summaryrefslogtreecommitdiffstats
path: root/src/vnet
AgeCommit message (Collapse)AuthorFilesLines
2021-02-12ipsec: Store thread-index in buffer meta-data during SA handoffNeale Ranns7-32/+22
Type: improvement negates the need to load the SA in the handoff node. don't prefetch the packet data, it's not needed. Signed-off-by: Neale Ranns <neale@graphiant.com> Change-Id: I340472dc437f050cc1c3c11dfeb47ab09c609624
2021-02-12policer: tidy upBrian Russell3-162/+50
Convert old logging style to new and remove unused tracepoints. Remove code always conditionally not compiled. Make comment style consistent. Type: improvement Change-Id: I13339f28539cf190fb92be2d5c8020b6249319c8 Signed-off-by: Brian Russell <brian@graphiant.com>
2021-02-12policer: use enum typesBrian Russell5-41/+31
Make the policer action enum packed and use it in the policer code. Use other policer enums where applicable. Type: improvement Signed-off-by: Brian Russell <brian@graphiant.com> Change-Id: I32f9735942af8bca3160b9ef8a75f605d9aba5fa
2021-02-12policer: remove SSE2 prefixBrian Russell9-486/+427
The policer code uses a naming convention of prefixing a lot of its definitions with "SSE2" when in fact there is nothing SSE2 specific about them. This is confusing so remove the prefix. Unfortunately it has to stay in the API definitions for backward compatibility. Type: improvement Signed-off-by: Brian Russell <brian@graphiant.com> Change-Id: I59a7df9fd5ded2575f2e587b2768a025a213b07c
2021-02-11tests: tag the tests that do not work with multi-worker configurationAndrew Yourtchenko3-0/+6
If the multi-worker default VPP configuration is triggered by setting VPP_WORKER_CONFIG="workers 2", some of the tests fail for various reasons. It's a substantial number, so this change marks all of the testsets that have this issue, such that they can be addressed later independently. Type: test Change-Id: I4f77196499edef3300afe7eabef9cbff91f794d3 Signed-off-by: Andrew Yourtchenko <ayourtch@gmail.com>
2021-02-11policer: use ip dscpBrian Russell5-67/+8
Use the common IP definitions of DSCP rather than duplicating in the policer code. Type: improvement Signed-off-by: Brian Russell <brian@graphiant.com> Change-Id: Iff4bc789356edc290b9c31eca33e93cf5b6211bf
2021-02-10vcl: validate seg handle on migrate only if neededFlorin Coras1-1/+1
Type: fix Signed-off-by: Florin Coras <fcoras@cisco.com> Change-Id: I3c15a465f84f2ceb6bd5f1c459899824d4bc1c90
2021-02-10tests: add policer testsBrian Russell1-0/+123
Add some tests which configure policer params, use the policer test helper CLI to police pretend packets and then check the policer stats. Type: test Signed-off-by: Brian Russell <brian@graphiant.com> Change-Id: Ib2688b6f77d84a4bfd3c8185e44c59fa2300716a
2021-02-10ipsec: Use the new tunnel API types to add flow label and TTL copyNeale Ranns14-263/+367
support Type: feature attmpet 2. this includes changes in ah_encrypt that don't use uninitialised memory when doing tunnel mode fixups. Signed-off-by: Neale Ranns <neale@graphiant.com> Change-Id: Ie3cb776f5c415c93b8a5ee22f22586fd0181110d
2021-02-10nat: fix EI hairpinning thread safetyKlement Sekera1-0/+1
Avoid doing inter-thread reads without locks by doing a handoff before destination address rewrite. Destination address is read from a session which is possibly owned by a different thread. By splitting the work in two parts with a handoff in the middle, we can do both in a thread safe way. Type: improvement Signed-off-by: Klement Sekera <ksekera@cisco.com> Change-Id: I1c50d188393a610f5564fa230c75771a8065f273
2021-02-09l2: crash on l2_input_is_xconnectSteven Luong1-10/+8
