summaryrefslogtreecommitdiffstats
path: root/src/vnet
AgeCommit message (Collapse)AuthorFilesLines
2021-10-12ipsec: Performance improvement of ipsec4_output_node using flow cacheGovindarajan Mohandoss7-17/+264
Adding flow cache support to improve outbound IPv4/IPSec SPD lookup performance. Details about flow cache: Mechanism: 1. First packet of a flow will undergo linear search in SPD table. Once a policy match is found, a new entry will be added into the flow cache. From 2nd packet onwards, the policy lookup will happen in flow cache. 2. The flow cache is implemented using bihash without collision handling. This will avoid the logic to age out or recycle the old flows in flow cache. Whenever a collision occurs, old entry will be overwritten by the new entry. Worst case is when all the 256 packets in a batch result in collision and fall back to linear search. Average and best case will be O(1). 3. The size of flow cache is fixed and decided based on the number of flows to be supported. The default is set to 1 million flows. This can be made as a configurable option as a next step. 4. Whenever a SPD rule is added/deleted by the control plane, the flow cache entries will be completely deleted (reset) in the control plane. The assumption here is that SPD rule add/del is not a frequent operation from control plane. Flow cache reset is done, by putting the data plane in fall back mode, to bypass flow cache and do linear search till the SPD rule add/delete operation is complete. Once the rule is successfully added/deleted, the data plane will be allowed to make use of the flow cache. The flow cache will be reset only after flushing out the inflight packets from all the worker cores using vlib_worker_wait_one_loop(). Details about bihash usage: 1. A new bihash template (16_8) is added to support IPv4 5 tuple. BIHASH_KVP_PER_PAGE and BIHASH_KVP_AT_BUCKET_LEVEL are set to 1 in the new template. It means only one KVP is supported per bucket. 2. Collision handling is avoided by calling BV (clib_bihash_add_or_overwrite_stale) function. Through the stale callback function pointer, the KVP entry will be overwritten during collision. 3. Flow cache reset is done using BV (clib_bihash_foreach_key_value_pair) function. Through the callback function pointer, the KVP value is reset to ~0ULL. MRR performance numbers with 1 core, 1 ESP Tunnel, null-encrypt, 64B for different SPD policy matching indices: SPD Policy index : 1 10 100 1000 Throughput : MPPS/MPPS MPPS/MPPS MPPS/MPPS KPPS/MPPS (Baseline/Optimized) ARM Neoverse N1 : 5.2/4.84 4.55/4.84 2.11/4.84 329.5/4.84 ARM TX2 : 2.81/2.6 2.51/2.6 1.27/2.6 176.62/2.6 INTEL SKX : 4.93/4.48 4.29/4.46 2.05/4.48 336.79/4.47 Next Steps: Following can be made as a configurable option through startup conf at IPSec level: 1. Enable/Disable Flow cache. 2. Bihash configuration like number of buckets and memory size. 3. Dual/Quad loop unroll can be applied around bihash to further improve the performance. 4. The same flow cache logic can be applied for IPv6 as well as in IPSec inbound direction. A deeper and wider flow cache using bihash_40_8 can replace existing bihash_16_8, to make it common for both IPv4 and IPv6 in both outbound and inbound directions. Following changes are made based on the review comments: 1. ON/OFF flow cache through startup conf. Default: OFF 2. Flow cache stale entry detection using epoch counter. 