Age | Commit message (Collapse) | Author | Files | Lines |
|
Type: feature
Currently, the plugin supports only IPFIX flow record generation for
outbound packets.
With this change:
- add a new API message for enabling the feature on an interface that
accepts direction (rx, tx, both);
- update existing debug command for feature enabling to accept
direction;
- update existing debug command for showing currently enabled feature
on interfaces to display direction;
- update templates to include a direction field;
- generate flow records on the specified direction and data path;
- report direction in flow data;
- update tests to use the new API;
- add tests for inbound flows.
Change-Id: I121fd904b38408641036ebeea848df7a4e5e0b30
Signed-off-by: Alexander Chernavin <achernavin@netgate.com>
|
|
- add pnat_binding_add_v2 which explicitly requires match mask to
set to PNAT_PROTO if we want to match on IP Protocol
- fix pnat_binding_add backward compatibility i.e. no need to set
match mast to PNAT_PROTO
Type: improvement
Signed-off-by: Fahad Naeem <fahadnaeemkhan@gmail.com>
Change-Id: I5a23244be55b7d4c10552c555881527a4b2f325f
|
|
2ca88ff97884ec9ed20a853b13cee6d86f9c9d0f introduced the change
into the shared memory atexit, which breaks IPSec tests in some
environments.
Type: fix
Fixes: 2ca88ff97884ec9ed20a853b13cee6d86f9c9d0f
Change-Id: Ia132cb045e8d66f55e41d29cffdca3458d61096d
Signed-off-by: Andrew Yourtchenko <ayourtch@gmail.com>
|
|
This mempool flag should be cleared when the mempool is populated, to
reproduce the behaviour of rte_mempool_populate_iova in DPDK 22.03
Change-Id: I4c0e07efca9df2e472e8e393689127c01cf66da2
Signed-off-by: Mohammed Hawari <mohammed@hawari.fr>
Type: fix
Fixes: 2f132efc3cafde5a0dd01ef8a91606528970cdf7
|
|
Drop pycodestyle for code style checking in favor of black. Black is
much faster, stable PEP8 compliant code style checker offering also
automatic formatting. It aims to be very stable and produce smallest
diffs. It's used by many small and big projects.
Running checkstyle with black takes a few seconds with a terse output.
Thus, test-checkstyle-diff is no longer necessary.
Expand scope of checkstyle to all python files in the repo, replacing
test-checkstyle with checkstyle-python.
Also, fixstyle-python is now available for automatic style formatting.
Note: python virtualenv has been consolidated in test/Makefile,
test/requirements*.txt which will eventually be moved to a central
location. This is required to simply the automated generation of
docker executor images in the CI.
Type: improvement
Change-Id: I022a326603485f58585e879ac0f697fceefbc9c8
Signed-off-by: Klement Sekera <klement.sekera@gmail.com>
Signed-off-by: Dave Wallace <dwallacelf@gmail.com>
|
|
Replace code with branchless code.
Type: improvement
Signed-off-by: Klement Sekera <ksekera@cisco.com>
Change-Id: Ic38a20ad33483c1c26f90a927f8b963b0ead4a87
|
|
Type: docs
Signed-off-by: Klement Sekera <ksekera@cisco.com>
Change-Id: I23008cde47d8b7a531346eab02902e2ced18742a
|
|
Type: fix
Signed-off-by: Klement Sekera <ksekera@cisco.com>
Change-Id: I952ba7e042779855e29628d048da7edec1caaafd
|
|
We allocate vring_spinlock for all vrings in the vui, not just the ones
being used. So when we free the vui, we have to free vring_spinlock for
all vrings, not just the one being used.