Running vpp without any interface configured and then invoking the binary-api l2_xconnect_dump causes vpp to crash in l2_input_is_xconnect due to l2input_main.configs has no memory allocated to it, not even for the local interface which exists all the times. The reason that l2input_main.configs has no memory allocated to it was due to gerrit patch 29232 which took out a line in l2input_init /* Create the config vector */ vec_validate (mp->configs, 100); The fix is to iterate through l2input_main.configs for each interface in l2 to call l2_input_is_xconnect when dumping l2_xconnect interfaces. Type: fix Fixes: gerrit 29232 Signed-off-by: Steven Luong <sluong@cisco.com> Change-Id: I8d9cba4b7eba4c2e0c60887c4fd57d5ec3b06d3b
2021-02-09tls: dtls initial implementationFlorin Coras4-30/+247
Type: feature Basic dtls transport protocol implementation that relies on openssl wire protocol implementation. Retries/timeouts not yet supported. To test using vcl test apps, first ensure all arp entries are properly resolved and subsequently: server: vcl_server -p dtls 1234 client: vcl_client -p dtls <server-ip> 1234 -U -N 2000000 -T 1460 -X Signed-off-by: Florin Coras <fcoras@cisco.com> Change-Id: I04b4516a8fe9ce85ba230bcdd891f33a900046ed
2021-02-09session: coverity fixesFlorin Coras1-2/+4
Type: fix Signed-off-by: Florin Coras <fcoras@cisco.com> Change-Id: I2828287c58115aa08c0a4297c01cea60f41f4749
2021-02-09Revert "ipsec: Use the new tunnel API types to add flow label and TTL copy"Matthew Smith14-331/+234
This reverts commit c7eaa711f3e25580687df0618e9ca80d3dc85e5f. Reason for revert: The jenkins job named 'vpp-merge-master-ubuntu1804-x86_64' had 2 IPv6 AH tests fail after the change was merged. Those 2 tests also failed the next time that job ran after an unrelated change was merged. Change-Id: I0e2c3ee895114029066c82624e79807af575b6c0 Signed-off-by: Matthew Smith <mgsmith@netgate.com>
2021-02-08ipsec: Use the new tunnel API types to add flow label and TTL copyNeale Ranns14-234/+331
support Type: feature Signed-off-by: Neale Ranns <neale@graphiant.com> Change-Id: I6d4a9b187daa725d4b2cbb66e11616802d44d2d3
2021-02-08interface: automask interrupts to polling rxqsMohammed Hawari1-1/+3
Sometimes, vnet_hw_if_rx_queue_set_int_pending is called on rxqs which are not in interrupt mode. Currently, it segfaults due to a too small clib_interrupt_t structure. This change prevents that and makes the framework slightly more robust to driver bugs (that might be subtle to track in some cases involving concurrency...) Change-Id: I9643b9b1aa37e6852754b93f10cd2f96ed9e6118 Signed-off-by: Mohammed Hawari <mohammed@hawari.fr> Type: fix
2021-02-08virtio: use vpp clib_memset instead glibc memsetMohsin Kazmi1-2/+2
Type: improvement Signed-off-by: Mohsin Kazmi <sykazmi@cisco.com> Change-Id: Ib3cefe5d27286c4853eb0c0e1803a94787a62c97
2021-02-08virtio: add atomic call for kickingMohsin Kazmi2-20/+6
Type: fix Signed-off-by: Mohsin Kazmi <sykazmi@cisco.com> Change-Id: I41faa2ca249ff75e564a732af896e6b5d76bf665
2021-02-08ipsec: Checking wrong DB for initialistationNeale Ranns1-17/+17
Type: fix Signed-off-by: Neale Ranns <neale@graphiant.com> Change-Id: I2325d311a6fd7343c7041dc516777f4db0029823
2021-02-08tunnel: support copying TTL and flow label from inner to outerNeale Ranns11-56/+488
Type: feature The added functionality is to support copying TTL and flow label from inner to outer. The .api was extened to support expressing this and also adding a common tunnel endpoint type. i find it best to make API changes in one patch so there are less versions of the API. Signed-off-by: Neale Ranns <neale@graphiant.com> Change-Id: I755c1e3f4c475058792af39c1abeda92129efb76
2021-02-06ipsec: CLI improvement for udp port encapMohammed Hawari1-0/+5
Change-Id: I59f55db7209549ad43a1205470a2f5ea9ea8a1c7 Signed-off-by: Mohammed Hawari <mohammed@hawari.fr> Type: feature
2021-02-05tcp: fix port reuse with multiple listenersFlorin Coras2-3/+11
