Age | Commit message (Collapse) | Author | Files | Lines |
|
Change-Id: If884a3840f34090e33ce7808d38e50f919290d9f
Signed-off-by: Neale Ranns <nranns@cisco.com>
|
|
Change-Id: If30c7334de55d32e57554cf1601c529cd807b834
Signed-off-by: Neale Ranns <nranns@cisco.com>
|
|
Change-Id: Ide3425f144fb17201dcde7ba89f39e460048100d
Signed-off-by: Klement Sekera <ksekera@cisco.com>
|
|
Change-Id: I713904f8eb2f724cb08dba494c160c14cc8b24a1
Signed-off-by: Klement Sekera <ksekera@cisco.com>
|
|
Change-Id: I90762b59f94175f278380c95776471a30bc94d34
Signed-off-by: mu.duojiao <mu.duojiao@zte.com.cn>
|
|
This commit adds a "gso" parameter to existing "create tap..." CLI,
and a "no-gso" parameter for the compatibility with the future,
when/if defaults change.
It makes use of the lowest bit of the "tap_flags" field in the API call
in order to allow creation of GSO interfaces via API as well.
It does the necessary syscalls to enable the GSO
and checksum offload support on the kernel side and sets two flags
on the interface: virtio-specific virtio_if_t.gso_enabled,
and vnet_hw_interface_t.flags & VNET_HW_INTERFACE_FLAG_SUPPORTS_GSO.
The first one, if enabled, triggers the marking of the GSO-encapsulated
packets on ingress with VNET_BUFFER_F_GSO flag, and
setting vnet_buffer2(b)->gso_size to the desired L4 payload size.
VNET_HW_INTERFACE_FLAG_SUPPORTS_GSO determines the egress packet
processing in interface-output for such packets:
When the flag is set, they are sent out almost as usual (just taking
care to set the vnet header for virtio).
When the flag is not enabled (the case for most interfaces),
the egress path performs the re-segmentation such that
the L4 payload of the transmitted packets equals gso_size.
The operations in the datapath are enabled only when there is at least
one GSO-compatible interface in the system - this is done by tracking
the count in interface_main.gso_interface_count. This way the impact
of conditional checks for the setups that do not use GSO is minimized.
"show tap" CLI shows the state of the GSO flag on the interface, and
the total count of GSO-enabled interfaces (which is used to enable
the GSO-related processing in the packet path).
This commit lacks IPv6 extension header traversal support of any kind -
the L4 payload is assumed to follow the IPv6 header. Also it performs
the offloads only for TCP (TSO - TCP segmentation offload).
The UDP fragmentation offload (UFO) is not part of it.
For debug purposes it also adds the debug CLI:
"set tap gso {<interface> | sw_if_index <sw_idx>} <enable|disable>"
Change-Id: Ifd562db89adcc2208094b3d1032cee8c307aaef9
Signed-off-by: Andrew Yourtchenko <ayourtch@gmail.com>
|
|
Change-Id: I3a3076c7d87446b5ec2a02e70d3b6d05f1875875
Signed-off-by: Klement Sekera <ksekera@cisco.com>
|
|
Change-Id: I245a8cc8f237242efadcf10d47b76222a6497e89
Signed-off-by: Damjan Marion <damarion@cisco.com>
|
|
Change-Id: I7ccc948357d815a1bd4279a7079cf4db2949183c
Signed-off-by: Florin Coras <fcoras@cisco.com>
|
|
Change-Id: I1662ec4b5503cb64a8a86a2441842311d959b3a6
Signed-off-by: Florin Coras <fcoras@cisco.com>
|
|
- Better handle buffer starvation scenarios
- Handle case when both peers enter recovery due to packet loss.
- Fix passive open establish cleanup
Change-Id: I2f28baa2ff0383bb8f5f6d2452b49aa38ce69bce
Signed-off-by: Florin Coras <fcoras@cisco.com>
|
|
Change-Id: I6c13af7e97753da013cdd5b212302d008cbd616d
Signed-off-by: Neale Ranns <nranns@cisco.com>
|
|
Makes ip6-local node dual-loop explicit. This is only a style change.
Change-Id: Ic8e7cecb3f51e98b8a069b501f5c338156934a6d
Signed-off-by: Benoît Ganne <bganne@cisco.com>
|
|
1) stats are accessed via the stat segment which is more condusive to
monitoring
2) stats are accurate in the presence of multiple threads. There's no
guarantee that an SA is access from only one worker.
Change-Id: Id5e217ea253ddfc9480aaedb0d008dea031b1148
Signed-off-by: Neale Ranns <nranns@cisco.com>
|
|
Change-Id: I88fdeb0ca56d3a5d9c0f36def13c6de8142f59f0
Signed-off-by: Florin Coras <fcoras@cisco.com>
|
|
Optimize IPv6 ip6-local node by rewriting the dual/single loop with
prefetch and simpler unrolling.
