summaryrefslogtreecommitdiffstats
path: root/src
AgeCommit message (Collapse)AuthorFilesLines
2017-06-20SNAT: unknow protocol hairpinning fixMatus Fabian1-1/+1
Change-Id: I15813167e7c8529f229143de4a8f64f0fb530951 Signed-off-by: Matus Fabian <matfabia@cisco.com>
2017-06-20VPP-879 MAP: s/u32 is_add/u8 is_add in map.apiOle Troan1-1/+1
Change-Id: If35171005e409f77bed4cc16eccb66a85aae5dfb Signed-off-by: Ole Troan <ot@cisco.com>
2017-06-19L2FWD:fix seq_num overwritten + validate l2fib entries when forwardingEyal Bari8-56/+99
l2_classify memeber table_index was overlaid over l2.l2fib_seq_num which over written when table_index gets initialized in l2_input_classify solved by overlaying both table_index and opaque_index as only one is used seperated l2fib seq num from l2_input configs for better handling of theoretical ABA issue where an entry for a deleted interface is considered valid by the ager because a different interface with same sw_if_index and seq_num was created before the ager got a chance to delete Change-Id: I7b0eeded971627406f1c80834d7e02c0ebe62136 Signed-off-by: Eyal Bari <ebari@cisco.com>
2017-06-19NAT64: change not supported multi threading behaviourMatus Fabian5-6/+104
Disable CLI/API commands instead of error message on startup. Change-Id: I313ed6e2ea009f573afb5e08b0e85ed1f9091dc3 Signed-off-by: Matus Fabian <matfabia@cisco.com>
2017-06-19memif: add ip modeDamjan Marion4-35/+132
In IP mode memif interface is L3 point-to-point interfaces and we don't pass l2 header. There is no l2 header rewrite operation and received packets are sent straight to ip4-input / ip6-input nodes. Change-Id: I4177f3fce3004da7ecf14d235006ae053fcf3f09 Signed-off-by: Damjan Marion <damarion@cisco.com>
2017-06-19Overall tcp performance improvements (VPP-846)Florin Coras23-568/+945
- limit minimum rto per connection - cleanup sack scoreboard - switched svm fifo out-of-order data handling from absolute offsets to relative offsets. - improve cwnd handling when using sacks - add cc event debug stats - improved uri tcp test client/server: bugfixes and added half-duplex mode - expanded builtin client/server - updated uri socket client/server code to work in half-duplex - ensure session node unsets fifo event for empty fifo - fix session detach Change-Id: Ia446972340e32a65e0694ee2844355167d0c170d Signed-off-by: Florin Coras <fcoras@cisco.com>
2017-06-19SNAT: NAT packet with unknown L4 protocol if match 1:1 NATMatus Fabian2-6/+104
Change-Id: Ic81c6098d615fdb6a874e532921efd833fed872c Signed-off-by: Matus Fabian <matfabia@cisco.com>
2017-06-19acl-plugin: bihash-based ACL lookupAndrew Yourtchenko10-10/+1572
Add a bihash-based ACL lookup mechanism and make it a new default. This changes the time required to lookup a 5-tuple match from O(total_N_entries) to O(total_N_mask_types), where "mask type" is an overall mask on the 5-tuple required to represent an ACE. For testing/comparison there is a temporary debug CLI "set acl-plugin use-hash-acl-matching {0|1}", which, when set to 0, makes the plugin use the "old" linear lookup, and when set to 1, makes it use the hash-based lookup. Based on the discussions on vpp-dev mailing list, prevent assigning the ACL index to an interface, when the ACL with that index is not defined, also prevent deleting an ACL if that ACL is applied. Also, for the easier debugging of the state, there are new debug CLI commands to see the ACL plugin state at several layers: "show acl-plugin acl [index N]" - show a high-level ACL representation, used for the linear lookup and as a base for building the hashtable-based lookup. Also shows if a given ACL is applied