The check in listen state that the listener is not valid is not enough if the time wait session's index overlaps an actual listener's index. Thanks wanghanlin@corp.netease.com for the report! Type: fix Signed-off-by: Florin Coras <fcoras@cisco.com> Change-Id: I3dff0cb134940a8265ff908faa607c67dba5e56b
2021-02-05devices: af-packet gso mtuNathan Skrzypczak4-38/+126
Type: fix Set the GSO flag when buffer length exceeds the linux mtu. Don't listen for mtu changes on linux side for now. This also fixes a TX issue, as we only search for valid frames on tx to the extent of n_left, we might stay stuck. Change-Id: Idf0bdd88990254a614962c2f7bc3e0292ccfd61a Signed-off-by: Nathan Skrzypczak <nathan.skrzypczak@gmail.com>
2021-02-05session svm: non blocking mqFlorin Coras2-4/+3
Avoid synchronizing producers and the consumer. Instead, only use mutex or spinlock (if eventfds are configured) to synchronize producers. Type: improvement Signed-off-by: Florin Coras <fcoras@cisco.com> Change-Id: Ie2aafbdc2e07fced5d5e46ee2df6b30a186faa2f
2021-02-05ip: Remove unused include fileNeale Ranns1-1/+0
Type: refactor Signed-off-by: Neale Ranns <neale@graphiant.com> Change-Id: Iae135cbca372def29b1dd5e9f29b7db546ef1a3e
2021-02-05nat: 1:1 policy NATOle Troan1-2/+2
A NAT sub-plugin doing statically configured match/rewrite on IP4 input or output. It's stateless (no connection tracking). Currently it supports rewriting of SA, DA and TCP/UDP ports. It should be simple to add new rewrites if required. API: pnat_binding_add, pnat_binding_del, pnat_bindings_get, pnat_interfaces_get CLI: set pnat translation interface <name> match <5-tuple> rewrite <5-tuple> {in|out} [del] show pnat translations show pnat interfaces Trying a new C based unit testing scheme. Where the graph node is tested in isolation. See pnat/pnat_test.c. Also added new cmake targets to generate coverage directly. E.g.: make test_pnat-ccov-report File '/vpp/sdnat/src/plugins/nat/pnat/pnat.c': Name Regions Miss Cover Lines Miss Cover ------------------------------------------------------------------------------------ pnat_interface_by_sw_if_index 39 8 79.49% 13 0 100.00% pnat_instructions_from_mask 9 0 100.00% 13 0 100.00% pnat_binding_add 64 8 87.50% 31 2 93.55% pnat_flow_lookup 4 4 0.00% 10 10 0.00% pnat_binding_attach 104 75 27.88% 33 6 81.82% pnat_binding_detach 30 5 83.33% 23 2 91.30% pnat_binding_del 97 33 65.98% 17 3 82.35% pnat.c:pnat_calc_key_from_5tuple 9 1 88.89% 14 1 92.86% pnat.c:pnat_interface_check_mask 10 2 80.00% 11 2 81.82% pnat.c:pnat_enable 5 0 100.00% 11 0 100.00% pnat.c:pnat_enable_interface 107 26 75.70% 60 15 75.00% pnat.c:pnat_disable_interface 91 30 67.03% 32 7 78.12% pnat.c:pnat_disable 7 2 71.43% 13 7 46.15% ------------------------------------------------------------------------------------ TOTAL 576 194 66.32% 281 55 80.43% File '/vpp/sdnat/src/plugins/nat/pnat/pnat_node.h': Name Regions Miss Cover Lines Miss Cover ------------------------------------------------------------------------------------ pnat_test.c:pnat_node_inline 67 11 83.58% 115 1 99.13% pnat_test.c:pnat_calc_key 9 2 77.78% 14 2 85.71% pnat_test.c:pnat_rewrite_ip4 55 11 80.00% 60 12 80.00% pnat_test.c:format_pnat_trace 1 1 0.00% 12 12 0.00% pnat_node.c:pnat_node_inline 63 63 0.00% 115 115 0.00% pnat_node.c:pnat_calc_key 9 9 0.00% 14 14 0.00% pnat_node.c:pnat_rewrite_ip4 55 55 0.00% 60 60 0.00% pnat_node.c:format_pnat_trace 5 5 0.00% 12 12 0.00% ------------------------------------------------------------------------------------ TOTAL 264 157 40.53% 402 228 43.28% Type: feature Change-Id: I9c897f833603054a8303e7369ebff6512517c9e0 Signed-off-by: Ole Troan <ot@cisco.com>
2021-02-05ipsec: add support for AES CTRBenoît Ganne6-139/+182
Type: feature Change-Id: I9f7742cb12ce30592b0b022c314b71c81fa7223a Signed-off-by: Benoît Ganne <bganne@cisco.com>
