aboutsummaryrefslogtreecommitdiffstats
path: root/src/vnet
AgeCommit message (Collapse)AuthorFilesLines
2022-04-14ipsec: perf improvement of ipsec4_input_node using flow cacheZachary Leaf8-54/+311
Adding flow cache support to improve inbound IPv4/IPSec Security Policy Database (SPD) lookup performance. By enabling the flow cache in startup conf, this replaces a linear O(N) SPD search, with an O(1) hash table search. This patch is the ipsec4_input_node counterpart to https://gerrit.fd.io/r/c/vpp/+/31694, and shares much of the same code, theory and mechanism of action. Details about the flow cache: Mechanism: 1. First packet of a flow will undergo linear search in SPD table. Once a policy match is found, a new entry will be added into the flow cache. From 2nd packet onwards, the policy lookup will happen in flow cache. 2. The flow cache is implemented using a hash table without collision handling. This will avoid the logic to age out or recycle the old flows in flow cache. Whenever a collision occurs, the old entry will be overwritten by the new entry. Worst case is when all the 256 packets in a batch result in collision, falling back to linear search. Average and best case will be O(1). 3. The size of flow cache is fixed and decided based on the number of flows to be supported. The default is set to 1 million flows, but is configurable by a startup.conf option. 4. Whenever a SPD rule is added/deleted by the control plane, all current flow cache entries will be invalidated. As the SPD API is not mp-safe, the data plane will wait for the control plane operation to complete. Cache invalidation is via an epoch counter that is incremented on policy add/del and stored with each entry in the flow cache. If the epoch counter in the flow cache does not match the current count, the entry is considered stale, and we fall back to linear search. The following configurable options are available through startup conf under the ipsec{} entry: 1. ipv4-inbound-spd-flow-cache on/off - enable SPD flow cache (default off) 2. ipv4-inbound-spd-hash-buckets %d - set number of hash buckets (default 4,194,304: ~1 million flows with 25% load factor) Performance with 1 core, 1 ESP Tunnel, null-decrypt then bypass, 94B (null encrypted packet) for different SPD policy matching indices: SPD Policy index : 2 10 100 1000 Throughput : Mbps/Mbps Mbps/Mbps Mbps/Mbps Mbps/Mbps (Baseline/Optimized) ARM TX2 : 300/290 230/290 70/290 8.5/290 Type: improvement Signed-off-by: Zachary Leaf <zachary.leaf@arm.com> Signed-off-by: mgovind <govindarajan.Mohandoss@arm.com> Tested-by: Jieqiang Wang <jieqiang.wang@arm.com> Change-Id: I8be2ad4715accbb335c38cd933904119db75827b
2022-04-12ip: fix arc start in ip46-local for local mfib entriesAlexander Chernavin2-25/+25
Type: fix After changes made in f840880, VRRP IPv6 cannot reply for neighbor solicitations requesting the link layer address of the configured virtual address. VRRP IPv6 enables the vrrp6-nd-input feature in the ip6-local feature arc for an interface on which a virtual router is configured. When neighbor solicitations arrive on that interface, ip6-local should start feature arc walk for that interface and the messages should be processed by vrrp6-nd-input. The problem is that currently, the feature arc is started for the interface obtained from the receive DPO that has interface unset (i.e. max u32) for local mfib