My local, unrepresentative tests for GRE4 termination over IPv6 show a
performance improvement of ~40% for ip6-local node alone and ~5%
globally.
Change-Id: I11e1e86d3838dd3c081aa6be5e25dae16ed6e2d8
Signed-off-by: Benoît Ganne <bganne@cisco.com>
|
|
Change-Id: If6d45f7f6e6dab70eecd6ec7241126968a34ad6b
Signed-off-by: Nathan Skrzypczak <nathan.skrzypczak@gmail.com>
|
|
since it can realloc when new ctx are added. If
not we can get some nasty memory corruption.
Change-Id: I617709c3013acbcb8aee07dc147894f0de896555
Signed-off-by: Neale Ranns <nranns@cisco.com>
|
|
Change-Id: Ib2ad196bec1005d6678589d5b5c199b8a541c720
Signed-off-by: Kingwel Xie <kingwel.xie@ericsson.com>
|
|
-fno-common makes sure we do not have multiple declarations of the same
global symbol across compilation units. It helps debug nasty linkage
bugs by guaranteeing that all reference to a global symbol use the same
underlying object.
It also helps avoiding benign mistakes such as declaring enum as global
objects instead of types in headers (hence the minor fixes scattered
across the source).
Change-Id: I55c16406dc54ff8a6860238b90ca990fa6b179f1
Signed-off-by: Benoît Ganne <bganne@cisco.com>
|
|
Change-Id: Idd09b5d0597336e4f2028113cae76c94fd1c5427
Signed-off-by: Damjan Marion <damarion@cisco.com>
|
|
Change-Id: I5852ca02d684fa9d59e1690efcaca06371c5faff
Signed-off-by: Neale Ranns <nranns@cisco.com>
|
|
1. unformat_ip46_address must have ip-type specified
2. cannot unformat ip46_address_t with unformat_ip4_address
Change-Id: I5f1eecfe71a808302428afb39f910ebf0c7cef71
Signed-off-by: Kingwel Xie <kingwel.xie@ericsson.com>
|
|
the DP
Change-Id: I78a1c39682d5afd356a3cfe70097fc682e8cb938
Signed-off-by: Neale Ranns <nranns@cisco.com>
|
|
Change-Id: I286d0d53a9ef2d6e28cd301eae25fc119d491f22
Signed-off-by: Florin Coras <fcoras@cisco.com>
|
|
Change-Id: I89d240753b3f3c5e984aa303a7c8fa35fa59bf7f
Signed-off-by: Florin Coras <fcoras@cisco.com>
|
|
1. specify ipsec_xxx_node.c in MULTIARCH_SOURCES
2. cleanup foreach_ipsec_output_next & foreach_ipsec_input_next,
as next-nodes are actually added by ipsec_register_xx_backend dynamically
thus, ipsec4-input-feature will point to ah4/esp4-encrypt, instead of
pointing to ah6/esp6-encrypt
3. remove an unused count and add counter IPSEC_INPUT_ERROR_RX_MATCH_PKTS
in ipsec-input
Change-Id: Ifcf167812d2cc18187c2cea84b657a52b67e17d4
Signed-off-by: Kingwel Xie <kingwel.xie@ericsson.com>
|
|
Change-Id: I4e836244409c98739a13092ee252542a2c5fe259
Signed-off-by: Damjan Marion <damarion@cisco.com>
|
|
Change-Id: I543cb78e268d7a4a7fba590d305351ec79f4e4da
Signed-off-by: Florin Coras <fcoras@cisco.com>
|
|
Make app-listener the handle for app listens. Consequently transport and
local listen sessions are now associated to the app-listener.
Change-Id: I9397a26d42cccb100970b6b4794c15bac2e11465
Signed-off-by: Florin Coras <fcoras@cisco.com>
|
|
Change-Id: Ie69bdb9860d61f2c599c0c80b0ea80dfdfe178bd
Signed-off-by: Florin Coras <fcoras@cisco.com>
|
|
Change-Id: Ib55deb620f4f58cac07da7cb69418a3a30ff3136
Signed-off-by: Neale Ranns <nranns@cisco.com>
|
|
in the same maaner as with other tunnel tyeps we use
the FIB to cache and track the destination used to reach
the tunnel endpoint. Post encap we can then ship the packet
straight to this adjacency and thus elide the costly second
lookup.
- SA add and del function so they can be used both directly
from the API and for tunnels.
