d97b26dd3c4330
2020-09-23ip: use main heap for mtrie, part 2 (remove args)Damjan Marion2-32/+0
Type: improvement Change-Id: I8c28c845c75657852f1e513e2832771fad6b90b7 Signed-off-by: Damjan Marion <damarion@cisco.com>
2020-09-23tls: fix session format assert crash in connected callbackjiangxiaoming1-9/+8
Type: fix Signed-off-by: jiangxiaoming <jiangxiaoming@outlook.com> Change-Id: I61b7988bf6a49a51041bc6085d5f0f4689ff45a6
2020-09-22ipip: Add option to tunnel create help stringNeale Ranns2-2/+3
Type: style Signed-off-by: Neale Ranns <nranns@cisco.com> Change-Id: I3703b9a882b7577025f495d500daf08a916891b9
2020-09-22lisp: Move to pluginNeale Ranns49-27116/+1
Type: refactor Change-Id: I54df533a8f863c4e49742903cf2457f18b4fc506 Signed-off-by: Neale Ranns <nranns@cisco.com>
2020-09-22vxlan-gbp: Mark APIs as in-progressNeale Ranns1-0/+5
Type: fix The GBP plugin that uses this module is also in-ptogress, hence so is this module. Signed-off-by: Neale Ranns <nranns@cisco.com> Change-Id: I3cb5dd124afac05da013d92d67b2abf6cdf9b769
2020-09-21crypto: revert crypto set handler all APIYulong Pei1-36/+3
This reverts commit 8c91b2ae2b32d428ef35605707788fe064621cb3, but keep a comment fix. Type: fix Signed-off-by: Yulong Pei <yulong.pei@intel.com> Change-Id: Ia66941bf18d3efac96f41bdf905d877cfb3ab211
2020-09-21session: use wrk instead of thread index in nodeFlorin Coras1-10/+12
Type: refactor Signed-off-by: Florin Coras <fcoras@cisco.com> Change-Id: Ia36d86eb108f0651fc3af8b4dbdc2d0b49e283da
2020-09-21geneve: Move to pluginNeale Ranns10-4237/+0
Type: refactor Change-Id: I613bf4d6517591351b212bfe6c8d93abf235f5dc Signed-off-by: Neale Ranns <nranns@cisco.com>
2020-09-21misc: Move l2tp to pluginNeale Ranns11-2018/+0
Type: refactor Change-Id: Ifb36eeb146b87e9e305881429d32d6879e955e1e Signed-off-by: Neale Ranns <nranns@cisco.com>
2020-09-21lldp: Move to pluginNeale Ranns14-2382/+0
Type: refactor Change-Id: Ifd770ff4850e63474bf4682ad463021b03786b4b Signed-off-by: Neale Ranns <nranns@cisco.com>
2020-09-21ip: use main heap for mtrieDamjan Marion3-69/+3
Main heap can be hugepage backed so it is more efficient to use main heap instead of allocating special heap just for mtrie.... Type: improvement Change-Id: I210912ab8567c043205ddfc10fdcfde9a0fa7757 Signed-off-by: Damjan Marion <damarion@cisco.com>
2020-09-18session: grab worker barrier for sapi msgsFlorin Coras1-0/+5
Type: fix Signed-off-by: Florin Coras <fcoras@cisco.com> Change-Id: I7cdbcfeb6f77a720e190daf9fe555320e586bba8
2020-09-18fib: skip byte swap on n_paths in mroute detailsMatthew Smith1-2/+2
Type: fix While preparing to send a ip_mroute_details API message, the number of paths for a multicast route is stored in an int in send_ip_mroute_details(). Before the value in the int is copied into the field n_paths in the API message, the byte order is swapped. This results in n_paths getting set to 0. Change the int to a u8 and omit the byte swap so API clients can receive data on multicast route paths. Change-Id: Ie6dcb0f7b135c5b5deeeb2e44147560dbbb12507 Signed-off-by: Matthew Smith <mgsmith@netgate.com>
2020-09-18vat: add infrastructure to align vnet test code and plugin test codeOle Troan6-56/+398
Split vat/api_format.c also for VNET features. Use auto-generated VAT test code and support dynamic message ID allocation as for plugins. The arp and geneve features as Guinea pigs. Type: improvement Signed-off-by: Ole Troan <ot@cisco.com> Change-Id: I461591496766bdf10c5f950fd30f1a0ae05909da Signed-off-by: Ole Troan <ot@cisco.com>
2020-09-18tap: do not use strlen on vectorVladimir Isaev1-2/+1
