Age | Commit message (Collapse) | Author | Files | Lines |
|
L3DSR is used to overcome Layer 2 limitations
of Direct Server Return Load Balancing.
It maps VIP to DSCP bits, and reuse TOS bits to transfer it
to server, and then server will get VIP from DSCP-to-VIP mapping.
Please refer to https://www.nanog.org/meetings/nanog51/presentations/Monday/NANOG51.Talk45.nanog51-Schaumann.pdf
Change-Id: I403ffeadfb04ed0265086eb2dc41f2e17f8f34cb
Signed-off-by: Hongjun Ni <hongjun.ni@intel.com>
|
|
This patch addresses the need to handle out-of-order data chunks
received by a peer. To do that effectively, we had to add the handling
of data chunks flags (E/B/U bit) to understand whether the stream is
fragmenting user-message data and in that case if a fragment is the
FIRST/MIDDLE/LAST one of a transmission.
The same patch also addresses the security requirement to have a HMAC
calculated and incorporated in the INIT_ACK and COOKIE_ECHO chunks. The
algorithm used is the HMAC-SHA1.
Change-Id: Ib6a9a80492e2aafe5c8480d6e02da895efe9f90b
Signed-off-by: Marco Varlese <marco.varlese@suse.com>
|
|
Change-Id: Ic5dcadd13c88b8a5e7896dab82404509c081614a
Signed-off-by: Klement Sekera <ksekera@cisco.com>
|
|
Prior to this commit, the VXLAN "create" API assumed
the vrf_id belonged to only the IPv4 FIB tables space.
With this commit, the FIB table is found in either the
IPv4 or IPv6 table as determined by the is_ipv6 flag.
This follows the same pattern that was already being
done in the CLI code for the VXLAN "create" command.
Change-Id: I35d5e37db24efa858e4696dc2c004fa64bb4a4a8
Signed-off-by: Jon Loeliger <jdl@netgate.com>
|
|
Rather than having multiple copies of the same function
scattered around, promote the function into the FIB
PROTOCOL definitions in fib_types.h.
Change-Id: I11c4d85931167d3a5f3dc1278afecc8845b23cd7
Signed-off-by: Jon Loeliger <jdl@netgate.com>
|
|
Fixed a typo in tcp_push_header(). The typo only kicks in when the macro
VLIB_BUFFER_TRACE_TRAJECTORY is enabled.
Change-Id: I62832a4932ec5b14e3063d5eac113780851aae59
Signed-off-by: Steven <sluong@cisco.com>
|
|
Change-Id: I7110436626352d45ffe0ca71fb88dea2c77ab639
Signed-off-by: Eyal Bari <ebari@cisco.com>
|
|
This hash table intends to provide an alternative to the widely
used bihash table in places where either:
- Hash entry timeout is required
- The hash table data does not fit in CPU cache
Although the bihash table is very fast, each lookup requires
accessing two cache lines in a serialized fashion. It works fine
when the hash table is in cache, but hits a wall when it does not.
The 'flowhash' table uses a simplified design (at the cost of a
less good bucket auto-scaling) where each access only requires
a single memory lookup (in the absence of collision). The hash
table also uses a reduced number of registers.
In practice, a VPP node implementing a stateful feature would
typically:
- prefetch buffer metadata (in-cache)
- prefetch packet header (in-cache)
- compute hash & prefetch hash bucket (possibly in RAM)
- read/write key and value from bucket
Using this hash table, it is possible to pipeline accesses in a way
that does not exhaust CPU's line field buffers, even when the
requested value is located in RAM (i.e. not in cache).
Measurements showed it was possible to scale to tens of millions
of flows (with a full 5-tuple matching and 32B value, i.e. 1
cache line per flow) with no performance degradation when
the hash table grows to the point it doesn't fit in cache anymore.
I have used this table in a couple of non-open-sourced projects,
but think it might be useful to lb, nat, and possibly other VPP
subsystems.
More information in the .h file.