2021-02-05interface: RX/TX direction type in APINeale Ranns4-70/+87
Type: feature Signed-off-by: Neale Ranns <neale.ranns@cisco.com> Change-Id: I982205b48615395f19cbb36c73854fb5c3db45e8
2021-02-05vxlan: add udp-port configuration supportArtem Glazychev5-60/+320
Type: improvement Signed-off-by: Artem Glazychev <artem.glazychev@xored.com> Change-Id: Ie30d51ab4df5599b52f7335f863b930cd69dbdc1
2021-02-05sr: Fix the issue that L3VPN SRv6 encapsulated packets could not be forwarded.Tetsuya Murakami3-2/+20
Type: fix Signed-off-by: Tetsuya Murakami <tetsuya.mrk@gmail.com> Change-Id: Ia12feee9e46d4951519d5c6f9d1a21d89701dc0f Signed-off-by: Tetsuya Murakami <tetsuya.mrk@gmail.com>
2021-02-04mpls: MPLS Hash fixesNeale Ranns2-8/+9
Type: fix MPLS hash includes the IP hash at the bottom of the stack. Default this to the IP default and use the value passed in to the compute function. Signed-off-by: Neale Ranns <neale@graphiant.com> Change-Id: I3f8cb0f7c4fe98ea903a752c2b5fd3d7e26d449a
2021-02-04vlib: "revert startup multi-arch variant configuration fix for interfaces"Damjan Marion3-31/+4
Type: fix This reverts commit 5a48b3b9d88fa2793793e2bf3db8bf156fe2951f. Change-Id: Ifa91b18bdbbc32bb729abc09d95637d9cdf42c3b Signed-off-by: Damjan Marion <damarion@cisco.com> Signed-off-by: Andrew Yourtchenko <ayourtch@gmail.com>
2021-02-04linux-cp: Linux Interface Mirroring for Control Plane IntegrationNeale Ranns2-2/+12
Type: feature please see FEATURE.yaml for details. Signed-off-by: Neale Ranns <nranns@cisco.com> Signed-off-by: Matthew Smith <mgsmith@netgate.com> Signed-off-by: Jon Loeliger <jdl@netgate.com> Signed-off-by: Pim van Pelt <pim@ipng.nl> Change-Id: I04a45c15c0838906aa787e06660fa29f39f755fa
2021-02-04ipsec: one thread index per-SANeale Ranns8-57/+36
Type: improvement AN SA is uni-drectional therefore it can be used only for encrypt or decrypt, not both. So it only needs one thread ID. free up some space on the 1st cacheline. Signed-off-by: Neale Ranns <neale@graphiant.com> Change-Id: I21cb7cff70a763cbe2bffead860b574bc80b3136
2021-02-03vxlan: fix interface namingRay Kinsella1-6/+8
Previous commit broke naming of vxlan interfaces. Type:fix Fixes:a4b0541f6 Signed-off-by: Ray Kinsella <mdr@ashroe.eu> Change-Id: I5e304821be73547b4e47c35ad9632283f153830f
2021-02-02policer: add countersBrian Russell4-8/+58
Add counters to the policer against each of the 3 possible results: conform, exceed and violate. Type: improvement Signed-off-by: Brian Russell <brian@graphiant.com> Change-Id: Ia98a2f5655df6873259197d6bbf0ff2709b7d60e
2021-02-01fib: Changes to interpose sourceNeale Ranns5-19/+78
Type: improvement 1) stack the interpose on any path-extensions (e.g. labels) from the next best source 2) allow more than 1 source to contribute a DPO for a given prefix Signed-off-by: Neale Ranns <neale@graphiant.com> Change-Id: Idc2fbb36cfbd2387081765d8af0f1fbe61612160
2021-02-01tap: fix the interrupt handlingMohsin Kazmi1-3/+4
Type: fix Interrupt are suppressed from kernel on tx path. Signed-off-by: Mohsin Kazmi <sykazmi@cisco.com> Change-Id: I9f39f343b7e16bad09910766adf0b09654721f67
2021-01-29interface: fix interface name overflow in logsBenoît Ganne1-9/+9
hi->name is a non-NULL-terminated vector. Type: fix Change-Id: I1a9f128f24f137b43cb47169677cc4288043fbd7 Signed-off-by: Benoît Ganne <bganne@cisco.com>
2021-01-28ip: do policer thread handoff from punt policersBrian Russell3-51/+130
Pass packets arriving at the ip[46] punt policer nodes to punt policer handoff nodes if the worker thread they arrive on is not the same one configured in the policer. Initially, the policer will be tied to the worker thread that it first received a packet on. This will be expanded in future to be a configuration API option. Type: improvement Signed-off-by: Brian Russell <brian@graphiant.com> Change-Id: Ic39d936084c354af1859ad3d946da6cd0f6e34d9