Type: fix
Signed-off-by: Steven Luong <sluong@cisco.com>
Change-Id: I3951fda71ce6e11474b04302116ea9e08b404758
|
|
Type: fix
A simple "create host-interface name xxx" is enough to trigger the bug:
The interface is not found, and we goto error with apif=NULL
Signed-off-by: Gabriel Ganne <gabriel.ganne@gmail.com>
Change-Id: I2f894176d39b3d15efab054dc7340e7a0600a2e8
|
|
Type: fix
Signed-off-by: Xiaoming Jiang <jiangxiaoming@outlook.com>
Change-Id: Id19a52df4f237cf5d85d305fdc279ab7df2d6f4b
|
|
Type: improvement
Change-Id: Ifa9f908b24b5fe867826601d32eeb4f0d639fbeb
Signed-off-by: Damjan Marion <damarion@cisco.com>
|
|
Type: fix
Change-Id: Ie292ee56dd5265a56ef472554aaf086e61da7089
Signed-off-by: Damjan Marion <damarion@cisco.com>
|
|
Type: fix
Change-Id: I9cf9376f2813f7bceecc6a9d714dcb98df77615d
Signed-off-by: Damjan Marion <damarion@cisco.com>
|
|
- fix branch prediction for checking rdma ERROR flag
- add the missing right angle bracket to help message
Type: improvement
Signed-off-by: Jieqiang Wang <jieqiang.wang@arm.com>
Reviewed-by: Lijian Zhang <lijian.zhang@arm.com>
Reviewed-by: Tianyu Li <tianyu.li@arm.com>
Change-Id: I2ce667631b3e3f60939069e2a16ddba0ff12a695
|
|
Type: fix
Signed-off-by: Dave Wallace <dwallacelf@gmail.com>
Change-Id: I6d40ce90330d644469937a24eec47ea5bd5b649b
|
|
Type: improvement
Change-Id: Ibc1b5059ed51c34334340534e9eb68121f556bce
Signed-off-by: Stanislav Zaikin <zstaseg@gmail.com>
|
|
It looks like in a distant past we were using a vnet_rewrite but this
no longer the case.
Type: fix
Change-Id: Ib8d336aec7d5abd7749f543739f531144e76e551
Signed-off-by: Benoît Ganne <bganne@cisco.com>
|
|
Type: fix
Signed-off-by: Florin Coras <fcoras@cisco.com>
Change-Id: Iee6784c37a835b49d962ae6f87c279cbe65dde15
|
|
Type: fix
set use_custom_mac for args in create_vhost_user_if_v2 API
Add testcase for custom mac-address
Signed-off-by: Fahad Naeem <fahadnaeemkhan@gmail.com>
Change-Id: Iac64d818e0f1e6d36187fe769ee33d202aaafd05
Signed-off-by: Fahad Naeem <fahadnaeemkhan@gmail.com>
|
|
Type: feature
Change-Id: I940b6c9d206e407f3e17d66c97233cd658984e61
Signed-off-by: Benoît Ganne <bganne@cisco.com>
|
|
Add vapi_connect_from_vpp() and vapi_disconnect_from_vpp()
calls to allow API clients from within VPP process.
Add a new memclnt_create version that gives the user a
knob to enable or disable dead client scans (keepalive).
Type: feature
Signed-off-by: Ole Troan <ot@cisco.com>
Change-Id: Id0b7bb89308db3a3aed2d3fcbedf4e1282dcd03f
Signed-off-by: Ole Troan <ot@cisco.com>
|
|
This patch fixes two problems:
1. The lease field in the dhcp_compl_event message can include a list of
vl_api_domain_server_t structs, but no memory is allocated for it.
2. The DNS server address is not copied properly, resulting in wrong IP4
addresses in the event message.
Type: fix
Signed-off-by: Jing Peng <pj.hades@gmail.com>
Change-Id: I42c533e7af697568c69714011d983f88368a7e15
|
|
Type: make
Change-Id: I9f87134ac05d99051888024f889f05dae8e3feec
Signed-off-by: Damjan Marion <damarion@cisco.com>
|
|
Passing wrong pointer to clib_mem_vm_unmap...
Type: fix
Change-Id: I1f695d77bc45d9a6de3a4a3da1fbe6faebdad15e
Signed-off-by: Damjan Marion <damarion@cisco.com>
|
|
Type: improvement
Signed-off-by: Jon Loeliger <jdl@netgate.com>
Change-Id: I446eb86c097d1bf99f05ee47f1c550689d70ced2
|
|
Type: improvement
Change-Id: If3a83848ae0741334887c654b65e424b99caa73c
Signed-off-by: Benoît Ganne <bganne@cisco.com>
|
|
Type: fix
Signed-off-by: Florin Coras <fcoras@cisco.com>
Change-Id: I67f5a2c8902dd14c09472c25599b3b1b493a6948
|
|
During build some header guards are created based on full path where
build is happening. If one directory contains @ character build breaks
because compiler believes it's a macro declaration.
Jenkins adds `@${EXECUTOR_NUMBER}` suffix to workspace directory when
it uses more than one executor for that job, breaking the build.
Replace any @ character on guard name by _ to get it fixed.