- API change for the SA dump to use the SA type
- ipsec_key_t type for convenience (copying, [un]formating)
- no matching tunnel counters in ipsec-if-input
Change-Id: I9d144a59667f7bf96442f4ca66bef5c1d3c7f1ea
Signed-off-by: Neale Ranns <nranns@cisco.com>
|
|
'%x' unformat specifier expects a pointer to a 4-byte object and will
overflow when using a pointer to a 1-byte object. Use '%X' instead which
allows to pass the size of the object alongside its pointer.
The bug was exposed with the following commands:
~# make run
DBGvpp# loop create
loop0
DBGvpp# set ip6 neigh loop0 3001::2 a:a:a:a:a:a
DBGvpp# show ip6 neigh
Time Address Flags Link layer Interface
35.7743 ::2 D 0a:0a:0a:0a:0a:0a loop0
^^^
wrong address: should be 3001::2
Note that the bug impact depends from the parsing order and memory
layout.
Change-Id: I29ba2eb53ba5a2daf4517215602d027508e2cb9f
Signed-off-by: Benoît Ganne <bganne@cisco.com>
|
|
Change-Id: I468b1015bca5f95b162fb49e904aa4e4d38db75e
Signed-off-by: Florin Coras <fcoras@cisco.com>
|
|
Example:
buffers {
default data-size 1536
}
Change-Id: I5b4436850ca18025c9fdcfc7ed648c2c2732d660
Signed-off-by: Damjan Marion <damarion@cisco.com>
|
|
Change-Id: Idd560f3afde1dd03bc3d6fbb2070096146865f50
Signed-off-by: Mohsin Kazmi <sykazmi@cisco.com>
|
|
Change-Id: Ifc98373371b967c49a75989eac415ddda1dcf15f
Signed-off-by: Mohsin Kazmi <sykazmi@cisco.com>
|
|
- move transport specific types to transport_types
- add transport wrapper functions for interaction with transport
protocol vfts
Change-Id: I93f70d884585fc2f41c4a605e310c80e8a8972f2
Signed-off-by: Florin Coras <fcoras@cisco.com>
|
|
Aggregate session specific types, getters and setters under
session_types.h
Change-Id: Ib205337502654969d60c72d1800c90247e1a9068
Signed-off-by: Florin Coras <fcoras@cisco.com>
|
|
Move app worker logic to app_worker.c
Change-Id: Ic5e5735b2884f006c064d023f491aa6888114810
Signed-off-by: Florin Coras <fcoras@cisco.com>
|
|
- return the stats_index of each SPD in the create API call
- no ip_any in the API as this creates 2 SPD entries. client must add both v4 and v6 explicitly
- only one pool of SPD entries (rhter than one per-SPD) to support this
- no packets/bytes in the dump API. Polling the stats segment is much more efficient
(if the SA lifetime is based on packet/bytes)
- emit the policy index in the packet trace and CLI commands.
Change-Id: I7eaf52c9d0495fa24450facf55229941279b8569
Signed-off-by: Neale Ranns <nranns@cisco.com>
|
|
Rename core data structures. This will break compatibility for out of
tree builtin apps.
- stream_session_t to session_t
- server_rx/tx_fifo to rx/tx_fifo
- stream_session.h to session_types.h
- update copyright
Change-Id: I414097c6e28bcbea866fbf13b8773c7db3f49325
Signed-off-by: Florin Coras <fcoras@cisco.com>
|
|
use-esp use-anti-replay
Change-Id: I977b65eee926adaded0cb923e14feb0ee90fc32c
Signed-off-by: Kingwel Xie <kingwel.xie@ericsson.com>
|
|
Change-Id: If30cea80058752cedcc6ecc38e90bef8732c83d3
Signed-off-by: Florin Coras <fcoras@cisco.com>
|
|
It is causing compilation sloness with gcc-7 so removing it
before it was originally planned.
So far macros are left in the tree so we can know which nodes to
convert to new multiarch code.
Change-Id: Idb14622ca61fdce1eba59723b20d98715b7971e6
Signed-off-by: Damjan Marion <damarion@cisco.com>
|
|
Change-Id: I3051d49aa9b9c38dcd8069ea1748f74ab20ac0f6
Signed-off-by: Florin Coras <fcoras@cisco.com>
|
|
Change-Id: I71ccb39c56962fe0160d3f4c83453e72d2dd3030
Signed-off-by: Florin Coras <fcoras@cisco.com>
|
|
No function change. Only breaking the monster ipsec.[hc]
into smaller constituent parts
Change-Id: I3fd4d2d041673db5865d46a4002f6bd383f378af
Signed-off-by: Neale Ranns <nranns@cisco.com>
|
|
- use enums to enumerate the algoritms and protocols that are supported
- use address_t types to simplify encode/deocde
- use typedefs of entry objects to get consistency between add/del API and dump
Change-Id: I7e7c58c06a150e2439633ba9dca58bc1049677ee
Signed-off-by: Neale Ranns <nranns@cisco.com>
|