3. Avoid host order endianness conversion during flow cache lookup. 4. Move IPSec startup conf to a common file. 5. Added SPD flow cache unit test case 6. Replaced bihash with vectors to implement flow cache. 7. ipsec_add_del_policy API is not mpsafe. Cleaned up inflight packets check in control plane. Type: improvement Signed-off-by: mgovind <govindarajan.Mohandoss@arm.com> Signed-off-by: Zachary Leaf <zachary.leaf@arm.com> Tested-by: Jieqiang Wang <jieqiang.wang@arm.com> Change-Id: I62b4d6625fbc6caf292427a5d2046aa5672b2006
2021-10-12session: set actual lcl ip on accepted ctFlorin Coras1-1/+1
Type: improvement Signed-off-by: Florin Coras <fcoras@cisco.com> Change-Id: Ic2ba5fa234a394acb524b61573fc49f2d58c2dea
2021-10-11ip: fix fib and mfib locksNathan Skrzypczak9-84/+92
This patches fixes an issue that could cause fib locks to underflow: if an API user deletes a fib and quickly recreates it, the fib may not have been actually deleted. As a result, the lock would not be incremented on the create call leading to the fib potentially disappearing afterwards - or to the lock to underflow when the fib is deleted again. In order to keep the existing API semantics, we use the locks with API and CLI source as flags. This means we need to use a different counter for the interface-related locks. This also prevents an issue where an interface being bound to a vrf via API and released via CLI could mess up the lock counter. Finally, this will help with cleaning up the interface-related locks on interface deletion in a later patch. Type: fix Change-Id: I93030a7660646d6dd179ddf27fe4e708aa11b90e Signed-off-by: Nathan Skrzypczak <nathan.skrzypczak@gmail.com> Signed-off-by: Aloys Augustin <aloaugus@cisco.com>
2021-10-11docs: nitfixes in FEATURE.yamlNathan Skrzypczak2-2/+2
Type: improvement Change-Id: Iec585880085b12b08594a0640822cd831455d594 Signed-off-by: Nathan Skrzypczak <nathan.skrzypczak@gmail.com>
2021-10-08vxlan-gpe: add udp-port configuration supportArtem Glazychev5-280/+446
similar behavior as here: 839dcc0fb7313638d9b8f52a9db81350dddfe461 Type: improvement Signed-off-by: Artem Glazychev <artem.glazychev@xored.com> Change-Id: I1b0a8f8f3dab48839e27df7065cf5f786cf0b5e9
2021-10-07ipsec: fix protect update log if nexthop is NULLBenoît Ganne1-2/+3
If logging is on, it will try to print the address nh. Make sure it is not NULL. Type: fix Change-Id: I81c0295865901406d86e0d822a103b4d5adffe47 Signed-off-by: Benoît Ganne <bganne@cisco.com>
2021-10-07vppinfra: asan: improve overflow semanticBenoît Ganne1-2/+2
Type: improvement Change-Id: Ia63899b82e34f179f9efa921e4630b598f2a86cb Signed-off-by: Benoît Ganne <bganne@cisco.com>
2021-10-07udp: fix severity error infoFilip Tehlar4-25/+25
Type: fix Signed-off-by: Filip Tehlar <ftehlar@cisco.com> Change-Id: I415d68b39ecac546b531f6eb98bca51e7eb6f7f7
2021-10-07ip: fix path MTU node errors definitionBenoît Ganne3-3/+7
The path mtu node uses errors defined by ip fragmentation. Type: fix Change-Id: I1f173955919a4f555ab0309cd8201ec342a0ae92 Signed-off-by: Benoît Ganne <bganne@cisco.com>
2021-10-07arp: source address selectionEd Warnicke2-5/+13