sanitizer complains about strlen on hi->name in tap_dump_ifs. hi->name is a vector which is not null-terminated, so use vec_len. Type: fix Signed-off-by: Vladimir Isaev <visaev@netgate.com> Change-Id: Icdd5f65369bb51b0c4a9cd86c24899e6febd837c
2020-09-18session: fix vpp exit abnormal due to application as a proxy server with ldpfanyf1-1/+9
Type: fix The function of application_setup_proxy() be called when application run as a proxy server, "app_wrk->first_segment_manager" be realloced in this function, but variable of "sm" point original memory location. Signed-off-by: fanyf <fanyufei521@outlook.com> Change-Id: I753c9fb60d1c0794d5eede9f3fab48381a802e3c
2020-09-18virtio: fix txq lockingBenoît Ganne2-2/+6
Initialize txq lock only if some txq are shared and check if another worker is already operating on the txq before processing gro timeouts in input node. Type: fix Change-Id: I89dab6c0e6eb6a7aa621fa1548b0a2c76e6c7581 Signed-off-by: Benoît Ganne <bganne@cisco.com>
2020-09-17teib: Use ip_address_t not ip46_address_tNeale Ranns9-149/+116
Type: improvement Change-Id: Ica75c4e43d6198658a1954640c7ac56ea68bb39a Signed-off-by: Neale Ranns <nranns@cisco.com>
2020-09-17teib: Add adj-fibs for peers/adjacencies on p2mp interfaceNeale Ranns7-35/+258
Type: fix Change-Id: I6fdc4e952097e92ac3aa53e0be3ef99e0d801b28 Signed-off-by: Neale Ranns <nranns@cisco.com>
2020-09-16vcl: refactor bapi client index for sapi reuseFlorin Coras2-1/+3
Type: refactor Signed-off-by: Florin Coras <fcoras@cisco.com> Change-Id: Ibebb6f7d4e610570693e213acd2f6d9332c563c6
2020-09-16crypto: Crypto set handler API to support set all as CLIYulong Pei2-4/+37
Type: improvement Signed-off-by: Yulong Pei <yulong.pei@intel.com> Change-Id: I43556f8c76c7aae64d9c927e1fda3c1774d7e49d
2020-09-16misc: fix the formatting styleMohsin Kazmi3-9/+10
Type: style Signed-off-by: Mohsin Kazmi <sykazmi@cisco.com> Change-Id: Id86e16677564669b0295bbb9fc1303fe39a21b6f
2020-09-16api: clean up use of deprecated flagOle Troan4-7/+7
The syntax of the deprecated flag has evolved. Clean up usage to be "option deprecated;". Type: fix Signed-off-by: Ole Troan <ot@cisco.com> Change-Id: If2b639f275eb8db58b36c457f9245fe35a4d8cb1
2020-09-16tcp: make max gso packet size configurableSimon Zhang3-2/+8
Type: improvement Signed-off-by: Simon Zhang <yuwei1.zhang@intel.com> Change-Id: I14de90f07d825c5c99023996a88173ee855e9a6f
2020-09-15lisp: fix lisp|one_eid_table_dump's local|remote options in vatOnong Tayeng1-1/+1
The local|remote options to vat's lisp|one_eid_table_dump api command does not print the eid details instead it produces the following error messages: Filter error, unknown filter: 1 Filter error, unknown filter: 2 Type: fix Signed-off-by: Onong Tayeng <otayeng@cisco.com> Change-Id: I000c290b400dbf39bd883d57115923167092c9bd
2020-09-14l2: allocate l2fib only when neededDamjan Marion4-10/+90
Currently l2 fib allocates 512MB hash table unconditionally on startup. This patch postpones table creation up to the point where first interface is put into l2 mode or mac entry is added. In addition it reduces default table size to 128MB and increases number of buckets 4 times. This default setting should be enough to keep 1M mac entries. Also, new startup.conf section is added which allows user to change memory and bucket size. .i.e: l2fib { table-size 512M num-buckets 524288 } Type: improvement Change-Id: I2a29209aa3545181f0087544c97a54d8157b6ec5 Signed-off-by: Damjan Marion <damarion@cisco.com>
2020-09-14session: del app worker on socket detachFlorin Coras1-5/+11
Type: improvement Signed-off-by: Florin Coras <fcoras@cisco.com> Change-Id: Ic904abedcd270c95e782159170d457bc396424a0
2020-09-14session: add unix socket api for app attachmentFlorin Coras6-18/+743