Change-Id: I2b13dde0eabd868b75da1cedbfca0bf74d705102
Signed-off-by: Pierre Pfister <ppfister@cisco.com>
|
|
Change-Id: Ica6d8dd773bb3b478f1c7e40d59dfbdd4b588b85
Signed-off-by: Francois Clad <fclad@cisco.com>
|
|
Change-Id: I911e09aadd3df1123634fd97098920f107f9a2fc
Signed-off-by: Francois Clad <fclad@cisco.com>
|
|
Change-Id: I670e41bcfc61a45555431603c937f8dad4d165e9
Signed-off-by: Damjan Marion <damarion@cisco.com>
|
|
a crash on debug image (VPP-1151)
In debug image, there is extra code to validate the buffer when it is
freed. It uses the hash table to lookup the buffer index with spinlock
to prevent contention. However, there is one spinlock for each worker
thread. So allocating the buffer on thread-x and freeing the same buffer
on thread-y causes the validation to fail on thread-y. The fix is to
have only one spinlock, stored in vlib_global_main.
Change-Id: Ic383846cefe84a3e262255afcf82276742f0f62e
Signed-off-by: Steven <sluong@cisco.com>
(cherry picked from commit a7effa1b072463f12305a474f082aeaffb7ada4b)
|
|
now we get
00:00:03:665501: pg-input
...
00:00:03:665681: ethernet-input
...
00:00:03:665691: ip6-input
UDP: 2001::1 -> ffef::1
tos 0x00, flow label 0x0, hop limit 64, payload length 108
UDP: 1234 -> 1234
length 108, checksum 0x7b25
00:00:03:665695: ip6-not-enabled
UDP: 2001::1 -> ffef::1
tos 0x00, flow label 0x0, hop limit 64, payload length 108
UDP: 1234 -> 1234
length 108, checksum 0x7b25
00:00:03:665706: error-drop
ethernet-input: no error
Same goes for IPv4
Change-Id: Ia360df39b43281d3a0aa1b686f04b73cfa37c546
Signed-off-by: Neale Ranns <nranns@cisco.com>
|
|
Support the 1:1 translation of source address for IPv6
Change-Id: I934d18e5ec508bf7422d796ee5f172b79c048011
Signed-off-by: Matus Fabian <matfabia@cisco.com>
|
|
(VPP-1156)
Change-Id: I5395245c9e49f741a949ada1f725c34f9379c249
Signed-off-by: Matus Fabian <matfabia@cisco.com>
|
|
Change-Id: Ib99b597502b8335e57ecfa122b12e2e5aa45ee1a
Signed-off-by: Matus Fabian <matfabia@cisco.com>
|
|
Change-Id: I1e3cfc751e7657464fc850dc56ddf763df45f62e
Signed-off-by: Matus Fabian <matfabia@cisco.com>
|
|
This patch addresses the missing field in various data-structures to
track valuable information to implement the congestion-control
algorithms and manage sub-connections states.
It adds the possibility to queue up to 2 SACKs chunks when the connection
is not gapping.
At the same time, it pushes some variable/field renaming for better
readibility.
Change-Id: Idcc53512983456779600a75e78e21af078e46602
Signed-off-by: Marco Varlese <marco.varlese@suse.de>
|
|
Change-Id: Ibc252d9ed595be955790ec1c97d8730e43ad89b2
Signed-off-by: Dave Barach <dave@barachs.net>
|
|
Add an SELinux profile such that VPP can run under SELinux on RPM based
platforms. The SELinux Policy is currently only implemented for RPM
packages, specifically, Fedora, CentOS and RHEL. Doxygen User
Documentation has been included (selinux_doc.md). Once some discussion
on file locations has completed (see vpp-devlist), updates to the Debug
CLI documentation will also need to be updated.
Additional changes:
Patch Set 2:
- Rework selinux_doc.md such that each line is only 80 characters
instead of each sentence on a line. Made additonal minor chnages
to the text.
- Update vHost Debug CLI documentation to reflex new socket location.
Cleaned up some text from when I originally wrote it, to better
reflex proper use.
- Update exec Debug CLI documentation to be more inline with suggested
helptext, added text regarding recommended script file location.
- For Debian builds, create the /var/log/vpp/ directory. I don't use
Debian very much, so please pay extra attention to
build-data/platforms.mk and build-root/deb/debian/.gitignore.
- Per discussion on VPP call, changed the default log location to
/var/log/vpp/vpp.log.
- Changed the socket location for vHost in AutoConfig to
/var/run/vpp/.
Patch Set 3:
- Update selinux_doc.md based on comments.