https://gerrit.fd.io/r/c/vpp/+/30197 introduced SAS and inadvertently broke ping in a variety of situations: https://jira.fd.io/browse/VPP-1992 https://jira.fd.io/browse/VPP-1970 https://lists.fd.io/g/vpp-dev/topic/84038840 all of which seem to be rooted in situations where there's literally nothing smarter ping can do for source address selection than to pick the first IP on the interface. This can happen for: 1. P2P interfaces, see attempted fix: https://gerrit.fd.io/r/c/vpp/+/32801 2. Interfaces with /32 IP addresses intentionally assigned After some discussion, this problem was partially fixed in https://gerrit.fd.io/r/c/vpp/+/33449 Unforunately, while source selection was fixed in ping, it continued to be broken in arp/nd. This gerrit builds on https://gerrit.fd.io/r/c/vpp/+/33449 and fixes arp/nd. Type: fix Ticket: VPP-1970 Ticket: VPP-1992 Fixes: e2fe097424fb169dfe01421ff17b8ccd0c26b4a6 Change-Id: Ief60c321676a15f4f30bf4cd84d50b2f1efec432 Signed-off-by: Ed Warnicke <hagbard@gmail.com>
2021-10-06ip: check if interface has link-local address (addition)Artem Glazychev1-1/+6
previous - b31fbc47f5fcf8234c757558d7b0285348774086 Type: fix Signed-off-by: Artem Glazychev <artem.glazychev@xored.com> Change-Id: I7ea2d693d3ad5bf41ece066b3511fbfa156c1e4b
2021-10-06session: fix severity infoFilip Tehlar1-11/+10
Type: fix Signed-off-by: Filip Tehlar <ftehlar@cisco.com> Change-Id: I6548274f8c0ae2a183b1d221cb195de445c2819f
2021-10-06tcp: fix severity infoFilip Tehlar5-66/+66
Type: fix Signed-off-by: Filip Tehlar <ftehlar@cisco.com> Signed-off-by: Florin Coras <fcoras@cisco.com> Change-Id: Ibe39bc045c3b154209a83b59ef95a37c61b32c0c
2021-10-06docs: more nitfixesNathan Skrzypczak3-38/+42
Type: fix Change-Id: I41455e1cdc62e7c0baa148630b0701b042f3b156 Signed-off-by: Nathan Skrzypczak <nathan.skrzypczak@gmail.com>
2021-10-06docs: vnet comment nitfixesNathan Skrzypczak15-84/+108
Type: improvement Change-Id: Iac01d7830b53819ace8f199554be10ab89ecdb97 Signed-off-by: Nathan Skrzypczak <nathan.skrzypczak@gmail.com>
2021-10-06ip: add classifier-based ACLs support on ip puntBenoît Ganne5-291/+301
This feature allows one to add classifier-based ACLs on packets punted from the ip infra, eg. to only whitelist specific sender(s). Type: feature Change-Id: Idab37b188583efbca980038875fc3e540cb2e880 Signed-off-by: Benoît Ganne <bganne@cisco.com>
2021-10-05session: Add session_sapi_enable_disableNathan Skrzypczak5-5/+33
Type: feature This adds an API message to do the switch at runtime. Change-Id: Ice6b69c57f0bfbf5668182e25593362ff4133615 Signed-off-by: Nathan Skrzypczak <nathan.skrzypczak@gmail.com>
2021-10-05tap: free the tap_fds vec on interface deletionMohsin Kazmi1-0/+1
Type: fix Tap fds are stored in vector array but deleting tap was not freeing this vector. This patch fixes it. Change-Id: I5228e3b9f432c69cf2656b2ee7402360d775964b Signed-off-by: Mohsin Kazmi <sykazmi@cisco.com>
2021-10-04interface: free the output_node_thread_runtimesMohsin Kazmi1-0/+1
Type: fix output_node_thread_runtimes was not freed when an interface is deleted. This patch fixes it. Change-Id: I763b0109be1904d43839528a346f3b9aa8927205 Signed-off-by: Mohsin Kazmi <sykazmi@cisco.com>
2021-10-04interface: remove the redundant vec_free on rx_queue_indicesMohsin Kazmi1-1/+0
Type: fix vnet_delete_hw_interface() calls vec_free on rx_queue_indices. function vnet_hw_if_unregister_all_rx_queues() is used to free rx_queue_indices which is also called by vnet_delete_hw_interface(). So, second vec_free is redundant. Change-Id: Ibda4be38fd122d33532bb384c97b0b9e5f441134 Signed-off-by: Mohsin Kazmi <sykazmi@cisco.com>
2021-10-04virtio: remove control queue support from virtio_show() for tap/tunMohsin Kazmi1-6/+0