This is an af_unix socket alternative to the binary api. To enable it, add use-app-socket-api under session stanza in startup.conf. When the socket api is enabled, attachments through the binary api are disabled. The socket api only works with memfd fifo segments, i.e., shm segments are not supported. Type: feature Signed-off-by: Florin Coras <fcoras@cisco.com> Change-Id: I55ffcee201d004846daeeec85c700c7e7a578d43
2020-09-11lisp: fix help msg of show eid-table commandOnong Tayeng2-4/+4
The lisp|one show eid-table command's help msg does not display the available options. This patch fixes that. show lisp eid-table [local|remote|eid <eid>] show one eid-table [local|remote|eid <eid>] Type: fix Signed-off-by: Onong Tayeng <otayeng@cisco.com> Change-Id: Id39148db2ff291a7fe859830c1488b69ccd15c05
2020-09-11build: fix build for Debian 9 and Debian 10Benoît Ganne2-7/+13
Type: fix Change-Id: Ic07d0ae313b32e420ba93693cb75960a86f752a9 Signed-off-by: Benoît Ganne <bganne@cisco.com>
2020-09-11l2: fix null deref in l2_to_bvi()Matthew Smith1-1/+1
Type: fix Static analysis identified a possible null pointer dereference. It was introduced by a recent patch which expanded the DMAC comparison on inbound packets on a BVI interface to include any secondary MAC addresses which were added to an interface. Check if the pointer is null before dereferencing. Change-Id: Ic2afe2b062eda32977e05bf3f98d82c1fe64620c Signed-off-by: Matthew Smith <mgsmith@netgate.com>
2020-09-10lisp: fix crash with arp and packet trace onOnong Tayeng2-3/+7
With packet trace on, VPP crashes when an arp packet arrives. This patch fixes the crash and also ensures that the packet trace displays the eid info. Type: fix Signed-off-by: Onong Tayeng <otayeng@cisco.com> Change-Id: Iaad09a5e2b33e931ab9bd7bc3d4573b5ed5e4bfd
2020-09-09l2: check secondary macs on BVI interfaceMatthew Smith1-2/+35
Type: fix VRRP cannot be used on a BVI interface currently because packets sent to the virtual mac address of the VR fail the destination mac check in l2_to_bvi(). Apparently people want to use VRRP on BVI interfaces, so update the check in l2_to_bvi() so that it will check any secondary mac addresses which have been added to the ethernet interface if the destination mac address does not match the primary mac address for the interface. An equivalent check is already done in ethernet_input_inline() for L3 interfaces which are in promiscuous mode. Change-Id: I7c5bf624dafda8744fea236c704e8e17e5f53b35 Signed-off-by: Matthew Smith <mgsmith@netgate.com>
2020-09-09crypto: change cryptodev with new cryptodev APIFan Zhang1-1/+1
Type: feature This patch updateds cryptodev engine uses new DPDK Cryptodev API planned to be upstreamed in DPDK 20.11. Signed-off-by: Fan Zhang <roy.fan.zhang@intel.com> Signed-off-by: Piotr Bronowski <piotrX.bronowski@intel.com> Change-Id: I8dd1a8ac643f1e952deb787e466b76ea7aa5f420
2020-09-09interface: support configuring RSS steering queuesChenmin Sun6-2/+162
This patch adds the RSS steering queues set interface, and it's implementation in DPDK device: /* Interface to set rss queues of the interface */ typedef clib_error_t *(vnet_interface_rss_queues_set_t) (struct vnet_main_t * vnm, struct vnet_hw_interface_t * hi, clib_bitmap_t *bitmap); This patch also introduces a command line to set the RSS queues: set interface rss queues <interface> <list <queue-list>> To display the rss queues, use "show hardware-interfaces" Below is the example to configure rss queues for interface Gig0: vpp# set interface rss queues Gig0 list 0,2,4-7 vpp# show hardware-interfaces brief Name Idx Link Hardware VirtualFunctionEthernet18/1/0 1 down VirtualFunctionEthernet18/1/0 Link speed: unknown RSS queues: 0 2 4 5 6 7 local0 0 down local0 Link speed: unknown vpp# Users can also configure the rss queues on a dpdk interface in startup.conf: dpdk { dev 0000:18:01.0 { rss-queues 0,2,5-7 } } Type: feature Signed-off-by: Chenmin Sun <chenmin.sun@intel.com> Change-Id: I1835595a1c54016a84eabee9fd62ce137935385d