entries. Thus, the feature arc is started not on the interface the messages were received on and vrrp6-nd-input is not traversed. With this fix, if interface obtained from the receive DPO is unset, use RX interface from the buffer to start the ip46-local feature arc. Also, enable tests of this case for both IPv4 and IPv6 address families that are currently tagged as extended and not run on every change. They configure VRRP with priority 255 and are expected to be stable. Signed-off-by: Alexander Chernavin <achernavin@netgate.com> Change-Id: I11ef3d5a7a986e04431e8613d1510b8666094bd7
2022-04-12tcp: limit persist segment size if window availableFlorin Coras1-1/+3
Type: improvement Signed-off-by: Florin Coras <fcoras@cisco.com> Change-Id: Ie1ae401d5105aa42761d3cac5dfbe523f3995c87
2022-04-11teib: use nexthop table idBenoît Ganne1-3/+0
Use the specified nexthop table id instead of the interface table id. Type: fix Change-Id: I61bf61d50d2716fcd9a6e35df4d60222dc4f36d5 Signed-off-by: Benoît Ganne <bganne@cisco.com>
2022-04-11interface: fix the offloadsMohsin Kazmi1-0/+2
Type: fix Signed-off-by: Mohsin Kazmi <sykazmi@cisco.com> Change-Id: I9f3d1a8574b15f09a458baad98c815e087fd60b8
2022-04-11tls: fix connected notifications with no app wrkFlorin Coras1-5/+9
Type: fix Signed-off-by: Florin Coras <fcoras@cisco.com> Change-Id: I805131b4e3d0cb2fab1d3bf76db659c67522c2e8
2022-04-11devices: refactor fanout supportMohsin Kazmi3-27/+37
Type: refactor Signed-off-by: Mohsin Kazmi <sykazmi@cisco.com> Change-Id: I9e68ecb91f6433f68a8a87dd066f3e369f25a3c9
2022-04-08devices: fix the offset for af-packetMohsin Kazmi1-14/+7
Type: fix Signed-off-by: Mohsin Kazmi <sykazmi@cisco.com> Change-Id: I12b2e53ddb797cc809a2d742d17a1a60edde385d
2022-04-07tls http: run config fns after init onesFlorin Coras1-1/+1
Type: fix Signed-off-by: Florin Coras <fcoras@cisco.com> Change-Id: Ia4d8aaafeb3629f421601edffefe9c61c3e69dba
2022-04-07devices: add cli support for checksum and gso disableMohsin Kazmi5-20/+29
Type: improvement Signed-off-by: Mohsin Kazmi <sykazmi@cisco.com> Change-Id: I33a29cf11998736347eca5016eee112619d847c1
2022-04-06devices: add cli support to disable qdisc bypassMohsin Kazmi5-12/+39
Type: improvement Signed-off-by: Mohsin Kazmi <sykazmi@cisco.com> Change-Id: Ie5f2bdb8fb559680bab863a7c24a49360e005b58
2022-04-06interface: unregister node counters on interface deleteDamjan Marion1-0/+2
Type: fix Change-Id: I2562ae5833b542c29bcd5025a9a6756e5de95a42 Signed-off-by: Damjan Marion <damarion@cisco.com>
2022-04-05tap: fix the coverity warningMohsin Kazmi1-1/+1
Type: fix Signed-off-by: Mohsin Kazmi <sykazmi@cisco.com> Change-Id: I609fb28e58286ff490d12384b03dd713830379b3
2022-04-05devices: remove redundant code af-packetMohsin Kazmi2-23/+3
Type: refactor Signed-off-by: Mohsin Kazmi <sykazmi@cisco.com> Change-Id: Id485f525057163582dc7a83f7dab7a8b2e759270
2022-04-05devices: fix the received blocks countersMohsin Kazmi1-5/+4
Type: fix Signed-off-by: Mohsin Kazmi <sykazmi@cisco.com> Change-Id: If7d9c94dcdc32fa66763e18bd3be7d28b2d17946
2022-04-05devices: fix the coverity warnings for af-packet v3Mohsin Kazmi1-9/+14
Type: fix Signed-off-by: Mohsin Kazmi <sykazmi@cisco.com> Change-Id: Ie647fb280831af23925c4b5f659f1dade6d37eff
2022-04-04vppinfra: make _vec_len() read-onlyDamjan Marion26-43/+45