Type: fix Tap/Tun interfaces do not have control queue. This patch removes the support of control queue from virtio_show() which is used by show tap/tun cli. Change-Id: Ib89144ad488ed548fb1ce50ee232a1b8659ccf29 Signed-off-by: Mohsin Kazmi <sykazmi@cisco.com>
2021-10-04fib: fix unitialized padding in fib_api_next_hop_decodeBenoît Ganne1-4/+2
If the type is IPv4, makes sure the padding bytes are set to 0 as this is used by ip46_address_is_ip4() to detect the type. Type: fix Change-Id: I6a81fa05a6b227086853901bf3dcdc66e6d04d2c Signed-off-by: Benoît Ganne <bganne@cisco.com>
2021-10-04ip: fix punt for ipv6Benoît Ganne1-4/+9
Type: fix Change-Id: I583c30e9b63c0b0b6cd5fef0b2cb9ed7ec9856e2 Signed-off-by: Benoît Ganne <bganne@cisco.com>
2021-10-04interface: remove the input_node_thread_index_by_queueMohsin Kazmi2-4/+0
Type: fix input_node_thread_index_by_queue is not being used anymore. Change-Id: I0141fa0d024affb39771acf7516e064c5c8acfe9 Signed-off-by: Mohsin Kazmi <sykazmi@cisco.com>
2021-10-03mpls: Save the L3 header offset in the meta-data before label impositionNeale Ranns1-1/+9
Type: improvement Subsequent features in the data-path can thus easily find the l3 header without parsing the label stack. Signed-off-by: Neale Ranns <neale@graphiant.com> Change-Id: I26f7d4bbe9186aeb8654706579c72424e8ecca2c
2021-10-01devices: add support for pseudo header checksumMohsin Kazmi5-15/+104
Type: improvement Linux uses pseudo header checksum when checksum of l4 is offloaded. This patch adds similar support in virtual interfaces. Change-Id: I6a94d1104e59356f95057e7c122e3be9cd8659a3 Signed-off-by: Aloys Augustin <aloaugus@cisco.com> Signed-off-by: Mohsin Kazmi <sykazmi@cisco.com>
2021-09-30fib: doc nitfixesNathan Skrzypczak10-19/+19
Type: improvement Change-Id: I29346c849a5e1ff3c2ea399671f9f50d075e9f18 Signed-off-by: Nathan Skrzypczak <nathan.skrzypczak@gmail.com>
2021-09-29classify: fix message IDs on API repliesMatthew Smith1-33/+42
Type: fix When the API cleanup of classify messages was done, the code was not updated to add the message enums to REPLY_MSG_ID_BASE. So the wrong message IDs are being sent back in replies to classify API requests. Add REPLY_MSG_ID_BASE when populated vl_msg_id on a reply. Change-Id: Ic7c828f14d42a346fc58fc9ff062b954f494cdbd Signed-off-by: Matthew Smith <mgsmith@netgate.com>
2021-09-29ipsec: Record the number of packets lost from an SANeale Ranns6-22/+88
Type: feature Gaps in the sequence numbers received on an SA indicate packets that were lost. Gaps are identified using the anti-replay window that records the sequences seen. Publish the number of lost packets in the stats segment at /net/ipsec/sa/lost Signed-off-by: Neale Ranns <neale@graphiant.com> Change-Id: I8af1c09b7b25a705e18bf82e1623b3ce19e5a74d
2021-09-29tap: Fix tap create with nsNathan Skrzypczak1-55/+24
This fixes the interface creation passing a netns. [0] made the renaming of the new tuntap interface before switching netns Thus, preventing creating an interface in another netns if one exists in VPP's netns with the same name. This also fixes restore netns on errors Type: fix [0] https://gerrit.fd.io/r/c/vpp/+/33696 Change-Id: I5c83bb37d664057bcf231cd0c636f0e51aa542ad Signed-off-by: Nathan Skrzypczak <nathan.skrzypczak@gmail.com>
2021-09-29fib: add barrier lock for fib_urpf_list_pool and fib_entry_poolStanislav Zaikin2-0/+22