somewhere. "show acl-plugin interface [sw_if_index N]" - show which interfaces have which ACL(s) applied. "show acl-plugin tables" - a lower-level debug command used to see the state of all of the related data structures at once. There are specifiers possible, which make for a more focused and maybe augmented output: "show acl-plugin tables acl [index N]" show the "bitmask-ready" representations of the ACLs, we well as the mask types and their associated indices. "show acl-plutin tables mask" show the derived mask types and their indices only. "show acl-plugin tables applied [sw_if_index N]" show the table of all of the ACEs applied for a given sw_if_index or all interfaces. "show acl-plugin tables hash [verbose N]" show the 48x8 bihash used for the ACL lookup. Change-Id: I89fff051424cb44bcb189e3cee04c1b8f76efc28 Signed-off-by: Andrew Yourtchenko <ayourtch@gmail.com>
2017-06-19NAT64: Hairpinning (VPP-699)Matus Fabian7-52/+477
Change-Id: I83a6c277fa211ac2c2ca2d603650c992886af0a7 Signed-off-by: Matus Fabian <matfabia@cisco.com>
2017-06-17Fix map-notify processing with multiple workersFlorin Coras2-13/+44
Change-Id: Id160346ebf533ee5f55bd735803624a75ed997b9 Signed-off-by: Florin Coras <fcoras@cisco.com>
2017-06-16memif: show memif CLI enhancementSteven1-39/+115
Add optional keywords to show memif to allow display a particular interface and option to display the descriptor tables. The new syntax for the show memif command is now show memif [<interface>] [descriptors] Change-Id: I20696bbea1142bdc152b6e351c6ece24b1cf5500 Signed-off-by: Steven <sluong@cisco.com>
2017-06-16memif: jumbo frames supportSteven2-148/+272
Current memif interface supports frame size up to 2048. This patch is to enhance memif to support jumbo frames. On tx (writing buffers to the ring), keep reading the next buffer in vlib when the flag VLIB_BUFFER_NEXT_PRESENT and merge it to the same ring entry. Use descriptor chaining if the buffer is not big enough. On rx (reading buffers from the ring), if the packet is greater than 2048, create multiple vlib buffers, chained with the VLIB_BUFFER_NEXT_PRESENT. Testing: Because the ping command provided by VPP does not support jumbo frames, I have to use linux ping. Here is the set up that I use for testing. VM1 --- vhost ---- VPP1 --- memif --- VPP2 --- vhost --- VM2 Create vhost-user interfaces between VM1 and VPP1 and between VPP2 and VM2 VM configuration: Set the interface mtu on the VM, e.g 9216 to support jumbo frames. create static route and static arp on VM1 to VM2 and vice versa. Use iperf3 or ping -s 8000 from VM1 to VM2 or vice versa. Sample run sluong@ubuntu:~$ ping 131.1.1.1 -c1 -s 8000 ping 131.1.1.1 -c1 -s 8000 PING 131.1.1.1 (131.1.1.1) 8000(8028) bytes of data. 8008 bytes from 131.1.1.1: icmp_seq=1 ttl=62 time=0.835 ms --- 131.1.1.1 ping statistics --- 1 packets transmitted, 1 received, 0% packet loss, time 0ms rtt min/avg/max/mdev = 0.835/0.835/0.835/0.000 ms sluong@ubuntu:~$ DBGvpp# sh interface memif0 Name Idx State Counter Count memif0 1 up rx packets 1 rx bytes 8042 tx packets 1 tx bytes 8042 ip4 1 DBGvpp# Change-Id: I469bece3d45a790dceaee1d6a8e976bd018feee2 Signed-off-by: Steven <sluong@cisco.com>
2017-06-16LISP-GPE: add test CLI for NSHFilip Tehlar2-0/+132
Change-Id: I9999474c1a4b744f5d5880ee99a0293c576f2819 Signed-off-by: Filip Tehlar <ftehlar@cisco.com>
2017-06-16Add missing barrier sync to rx placement infra codeDamjan Marion2-6/+18
Change-Id: I25ccf8260dbe7e1550aee3904a688fc135ce1f03 Signed-off-by: Damjan Marion <damarion@cisco.com>
2017-06-16Fix vni/dp_table endianness for gpe iface addition (VPP-882)Florin Coras2-8/+10