Use of _vec_len() to set vector length breaks address sanitizer. Users should use vec_set_len(), vec_inc_len(), vec_dec_len () instead. Type: improvement Change-Id: I441ae948771eb21c23a61f3ff9163bdad74a2cb8 Signed-off-by: Damjan Marion <damarion@cisco.com>
2022-04-04udp: use pool safe reallocsFlorin Coras3-81/+8
Type: improvement Signed-off-by: Florin Coras <fcoras@cisco.com> Change-Id: I5bd0b300af07424d1ce4807fa0b17e375001f089
2022-04-04tcp: use safe realloc poolFlorin Coras1-3/+3
Type: improvement Signed-off-by: Florin Coras <fcoras@cisco.com> Change-Id: I8ba93643236aaa50eeb4755b74821a8c4ca6179b
2022-04-04interface api: restore order of context valueVratko Polak1-1/+2
vl_api_sw_interface_tx_placement_get_t_handler is autoendian. So (contrary to most other uses) the context is in native order there. Thus, send_interface_tx_placement_details needs to convert back before using REPLY_MACRO_DETAILS5 macro. Type: fix Fixes: 0d05c0d214ffd326e531bea58f3c971bb9a58252 Change-Id: I00a3734cafa66d7d76c7edaea526a1eae0448ad9 Signed-off-by: Vratko Polak <vrpolak@cisco.com>
2022-04-04session: use session layer rpc for evts sent to mainFlorin Coras1-5/+9
Fix race with connects for iperf3 udp test. Type: fix Signed-off-by: Florin Coras <fcoras@cisco.com> Change-Id: Ief725b80047911e87ba24736dc0a60aa8bcdac50
2022-04-04devices: add multi-queue support for af-packetMohsin Kazmi6-270/+571
Type: feature Change-Id: I0f4e6517fcfa07ffb0aba89b159ac1337937a508 Signed-off-by: Mohsin Kazmi <sykazmi@cisco.com>
2022-04-04interface: read only one line in show hardwareVratko Polak1-9/+16
Type: fix Change-Id: I442496585fc24b7458535ad1a1d8db525c258540 Signed-off-by: Vratko Polak <vrpolak@cisco.com>
2022-04-01session: leverage new pool functions in safe reallocFlorin Coras3-54/+50
Type: improvement Signed-off-by: Florin Coras <fcoras@cisco.com> Change-Id: I2c264c31d2470b11b94d68411fa8266387319146
2022-03-31vlib: add support for workers syncFlorin Coras1-38/+2
Adds api that allows workers to synchronize through main thread. Type: improvement Signed-off-by: Florin Coras <fcoras@cisco.com> Change-Id: I1e75e2fb5144d397d19b13c4dfc7e937f11c044c
2022-03-31session: fix coverity warningFlorin Coras1-0/+4
Type: fix Signed-off-by: Florin Coras <fcoras@cisco.com> Change-Id: I6ddb172d7b4f0ba06b0117d71853a22702a3466b
2022-03-31crypto: drop the frame if there is no handlerDastin Wilski1-0/+6
If async engines are disbaled and async is turned on vpp tries to enqueue frame with nonexisting handler which leads to segfault. This patch checks for handler and drops the frame in case it doesn't exist. Type: fix Signed-off-by: Dastin Wilski <dastin.wilski@gmail.com> Change-Id: I67211867ee29dc41cc9f0733e8e0b3ea86677f85
2022-03-30tls: support to reinitialise ca_chain wo restartSaravanan Murugesan2-0/+8
Type: improvement Signed-off-by: Saravanan Murugesan <sarmurug@cisco.com> Change-Id: I90e90678ae6586019cc842f9d504d53991cfabe4
2022-03-30ip: Reference count the enabling the punt featureNeale Ranns2-4/+14
Type: fix otherwise punt features are applied multiple times to the same packet if enabled multiple times Signed-off-by: Neale Ranns <neale@graphiant.com> Change-Id: If0cbd9065275f68a10fd6d35e4f7a7c7508245e0
2022-03-30udp: fix inner packet checksum calculation in udp-encapMauro Sardara6-64/+137