Type: fix
Change-Id: Id0f4cfc33fda95e168541aa4e353a0d08aa3b664
Signed-off-by: Renato Botelho do Couto <renato@netgate.com>
|
|
Type: fix
Signed-off-by: Stanislav Zaikin <zstaseg@gmail.com>
Change-Id: I792467b73449074e59c4232b1f82d134c399624c
|
|
Enable the flow action for RSS queue group. Packets can be distributed
among queues in group based on specific fields. Queues must be continous
in the group. This feature is to support 5G enhancement requirement.
Type: feature
Signed-off-by: Ting Xu <ting.xu@intel.com>
Change-Id: I74fdc617659bcb61f00b3b1934c95ab1c73bb8f3
|
|
Type: improvement
Signed-off-by: Florin Coras <fcoras@cisco.com>
Change-Id: I02aec410eaa7ccb999159b6967414fbaf4e76a3f
|
|
Type: improvement
Change-Id: Ibdadeb4e685f45a93f45504a84709391489abb6a
Signed-off-by: Damjan Marion <damarion@cisco.com>
|
|
Significantly reduces compilation time for uses who are interested
to run binaries only on the build machine.
Type: make
Change-Id: I431f6f7374b6dfa8b3f7c72dc69f3d5cafd1f6bb
Signed-off-by: Damjan Marion <damarion@cisco.com>
|
|
VPP_IP_FIB_MTRIE_16 should be defined only if the option is enabled
instead of being defined as "ON" or "OFF".
Type: fix
Change-Id: Ib4e29a827bcbd84c8012f05ad264c1408ffccee7
Signed-off-by: Benoît Ganne <bganne@cisco.com>
|
|
Supports more connections and track connect time. Can be used to measure
CPS. Only works in unidirectional mode for now.
Type: improvement
Signed-off-by: Florin Coras <fcoras@cisco.com>
Change-Id: I70bc6a271996407dd16a96115f509bd680a0f302
|
|
Type: fix
Signed-off-by: Florin Coras <fcoras@cisco.com>
Change-Id: I79bfe91e81983b619c61a32285d8e038c2654147
|
|
Make sure producer drops lock when it waits for empty ring slot.
Type: fix
Signed-off-by: Florin Coras <fcoras@cisco.com>
Change-Id: Id77d54ee8c01bed20c9eaf5ad372ed4b1e9fa712
|
|
The RFC7857 state machine introduced in 56c492a is a trade-off.
It tries to retain sessions as much as possible and also offers
some protection against spurious RST by re-establishing sessions if data
is received after the RST. From experience in the wild, this algorithm is
a little too liberal, as it leaves too many spurious established sessions
in the session table.
E.g. a oberserved pattern is:
client server
<- FIN, ACK
ACK ->
ACK ->
RST, ACK ->
With the current state machine this would leave the session in established state.
These proposed changes do:
- require 3-way handshake to establish session.
(current requires only to see SYNs from both sides)
- RST will move session to transitory without recovery if data is sent after
- Only a single FIN is needed to move to transitory
Fixes: 56c492aa0502751de2dd9d890096a82c5f04776d
Type: fix
Signed-off-by: Ole Troan <ot@cisco.com>
Change-Id: I92e593e00b2efe48d04997642d85bd59e0eaa2ea
Signed-off-by: Ole Troan <ot@cisco.com>
|
|
Type: fix
current_data is set to 0 for each packet in af-packet input node.
It is not required to include it to calculate the headers offset.
Signed-off-by: Mohsin Kazmi <sykazmi@cisco.com>
Change-Id: I538d8c04e24c758155b3f8d6a1532472ef549459
|
|
Listener proxies are allowed to listen on IPs that are not local.
Configurable only by builtin apps for now.
Type: improvement
Signed-off-by: Florin Coras <fcoras@cisco.com>
Change-Id: Idb380ee3584a088878a03d45fd85e7bb0deeb590
|
|
Type: fix
Set is_add function argument to 0 when deleting interface role.
Change-Id: I6ca88d6511e1c88285e51b3750eb501fde2b341b
Signed-off-by: Alexander Skorichenko <askorichenko@netgate.com>
|
|
Type: improvement
Signed-off-by: Florin Coras <fcoras@cisco.com>
Change-Id: If7dd56e76efc31ed66b865e2c7231d22ec2322b4
|
|
Type: refactor
Signed-off-by: Florin Coras <fcoras@cisco.com>
Change-Id: I5e49f43b18ff011ce0b7259ed58854d81f910826
|
|
Type: improvement
Change-Id: I878803d14d1070ef5a00ed9d3f72022906d55191
Signed-off-by: Damjan Marion <damarion@cisco.com>
|
|
Type: make
Change-Id: I9455da47f03383df822436d1adc4c4b5e58c7cf9
Signed-off-by: Damjan Marion <damarion@cisco.com>
|
|
The following illustrates the problem:
./build-root/install-vpp_debug-native/vpp/bin/vpp api-trace { on } unix { cli-listen /tmp/vpp-api-cli.sock } plugins { plugin dpdk_plugin.so { disable } }
sleep 5
./build-root/install-vpp_debug-native/vpp/bin/vppctl -s /tmp/vpp-api-cli.sock show version
./build-root/install-vpp_debug-native/vpp/bin/vppctl -s /tmp/vpp-api-cli.sock show api dump file /tmp/api-table.master-api-baseline compare
The last CLI hangs in an infinite loop.