Change-Id: I400520dc33f1ca51012d09ef8fe5a7b7b96c631e
Signed-off-by: Billy McFall <bmcfall@redhat.com>
|
|
Add some description and cleanup code that uses Arm system counter.
Change-Id: Ie1fe00e3e4b5d98867617b7b0184ac526e333c53
Signed-off-by: Brian Brooks <brian.brooks@arm.com>
|
|
Change-Id: I4e93595665b8d0e373c4df27311c27a51222961c
Signed-off-by: Matus Fabian <matfabia@cisco.com>
|
|
(VPP-1149)
Avoid crash when interface was deleted.
Change-Id: I2ac3031c13ca5ad3360495e1c4cb90b0002be5ff
Signed-off-by: Matus Fabian <matfabia@cisco.com>
|
|
returned in the fixup function
Change-Id: I458e6e03b03e27775df33a2fd302743126d6ac44
Signed-off-by: Neale Ranns <nranns@cisco.com>
|
|
Change-Id: Idc3e8f4ee69d8871534a94d4f485e695fac81756
Signed-off-by: Florin Coras <fcoras@cisco.com>
|
|
Change-Id: I1df3d23c1c5668b83d52b41f51c0e3f24183af9e
Signed-off-by: Vijayabhaskar Katamreddy <vkatamre@cisco.com>
|
|
New API calls and corresponding CLI commands allow the user
to manage the socket filenames for memif connections using:
vppctl# create memif id <u32> filename <socket-filename>
vppctl# delete memif id <u32>
and then referencing it later in a memif interface:
vppctl# create memif <u32> socket-id <id> mode <mode> <master|slave> ...
Corresponding VAT cli entries have also been added.
The default memif socket file at id 0 are still always present.
The existing memif create/delete CLI commands have been slightly
altered into the new syntax:
vppctl# create interface memif ...
vppctl# delete interface memif ...
Change-Id: If2bdc7eac3d81e1d9011a5869747e52fc5e11639
Signed-off-by: Jon Loeliger <jdl@netgate.com>
Signed-off-by: Damjan Marion <damarion@cisco.com>
|
|
Change-Id: Ie460005510b8a70d00de31b6651e762cc3a63229
Signed-off-by: Francois Clad <fclad@cisco.com>
|
|
Change-Id: If0f8472c0de5e324b24c9c672c0f8b57cc9f49a8
Signed-off-by: Neale Ranns <neale.ranns@cisco.com>
|
|
Change-Id: I68933d709ce9cc686ba06466e136434b663920ef
Signed-off-by: Florin Coras <fcoras@cisco.com>
|
|
Change-Id: I75e6c7d1a6ff1fcebc81ec10bd86b79f2bf3dc22
Signed-off-by: Dave Barach <dave@barachs.net>
|
|
Change-Id: I5c404eacb4a6c1e16485a6656168d9171ff49a8b
Signed-off-by: Florin Coras <fcoras@cisco.com>
|
|
Adding enum support (VPP-1153) requires
JVPP generator refactoring
(see: VPP-1154, VPP-1155, VPP-480)
As a workaround we just update all the mappings
used for VPP API definitions to JAVA and C/JNI translation.
Change-Id: I9dff83e5199039a1a46a3d4685ce57cdeeeb2014
Signed-off-by: Marek Gradzki <mgradzki@cisco.com>
|
|
Change-Id: Iec437e4672af1f0d1a24458afb977ba6fbeba4ed
Signed-off-by: Marek Gradzki <mgradzki@cisco.com>
|
|
Change-Id: If421bad17b6cfe8e321257c93bb38931e37d7b64
Signed-off-by: Florin Coras <fcoras@cisco.com>
|
|
This consolidates builtin apps under session-apps folder. It also
removes duplicate builtin echo server/client implementations.