Pools fib_urpf_list_pool and fib_entry_pool can grow while ip6_urpf_loose_check/fib_entry_get_flags_for_source are being executed. That may result as a crash in mt environment. Type: fix Change-Id: I44ca2cb70255e7aaf2e1f7a7d2eecd25cbdd0aaa Signed-off-by: Stanislav Zaikin <zstaseg@gmail.com>
2021-09-28api: API trace improvementsFilip Tehlar1-14/+17
Type: improvement * add support for JSON format in API trace * add ability to replay JSON API trace in both VPP and VAT2 * use CRC for backward compatibility check during JSON API replay * fix API trace CLI (and remove duplicits) * remove custom dump * remove vppapitrace.py * update docs accordingly Change-Id: I5294f68bebe6cbe738630f457f3a87720e06486b Signed-off-by: Filip Tehlar <ftehlar@cisco.com> Signed-off-by: Ole Troan <ot@cisco.com>
2021-09-28misc: vpe.api messages dynamically allocatedOle Troan1-0/+9
This is the last in the series of moving API messages from vpp/api/vpe.api to vlibmemory/memclnt.api. This patch makes the remaining vpe.api messages dynamic, to help VAT2 binary-api command. Moves the VAT test code to a separate file and removes the now unnused API meta files. Type: improvement Signed-off-by: Ole Troan <ot@cisco.com> Change-Id: I01dd78eaff1d3715dff17d2643bf0f7f0089935b Signed-off-by: Ole Troan <ot@cisco.com>
2021-09-28devices: Add queues params in create_ifNathan Skrzypczak7-96/+185
Type: feature Change-Id: I027ff2c5c905a7ccebd3705a58e35218a94f4880 Signed-off-by: Nathan Skrzypczak <nathan.skrzypczak@gmail.com>
2021-09-28sr: add API test filesFilip Tehlar3-0/+370
Type: improvement Signed-off-by: Filip Tehlar <ftehlar@cisco.com> Change-Id: Iefc88107ae96915570ae425a527c3969f7ce7b1d
2021-09-27fib: fix crash on exporter tracker removeVladislav Grishenko1-4/+3
Exported entries are tracked only when the prefix found in the export FIB is really attached, exporter tracker is not set if the export entry is not valid for export, ex. for special FIB entries - default route, zeronet, mcast and broadcast prefixes. When imported entries need to be purged, such unset exporter tracker is being removed by non-initialized index with absent delegate entries, causing corresponding assert and crash. Type: fix Signed-off-by: Vladislav Grishenko <themiron@yandex-team.ru> Change-Id: Ib24a2e7853a03a960577872480213e1e8097da5a
2021-09-27virtio: Still init unused txqNathan Skrzypczak1-17/+0
Type: fix For some virtio backends, packets don't seem to flow if all the queues that have been requested are not initialized Change-Id: I41765d668497ff954e6d69d36836590947fd93b1 Signed-off-by: Nathan Skrzypczak <nathan.skrzypczak@gmail.com>
2021-09-27gso: do not gro on small packetsAloys Augustin1-3/+41
This has two benefits: fix an issue where small packets can be padded to 64 bytes by the ethernet layer, and we included these bytes in the tcp stream; and also if we receive a small packet, it signals that this tcp stream is likely more latency-sensitive than throughput- sensitive, and skipping gro buffering should be beneficial. Type: fix Change-Id: I165b97673d8cdce95ebf0a66c362ae9f9e6f3f34 Signed-off-by: Aloys Augustin <aloaugus@cisco.com>
2021-09-27tap: move the api msg_id_base to tap_main_tMohsin Kazmi2-3/+3
Type: fix Signed-off-by: Mohsin Kazmi <sykazmi@cisco.com> Change-Id: Ia4065550a7ad1109e3a2592ef2c21b5e23fa85b5
2021-09-27misc: api move continuedFlorin Coras3-2/+3
Move control ping and change dependencies from vpe.api_types to memclnt.api_types Type: refactor Signed-off-by: Florin Coras <fcoras@cisco.com> Change-Id: I9f8bc442e28738c48d64d1f6794082c8c4f5725b