2021-01-28policer: add policer handoffBrian Russell2-0/+81
Add thread handoff for packets being policed. Note that the handoff currently requires the policer index to be passed in. This is suitable for use in the ip[46] punt paths where each policer node will only ever use a single policer. For the more general case, this will be expanded in future to use a policer index stored in packet metadata. Type: improvement Signed-off-by: Brian Russell <brian@graphiant.com> Change-Id: I85a0ecbcfb025f8844e763224cd3de1561249aca
2021-01-28ip: add frame queues to punt policer nodesBrian Russell2-0/+10
The policer is not thread safe. In order that handoff could be performed, add a frame queue to each of the punt policer nodes. Type: improvement Signed-off-by: Brian Russell <brian@graphiant.com> Change-Id: Iee50267ee7e36f0e6c95b9b43bf651648198b834
2021-01-28policer: add thread index to policerBrian Russell2-3/+8
Add a thread index field to the policer structure. The policer is not thread safe. The thread index will be used to tie it to one worker thread and other workers can use thread handoff. Type: improvement Signed-off-by: Brian Russell <brian@graphiant.com> Change-Id: I650e983a9ed800bf660d6f06368717484c4a83bf
2021-01-28ip: Router ID included in flow hashNeale Ranns9-7/+61
Type: feature A device/router needs to have a unique ID which is included in the flow has so that flows are not polarised through the network, i.e. each deice in the network chooses the same nth link for the same flow. Signed-off-by: Neale Ranns <neale@graphiant.com> Change-Id: I963e03674adbb085902b4084fdc4886b88f5734c
2021-01-27vhost: vhost interface hardware address not setSteven Luong3-6/+9
The check args->hwaddr is always true and it always copies the mac address from args->hwaddr even though none was set. Check args->use_custom_mac instead. Type: fix Fixes: gerrit 29970 Signed-off-by: Steven Luong <sluong@cisco.com> Change-Id: I0c51bf1ea79b02c4fbdc3c52e694f186bdd96600
2021-01-26session: clear ct fifo flag prior to notificationFlorin Coras1-6/+7
Type: fix Signed-off-by: Florin Coras <fcoras@cisco.com> Change-Id: I6db15780d87426eee852aa020c50cbdf45dc1f95
2021-01-26interface: remove vnet_device_input_runtime_tMohammed Hawari5-419/+1
Change-Id: I85a463b4ca15baf11e3eb70189f5190ba2585170 Type: refactor Signed-off-by: Mohammed Hawari <mohammed@hawari.fr>
2021-01-25svm: add custom q implementation for mqFlorin Coras4-16/+17
Add separate queue implementation for the message queue as it's custom tailored for fifo segments as opposed to binary api. Also move eventfds to the private data structures. Type: refactor Signed-off-by: Florin Coras <fcoras@cisco.com> Change-Id: I6df0c824ecd94c7904516373f92a9fffc6b04736
2021-01-25vlib: startup multi-arch variant configuration fix for interfacesRadu Nicolau3-4/+31
Propagate the multi-arch variant selection to interfaces. Type: fix Signed-off-by: Radu Nicolau <radu.nicolau@intel.com> Change-Id: I99c4a7896f172f0d14d2ded22a27383825529a7d
2021-01-22tests: add generalized tags for tests, use them for run-solo testsAndrew Yourtchenko1-24/+7
We have accumulated several scenarios in prod or wishlists where it would be useful to have a general infra to say yes/no about a certain test, and potentially make decisions based on that, for example: - runs solo (aka 'time-dependent') - (wishlist) part of quick smoke-test set - (wishlist) intermittent failure unrelated to timing - (wishlist) test broken with a multi-worker config in vpp Refactor the current "run-solo" code to allow for this extension. Type: test Change-Id: Ia5b3810e57c0543753c8e0dc4dc0cfb4a30b36ac Signed-off-by: Andrew Yourtchenko <ayourtch@gmail.com> Signed-off-by: Klement Sekera <ksekera@cisco.com>