Fix the typo which got in during the conversion of _vec_len to read-only:
.@@ -1285,7 +1285,7 @@ extract_name (u8 * s)
. rv = vec_dup (s);
.
. while (vec_len (rv) && rv[vec_len (rv)] != '_')
.- _vec_len (rv)--;
.+ vec_dec_len (rv, 0);
.
Type: fix
Fixes: 8bea589cfe0fca1a6f560e16ca66a4cf199041a2
Signed-off-by: Andrew Yourtchenko <ayourtch@gmail.com>
Change-Id: I4f895348ae0ebaaba9da97c3a440912d38210f10
|
|
In some environment like when running a lot of functional tests, it can
be useful to run more VPP instances than CPU and let the Linux scheduler
decide what to do. This change disable cpu pinning altogether in the
single-threaded case, provided that no main-core is explicitely
specified in the config
Type: improvement
Change-Id: I8c2f36fdd49c00f9adaaeb4c81aefb27c3420a9b
Signed-off-by: Benoît Ganne <bganne@cisco.com>
Signed-off-by: Mohammed Hawari <mohammed@hawari.fr>
|
|
Type: fix
Free the old rewrite string before assigning a new rewrite string for the updated new tteid value.
Signed-off-by: Leung Lai Yung <benkerbuild@gmail.com>
Change-Id: I1ec19bce6afda3dfdc31c8724b32ac7b9bc84e89
|
|
Adding flow cache support to improve inbound IPv4/IPSec Security Policy
Database (SPD) lookup performance. By enabling the flow cache in startup
conf, this replaces a linear O(N) SPD search, with an O(1) hash table
search.
This patch is the ipsec4_input_node counterpart to
https://gerrit.fd.io/r/c/vpp/+/31694, and shares much of the same code,
theory and mechanism of action.
Details about the flow cache:
Mechanism:
1. First packet of a flow will undergo linear search in SPD
table. Once a policy match is found, a new entry will be added
into the flow cache. From 2nd packet onwards, the policy lookup
will happen in flow cache.
2. The flow cache is implemented using a hash table without collision
handling. This will avoid the logic to age out or recycle the old
flows in flow cache. Whenever a collision occurs, the old entry
will be overwritten by the new entry. Worst case is when all the
256 packets in a batch result in collision, falling back to linear
search. Average and best case will be O(1).
3. The size of flow cache is fixed and decided based on the number
of flows to be supported. The default is set to 1 million flows,
but is configurable by a startup.conf option.
4. Whenever a SPD rule is added/deleted by the control plane, all
current flow cache entries will be invalidated. As the SPD API is
not mp-safe, the data plane will wait for the control plane
operation to complete.
Cache invalidation is via an epoch counter that is incremented on
policy add/del and stored with each entry in the flow cache. If the
epoch counter in the flow cache does not match the current count,
the entry is considered stale, and we fall back to linear search.
The following configurable options are available through startup
conf under the ipsec{} entry:
1. ipv4-inbound-spd-flow-cache on/off - enable SPD flow cache
(default off)
2. ipv4-inbound-spd-hash-buckets %d - set number of hash buckets
(default 4,194,304: ~1 million flows with 25% load factor)
Performance with 1 core, 1 ESP Tunnel, null-decrypt then bypass,
94B (null encrypted packet) for different SPD policy matching indices:
SPD Policy index : 2 10 100 1000
Throughput : Mbps/Mbps Mbps/Mbps Mbps/Mbps Mbps/Mbps
(Baseline/Optimized)
ARM TX2 : 300/290 230/290 70/290 8.5/290
Type: improvement
Signed-off-by: Zachary Leaf <zachary.leaf@arm.com>
Signed-off-by: mgovind <govindarajan.Mohandoss@arm.com>
Tested-by: Jieqiang Wang <jieqiang.wang@arm.com>
Change-Id: I8be2ad4715accbb335c38cd933904119db75827b
|