Change-Id: I2b78dad740b67fc05b0e2cf9c180809bc0962cd5 Signed-off-by: Florin Coras <fcoras@cisco.com>
2017-06-16Fix gpe_native_fwd_rpaths_get (VPP-883)Florin Coras1-1/+3
Change-Id: Iab2aa5fd92b9e95049f55fce4177e236a482723c Signed-off-by: Florin Coras <fcoras@cisco.com>
2017-06-15Add VAT handlers for LISP-GPE APIFilip Tehlar3-11/+223
Change-Id: Id1139533c41cabef48394b5d79750608e0b74179 Signed-off-by: Filip Tehlar <ftehlar@cisco.com>
2017-06-15acl-plugin: store sessions in a single hash table instead of a per-interfaceAndrew Yourtchenko4-22/+39
A bihash-per-interface is convenient, but turns out tricky difficult from the maintenance standpoint with the large number of interfaces. This patch makes the sessions reside in a single hash table for all the interfaces, adding the lower 16 bit of sw_if_index as part of the key into the previously unused space. There is a tradeoff, that a session with an identical 5-tuple and the same sw_if_index modulo 65536 will match on either of the interfaces. The probability of that is deemed sufficiently small to not worry about it. In case it still happens before the heat death of the universe, there is a clib_warning and the colliding packet will be dropped, at which point we will need to bump the hash key size by another u64, but rather not pay the cost of doing that right now. Change-Id: I2747839cfcceda73e597cbcafbe1e377fb8f1889 Signed-off-by: Andrew Yourtchenko <ayourtch@gmail.com>
2017-06-14Fix session api connect sock handler.Dave Wallace1-1/+10
Change-Id: I034efb9fc3ebb846c0aef07b18c1f110b8cbf3e3 Signed-off-by: Dave Wallace <dwallacelf@gmail.com>
2017-06-14acl-plugin: shrink the L2 classifier tables used for traffic redirectAndrew Yourtchenko1-17/+17
The previous iteration of the code used the L2 classifier tables for session storage, as a result, the table allocations were pretty big. The new ACL plugin datapath uses the tables just as a redirection mechanism, without adding any entries. Thus, the tables can be much smaller. Change-Id: Ieec4a5abf0abda6e513ab4e675f912f14d47e671 Signed-off-by: Andrew Yourtchenko <ayourtch@gmail.com>
2017-06-14VPP-874: fix coverity warnings in tw_timer_template.cDave Barach1-4/+4
Best guess, tested carefully, should do no harm. Clang doesn't complain either way; it's not certain that this patch will make the coverity warnings in tw_timer_template.c disappear. Change-Id: I75aa0cfd8970751e823a1165df2a755e947c4cf9 Signed-off-by: Dave Barach <dave@barachs.net>
2017-06-14ETH:fix l2_len/vlan count mismatch for > 2 tagsEyal Bari3-16/+7
l2_len was not updated for the third tag as the ethernet node retracts by the vlan count after parse_header (using ethernet_buffer_header_size) it ends up pointing before the ethernet header + some minor cleanups Change-Id: I4ccaedd33928912e5d837376f146503b27071741 Signed-off-by: Eyal Bari <ebari@cisco.com>
2017-06-13FIB walk process - wake-up rate unnecessarily highNeale Ranns1-1/+11
Change-Id: I7dedf283c83c7f0e0b7642f095b68bc0b40898cf Signed-off-by: Neale Ranns <nranns@cisco.com>
2017-06-13SNAT: fix 1:1 NAT without port hairpinning TCP checksum updateMatus Fabian1-0/+10
Change-Id: I5077fcf3671a6116b475f87e43120efc10ecaa08 Signed-off-by: Matus Fabian <matfabia@cisco.com>
2017-06-13memif: fix crash during interface deleteDamjan Marion1-0/+4
Change-Id: Ide6d26d6fcc81be6f26ac0abe2cd0d6a0838cfe6 Signed-off-by: Damjan Marion <damarion@cisco.com>
2017-06-12L2FIB:fix crash in show with deleted subif entriesEyal Bari1-4/+7