2020-09-08svm session: document unsupported fifo deq combinationsFlorin Coras1-0/+4
Type: fix - Document that ooo dequeues with ooo lookups cannot be done in combination with in order dequeues. - Added assert to capture this scenario and de-initialized rbtrees for cut-through tx fifo Signed-off-by: Florin Coras <fcoras@cisco.com> Change-Id: Ic40d020b3f0391fcf022ea3c906b86121744144f
2020-09-07ipsec: fix padding/alignment for native IPsec encryptionChristian Hopps5-19/+19
Not all ESP crypto algorithms require padding/alignment to be the same as AES block/IV size. CCM, CTR and GCM all have no padding/alignment requirements, and the RFCs indicate that no padding (beyond ESPs 4 octet alignment requirement) should be used unless TFC (traffic flow confidentiality) has been requested. CTR: https://tools.ietf.org/html/rfc3686#section-3.2 GCM: https://tools.ietf.org/html/rfc4106#section-3.2 CCM: https://tools.ietf.org/html/rfc4309#section-3.2 - VPP is incorrectly using the IV/AES block size to pad CTR and GCM. These modes do not require padding (beyond ESPs 4 octet requirement), as a result packets will have unnecessary padding, which will waste bandwidth at least and possibly fail certain network configurations that have finely tuned MTU configurations at worst. Fix this as well as changing the field names from ".*block_size" to ".*block_align" to better represent their actual (and only) use. Rename "block_sz" in esp_encrypt to "esp_align" and set it correctly as well. test: ipsec: Add unit-test to test for RFC correct padding/alignment test: patch scapy to not incorrectly pad ccm, ctr, gcm modes as well - Scapy is also incorrectly using the AES block size of 16 to pad CCM, CTR, and GCM cipher modes. A bug report has been opened with the and acknowledged with the upstream scapy project as well: https://github.com/secdev/scapy/issues/2322 Ticket: VPP-1928 Type: fix Signed-off-by: Christian Hopps <chopps@labn.net> Change-Id: Iaa4d6a325a2e99fdcb2c375a3395bcfe7947770e
2020-09-04virtio: remove kernel virtio header dependenciesMohsin Kazmi18-394/+483
Type: refactor tap, virtio and vhost use virtio/vhost header files from linux kernel. Different features are supported on different kernel versions, making it difficult to use those in VPP. This patch removes virtio/vhost based header dependencies to local header files. Change-Id: I064a8adb5cd9753c986b6f224bb075200b3856af Signed-off-by: Mohsin Kazmi <sykazmi@cisco.com>
2020-09-04ipsec: fix trace of GRE_teb packetsChristian Hopps1-2/+5
The issue is not easily hit. When GRE_teb packets are received the post crypto processing adjusts the l2.l2_len value in the vnet_buffer opaque data. This is overwriting the ipsec opaque data. Later the trace code fetches the sa_index from the ipsec opaque data. It's just an accident that this currently works, if the ipsec data is changed so that the sa_index moves around it will be overwritten by the l2_len modification. Indeed, this was found b/c local development changes had moved the sa_index so it was over-lapping with the l2_len memory space, and the UT failed. Type: fix Change-Id: Iaecfa750cf0b36653fd9e75b4d799f323a14d932 Signed-off-by: Christian Hopps <chopps@labn.net>
2020-09-04ipsec: cli: add missing flags for SA addChristian Hopps1-0/+12
Add missing cli options for setting IPsec SA flags, inbound, use-anti-replay, and use-esn. Type: fix Change-Id: Ia7a91b4b0a12be9e4dd0e684be3e04d8ccafb9d4 Signed-off-by: Christian Hopps <chopps@labn.net>