2021-09-27ip: fix ip table allocation randomnessAloys Augustin1-1/+1
This prevents going through the same sequence every time the api is called. Type: fix Change-Id: I3ca3587ab5d1c060e2913ca88501b8dbcdd9c196 Signed-off-by: Aloys Augustin <aloaugus@cisco.com>
2021-09-27misc: move part of vpe apis to vlibmemoryFlorin Coras4-4/+12
VPE apis are actually vlib apis. This moves those that are not tightly coupled with vapi to vlib_api Type: refactor Signed-off-by: Florin Coras <fcoras@cisco.com> Change-Id: I456a64ce49a0cdeff4a0931c6ea513cb639f683e Signed-off-by: Ole Troan <ot@cisco.com>
2021-09-24ip: set error number on failed intf addrMatthew Smith2-2/+8
Type: fix A subinterface that does not have exact match enabled cannot have an IP address configured on it. When this is validated in the functions which add an interface IP address for IPv4 and IPv6, a clib_error_t * is returned but api_errno is not set. The API handler uses the value of vnet_main.api_errno to set the return value in it's reply. Since it was not set, the API reports the operation succeeded. Set vnet_main.api_errno if vnet_sw_interface_supports_addressing() returns a non-null value when adding/deleting an interface IP address. Change-Id: I257a30d21788986102a2a719235e714ff16a24e8 Signed-off-by: Matthew Smith <mgsmith@netgate.com>
2021-09-23classify: use AVX-512 to find entryDamjan Marion1-3/+41
Type: improvement Change-Id: I10f4084907ad714aded86e0b7a1a4d1c5fa1f140 Signed-off-by: Damjan Marion <damarion@cisco.com>
2021-09-23classify: use AVX-512 to calculate hash on x86Damjan Marion2-1/+29
Type:improvement Change-Id: I9f9f16eabf64203db11cd4338948d76ca5e0ef12 Signed-off-by: Damjan Marion <damarion@cisco.com>
2021-09-22tap: remove cxq_vring from tap/tunMohsin Kazmi1-1/+0
Type: fix virtio_if_t is shared data struct between tap, tun and virtio pci. cxq_vring is virtio pci specific element. It shouldn't be set or accessed in tap driver. Signed-off-by: Mohsin Kazmi <sykazmi@cisco.com> Change-Id: I8b34570f61b38d8b9d79d5b0669bda0f89ebc28c
2021-09-22virtio: fix the type of argument in virtio_show()Mohsin Kazmi2-7/+8
Type: fix virtio have three different interfaces (tap, tun and native virtio). virtio_show() is used by CLI commands to show information about these interfaces. It uses interface type to print interface specific information. virtio_show() should use proper type for virtio interfaces (TAP, TUN, VIRTIO). Signed-off-by: Mohsin Kazmi <sykazmi@cisco.com> Change-Id: I2043dc2cfe2e2f6c7c9348b8494aa4a27cab31f3
2021-09-22interface: allow an interface's index to be given in 'sh int'Neale Ranns1-0/+15
Type: improvement e.g.: DBGvpp# sh int 3 Name Idx State MTU (L3/IP4/IP6/MPLS) Counter Count loop2 3 down 9000/0/0/0 Signed-off-by: Neale Ranns <neale@graphiant.com> Change-Id: Ie296167ab2b1b9576b46f6d4d9fb9546aef3a0da
2021-09-22hash: fix the initialization warning error on gcc-10Mohsin Kazmi1-4/+4
Type: fix Signed-off-by: Mohsin Kazmi <sykazmi@cisco.com> Change-Id: Ic7d99154def71cd06e8faa64180912e5b844424e
2021-09-22ip: add ip_table_allocate to apiAloys Augustin6-16/+113
Set tableID = ~0 for auto selection unused ID https://jira.fd.io/browse/VPP-1993 Type: improvement Change-Id: I4eec2cc1d18fc025196cb6ac4c9a4b374388eb56 Signed-off-by: Artem Glazychev <artem.glazychev@xored.com> Signed-off-by: Aloys Augustin <aloaugus@cisco.com>