When computing the inner packet checksum, the code wrongly assumes that the IP version of the inner packet is the same of the outer one. On the contrary, it is perfectly possible to encapsulate v6 packets into v4 and viceversa, so we need to check the IP format of the inner header before calling vnet_calc_checksums_inline. Ticket: VPP-2020 Type: fix Signed-off-by: Mauro Sardara <msardara@cisco.com> Change-Id: Ia4515563c164f6dd5096832c831a48cb0a29b3ad Signed-off-by: Mauro Sardara <msardara@cisco.com>
2022-03-29vnet: set frame overhead at interface registrationMatthew Smith1-2/+2
Type: fix Fixes: 1cd0e5dd533f In vnet_eth_register_interface(), max frame size was being used where frame overhead was intended. Change-Id: I6e6de25e2d616caaf35730ab3d15235ec679ebdd Signed-off-by: Matthew Smith <mgsmith@netgate.com>
2022-03-28ip: add barrier sync, ip4_ply_pool expand caseVladislav Grishenko1-2/+14
ply_create() is not thread safe when the ip4_ply_pool expands. Type: fix Signed-off-by: Vladislav Grishenko <themiron@yandex-team.ru> Change-Id: Ie11cc8b1ba587d5e9239a60f4e288492da61368e
2022-03-26session: simplify safe pool reallocFlorin Coras1-62/+42
Type: improvement Signed-off-by: Florin Coras <fcoras@cisco.com> Change-Id: I1c55c054fea6c6886d8287a9b6e264a308f89504
2022-03-25l2: avoid overflow read of mac addressDamjan Marion1-23/+3
Type: improvement Change-Id: I99d2c69ede39b3ba5604e1811ce12209c47f5caf Signed-off-by: Damjan Marion <damarion@cisco.com>
2022-03-25fib: fix ip6-ll fib selection for non-ethernet interfacesVladislav Grishenko2-7/+37
Fixes case when packet to link-local address is received over gre/mpls or other non-ethernet interface and ip6-ll fib for it is undefined. If by a chance ip6-ll fib index is valid, packet will be passed to some ip6 fib with possibilities to be sent out over unrelated interface or be looped again into ip6-link-local dpo till oom and crash. Type: fix Signed-off-by: Vladislav Grishenko <themiron@yandex-team.ru> Change-Id: Ie985f0373ea45e2926db7fb0a1ff951eca0e38f6
2022-03-25devices: fix high vector rate per dispatchMohsin Kazmi3-13/+44
Type: fix Signed-off-by: Mohsin Kazmi <sykazmi@cisco.com> Change-Id: Ibd23648483b38696271154237e81081480bb16e0
2022-03-25session: reorganize local port allocationFlorin Coras1-29/+24
Type: refactor Signed-off-by: Florin Coras <fcoras@cisco.com> Change-Id: I5bbf8d584efdec57908c61f8626bcc81590401b3
2022-03-24bfd: use local error index when incrementing node countersPaul Atkins1-4/+4
When incrementing node counters with vlib_node_increment_counter the local error index should be passed in. vlib_node_increment_counter adds the local index to the nodes base index to get the counter to write to. If we pass in the global counter index, the offset gets added again in the fn, and we then potentially write into memory that is not part of the counter vector. Type: fix Signed-off-by: Paul Atkins <patkins@graphiant.com> Change-Id: I43be33a51bcb52d520495d326b971c1d848d96b5
2022-03-24session: safe reallocs for transport endpoint poolFlorin Coras1-11/+25
Type: improvement Signed-off-by: Florin Coras <fcoras@cisco.com> Change-Id: I6c86d0691bd0594d8b2c05d83d004be1aa8c5e21
2022-03-24ip: The check for 'same packet' must include the FIB indexNeale Ranns1-2/+11
Type: fix otherwise if two packets arrive with the same source address but from different VRFs, then they are treated as the same and they use the same LB and thus share the same fate. but the lookup, when done, results in two different LBs, and hence the fate can be different. Signed-off-by: Neale Ranns <neale@graphiant.com> Change-Id: Id6e16f7c577a561d9ddd7066339fa4385361d07f