2020-09-04ip: enhance vtep4_check of tunnel by vector wayZhiyong Yang4-36/+137
This patch aims to improve decap performance by reducing expensive hash_get callings as less as possible using AVX512 on XEON. e.g. vxlan, vxlan_gpe, geneve, gtpu. For the existing code, if vtep4 of the current packet match the last vtep4_key_t well, expensive hash computation can be avoided and the code returns directly. This patch improves tunnel decap multiple flows case greatly by leveraging 512bit vector register on XEON accommodating 8 vtep4_keys. It enhances the possiblity of avoiding unnecessary hash computing once hash key of the current packet hits any one of 8 in the 512bit cache. The oldest element in vtep4_cache_t is updated in round-robin order. vlib_get_buffers is also leveraged in the meanwhile. Type: improvement Signed-off-by: Zhiyong Yang <zhiyong.yang@intel.com> Signed-off-by: Ray Kinsella <mdr@ashroe.eu> Signed-off-by: Junfeng Wang <drenfong.wang@intel.com> Change-Id: I313103202bd76f2dd638cd942554721b37ddad60
2020-09-03misc: l2tp: cli: fix overly generic CLI commandsChristian Hopps1-2/+2
"clear counters" is not appropriate for a protocol to own. Change to "clear l2tp counters" (and "test l2tp counter"). Type: fix Signed-off-by: Christian Hopps <chopps@labn.net> Change-Id: I3faac3907c4697c1c95df34ac7d31e48063869a8
2020-09-03crypto: Add async crypto APIsNathan Skrzypczak6-5/+175
Type: feature This adds api calls for the following CLIs: * set sw_scheuduler worker <N> crypto on|off * set crypto async dispatch polling|interrupt * set crypto handler * set crypto async handler Change-Id: Ic701d149c440e42ea4575da42b9f69e4c8759602 Signed-off-by: Nathan Skrzypczak <nathan.skrzypczak@gmail.com>
2020-09-03crypto: SW scheduler async crypto enginePiotrX Kleski4-69/+232
Type: feature This patch adds new sw_scheduler async crypto engine. The engine transforms async frames info sync crypto ops and delegates them to active sync engines. With the patch it is possible to increase the single worker crypto throughput by offloading the crypto workload to multiple workers. By default all workers in the system will attend the crypto workload processing. However a worker's available cycles are limited. To avail more cycles to one worker to process other workload (e.g. the worker core that handles the RX/TX and IPSec stack processing), a useful cli command is added to remove itself (or add it back later) from the heavy crypto workload but only let other workers to process the crypto. The command is: - set sw_scheduler worker <idx> crypto <on|off> It also adds new interrupt mode to async crypto dispatch node. This mode signals the node when new frames are enqueued as opposed to polling mode that continuously calls dispatch node. New cli commands: - set crypto async dispatch [polling|interrupt] - show crypto async status (displays mode and nodes' states) Signed-off-by: PiotrX Kleski <piotrx.kleski@intel.com> Signed-off-by: DariuszX Kazimierski <dariuszx.kazimierski@intel.com> Reviewed-by: Fan Zhang <roy.fan.zhang@intel.com> Change-Id: I332655f347bb9e3bc9c64166e86e393e911bdb39
2020-09-02tcp: fix connection refused errorFlorin Coras1-1/+1
Type: fix Signed-off-by: Florin Coras <fcoras@cisco.com> Change-Id: I436741e061f11685980a71fb3989befc7af1e081
2020-09-02fib: IPv6 lookup data structure MP safe when prefixes changeNeale Ranns1-14/+31
Type: fix adding routes should be MP safe. When new prefixes with differrent prefix lengths are added, adjust the sorted list in an MP safe way. Change-Id: Ib73a3c84d01eb86d17f8e79ea2bd2505dd9afb3d Signed-off-by: Neale Ranns <nranns@cisco.com>