Change-Id: I75ed879399c5aa9b75b1eb38b33aedf69dd8df3f
Signed-off-by: Florin Coras <fcoras@cisco.com>
|
|
Change-Id: I85c799f28c4246884107e569a36482af10d9be9d
Signed-off-by: Matus Fabian <matfabia@cisco.com>
|
|
Change-Id: I620e2081285ca8ac5c2da8efc12fe6f540ea4fd1
Signed-off-by: Matus Fabian <matfabia@cisco.com>
|
|
Change-Id: I606fd89c410369cbd9ce9dcaaaa9dc58796e7c0e
Signed-off-by: Florin Coras <fcoras@cisco.com>
|
|
- update segment manager and session api to work with both flavors of
ssvm segments
- added generic ssvm slave/master init and del functions
- cleanup/refactor tcp_echo
- fixed uses of svm fifo pool as vector
Change-Id: Ieee8b163faa407da6e77e657a2322de213a9d2a0
Signed-off-by: Florin Coras <fcoras@cisco.com>
|
|
Change-Id: I8303859ef65552f64c94525c9b1112ec9a1a88d0
Signed-off-by: Keith Burns (alagalah) <alagalah@gmail.com>
|
|
Change-Id: I54c147004fd93681a6a9cf30fa5277c1dabce67c
Signed-off-by: Ole Troan <ot@cisco.com>
|
|
Change-Id: I0ce60729e82536d9a97823bc6701e62bf364ea6c
Signed-off-by: Francois Clad <fclad@cisco.com>
|
|
Moved CLI from nat.c to nat44_cli.c
Split "show nat44" to:
show nat44 addresses
show nat44 interfaces
show nat44 static mappings
show nat44 interface address
show nat44 sessions detail
show nat44 deterministic mappings
show nat44 deterministic timeouts
show nat44 deterministic sessions
show nat workers
Change-Id: I2d1be8941dd0e4a9e037f4a4d2cd192389beb8ed
Signed-off-by: Matus Fabian <matfabia@cisco.com>
|
|
Change-Id: Ia65cf2c7b7fdf84c64e60af4cc815251022c53a9
Signed-off-by: Francois Clad <fclad@cisco.com>
|
|
== CONTENT ==
* SCTP chunks definition as per RFC4960;
* Helper functions to set/get values to/from the corresponding chunks;
* Hooks to the session/application layers;
* Complete state-machine handling;
* Implementation for unexpected chunk received in a certain
state (state-machine error handling)
* Support for 1-single connection;
* Sample application to test receive/transmit data-path;
* Test to validate SCTP stack;
Change-Id: I1b55c455ab400be9513f4e094dadfc3181d2ebc9
Signed-off-by: Marco Varlese <marco.varlese@suse.com>
|
|
now we get:
00:00:04:288925: pg-input
...
00:00:04:289345: ethernet-input
...
00:00:04:289524: ip6-input
...
00:00:04:289553: ip6-mfib-forward-lookup
...
00:00:04:289584: ip6-mfib-forward-rpf
entry 14 itf 2 flags Forward,
00:00:04:289754: ip6-drop
UDP: 2002::1 -> ff01:2::255
tos 0x00, flow label 0x0, hop limit 64, payload length 21
UDP: 1234 -> 1234
length 21, checksum 0x90d1
00:00:04:289802: error-drop
ip4-input: Multicast RPF check failed
08:36:44,517 Count Node Reason
182 ip4-input Multicast RPF check failed
8 ip6-icmp-input neighbor advertisements sent
8 ip6-icmp-input router advertisements sent
8 arp-input ARP replies sent
Change-Id: I1b29cda4ec77a88db45bfb25c7473cd64bbf501a
Signed-off-by: Neale Ranns <nranns@cisco.com>
|
|
Modify interface creation to allow creation of tunnel interfaces
without dedicated per tunnel output and tx nodes which are not
used for most tunnel types. Also changed interface-output node
function vnet_per_buffer_interface_output() so it does not rely
on hw_if_index as the next node index which is not flexible nor
efficient for large scale tunnel interfaces.
The improvenemts are done for VXLAN, VXLAN-GPE, GENEVE and GTPU
tunnels. GRE tunnel is still using per tunnel output nodes which
will be changed in a separate patch with other GRE enhencements.
Change-Id: I4123c01c0d2ead814417a867adb8c8a407e4df55
Signed-off-by: John Lo <loj@cisco.com>
|
|
One-armed NAT should work for asymmetrical static mappings without adding external address to the NAT44 pool.
Change-Id: Ie886b75b55c3b552d1029a50bd967625fde80f09
Signed-off-by: Matus Fabian <matfabia@cisco.com>
|
|
Change-Id: I5415c002a431d84372f56d4a77dc2aabd6ef55f7
Signed-off-by: Dave Wallace <dwallacelf@gmail.com>
(cherry picked from commit 1eb970d16028e9a987c1dd2bfe217d1313262b81)
|