2022-03-24ip6-nd: stop sending RA by defaultAlexander Chernavin1-3/+0
Type: improvement Currently, RA message sending is enabled by default - both periodic and in response to RS message. However, RFC 4861 section 6.2.1 says the following: Note that AdvSendAdvertisements MUST be FALSE by default so that a node will not accidentally start acting as a router unless it is explicitly configured by system management to send Router Advertisements. With this change, RA message sending is disabled by default and "test_ip6.TestIPv6.test_rs" updated appropriately. Signed-off-by: Alexander Chernavin <achernavin@netgate.com> Change-Id: I2a8865199cb665c59268504aefe2976e5ee96dc2
2022-03-24mpls: Set the MTU field in the frag-needed ICMP when doing MPLS fragmentationNeale Ranns1-4/+3
Type: fix The reported MTU should include the MPLS label overhead Signed-off-by: Neale Ranns <neale@graphiant.com> Change-Id: I3df6d2e0b13f49701e187a766a157498dcaafbc0
2022-03-24fib: Fix crash when removing a covering prefixNeale Ranns3-10/+18
Type: fix When a covering entry is removed from the table, the covered entries first see it 'updated' and then 'removed'. the crash occurs because the covered prefixes share (simple pointer copy) the covereds hash table of path extensions. During the cervers deletion this hash table has been removed and the update of the covered crashes when recaluationg forwarding becuase it uses the free'd hash. Fix is to refetch the shared hash table (which is NULL) when the covered is updated. Signed-off-by: Neale Ranns <neale@graphiant.com> Change-Id: Icefca9d7b21da975111d0e974d75f663fc0cc00c
2022-03-23classify: fix typo in AVX-512 find entryBenoît Ganne1-1/+1
Type: fix Fixes: 26bc9f3c855496fb56f5fc648f75a299d4d539f8 Change-Id: Idab52bf856c03ded7b181608c3db1313aa2e33de Signed-off-by: Benoît Ganne <bganne@cisco.com>
2022-03-23devices: add tx trace for af-packetMohsin Kazmi1-6/+82
Type: improvement Signed-off-by: Mohsin Kazmi <sykazmi@cisco.com> Change-Id: Ib96ee54eaf967bf435d6da910a6b582e87fbedc0
2022-03-23devices: add support for offloadsMohsin Kazmi5-117/+301
Type: improvement This patch adds support for: 1) GSO 2) checksum offload Signed-off-by: Mohsin Kazmi <sykazmi@cisco.com> Change-Id: Ib00629888c62da04d58db36ce021993769e736c9
2022-03-23devices: af-packet v3 supportMohsin Kazmi4-198/+274
Type: feature CPU usage ~20% less than v2. Performance improvement 20% more than v2. High vector rate. Change-Id: I24bc594200f42664b59d07b44d44578e61068bbc Signed-off-by: Mohsin Kazmi <sykazmi@cisco.com>
2022-03-23vppinfra: change vlib_register_node so it takes format string for node nameDamjan Marion2-16/+10
This allows specifying both c string and vector for node name and removes need for crafting temporary string. Type: improvement Change-Id: I0b016cd70aeda0f68eb6f9171c5152f303be7369 Signed-off-by: Damjan Marion <damarion@cisco.com>
2022-03-23ip: Add unformat for flow_hash_configNathan Skrzypczak2-1/+37
Type: improvement This also makes the is_white_space function public Change-Id: Ifc1c0d4509f3ecae14f09bb5fa7a2eea33c49b09 Signed-off-by: Nathan Skrzypczak <nathan.skrzypczak@gmail.com>
2022-03-23vnet: Remove the unused fields from opaque2Neale Ranns2-14/+3
Type: refactor Signed-off-by: Neale Ranns <neale@graphiant.com> Change-Id: Ibb6d19de053c306e9758dbfa827ab7bcab5de856