after deleting a sub interface it's l2fib entries are left with a dangling sw_if_index (while waiting for the ager to delete them). changed "show l2fib" to reflect that state with "Deleted" as the interface name. added sleep in test_l2_fib as a workaround for packets still passing after flush will investigate... Change-Id: Id998d7d3c6a073ef5005c5f3009e1cfb7febf7db Signed-off-by: Eyal Bari <ebari@cisco.com>
2017-06-12three-level timer wheel implementation w/ overflow vectorDave Barach13-77/+1331
prep work for s/timing_wheel/tw_timer/ in the vlib process model Change-Id: I763f4968a8fce1764a3778b12def0afbd30086b1 Signed-off-by: Dave Barach <dave@barachs.net>
2017-06-12memif: complete refactor of socket handling codeDamjan Marion11-1146/+1796
Change-Id: I4d41def83a23f13701f1ddcea722d481e4c85cbc Signed-off-by: Damjan Marion <damarion@cisco.com>
2017-06-12Fix build breakge post 6956Neale Ranns1-0/+2
Change-Id: I0ab0e3e40b00ed5c2a34f5c23d04b596c1e9aa5f Signed-off-by: Neale Ranns <nranns@cisco.com>
2017-06-12NAT64: bug fixMatus Fabian2-6/+29
ICMP to ICMPv6 error message inner UDP packet translation delete ST entries when deleting static BIB entry Change-Id: I2a28631ac040e20827a692331506cd8254f70916 Signed-off-by: Matus Fabian <matfabia@cisco.com>
2017-06-12Remove calls to crc_u32 and add clib_crc32c for armv8+crcChristophe Fontaine6-92/+61
crc_u32 was not defined for non x86_64 with SSE4.2 processors. Calls to "crc_u32" are removed and replaced by either a call to clib_crc32c or a call to clib_xxhash, as the result is not used as a check value but as a hash. Change-Id: I3af4d68e2e5ebd0c9b0a6090f848d043cb0f20a2 Signed-off-by: Christophe Fontaine <christophe.fontaine@enea.com>
2017-06-12NAT64: coverity fixMatus Fabian1-2/+14
Change-Id: I08544b2f06f993c8a6435901232a0616d0548b94 Signed-off-by: Matus Fabian <matfabia@cisco.com>
2017-06-12Fix coverity issueFilip Tehlar1-0/+1
Change-Id: Ib62ee0eacd6c91dc4cd95835efe901079754ef42 Signed-off-by: Filip Tehlar <ftehlar@cisco.com>
2017-06-10MPLS: cannot delete a path from the CLINeale Ranns1-13/+25
Change-Id: I7f85870ef99405727312a5de6839c8875c9fa1c5 Signed-off-by: Neale Ranns <nranns@cisco.com>
2017-06-09Fix gpe coverity issue (VPP-874)Florin Coras1-3/+8
Change-Id: I70fb60619a0a02d891276ea6c7ac277ba2b26fa3 Signed-off-by: Florin Coras <fcoras@cisco.com>
2017-06-09Implement sack based tcp loss recovery (RFC 6675)Florin Coras17-409/+973
- refactor existing congestion control code (RFC 6582/5681). Handling of ack feedback now consists of: ack parsing, cc event detection, event handling, congestion control update - extend sack scoreboard to support sack based retransmissions - basic implementation of Eifel detection algorithm (RFC 3522) for detecting spurious retransmissions - actually initialize the per-thread frame freelist hash tables - increase worker stack size to 2mb - fix session queue node out-of-buffer handling - ensure that the local buffer cache vec_len matches reality - avoid 2x spurious event requeues when short of buffers - count out-of-buffer events - make the builtin server thread-safe - fix bihash template threading issue: need to paint -1 across uninitialized working_copy_length vector elements (via rebase from master) Change-Id: I646cb9f1add9a67d08f4a87badbcb117980ebfc4 Signed-off-by: Florin Coras <fcoras@cisco.com> Signed-off-by: Dave Barach <dbarach@cisco.com>
2017-06-09Sample plugin: Add sample plugin documentationRay Kinsella2-7/+89
Added some user documentation to sample plugin. Change-Id: I518910f80499307e8fcac8dcef7baaeab5ea8e35 Signed-off-by: Ray Kinsella <ray.kinsella@intel.com>
2017-06-09acl-plugin: wrap a verbose debug message in the appropriate conditionalAndrew Yourtchenko1-0/+2
Change-Id: Ibd57cb617642e42d4c4d64f186479702b8a81900 Signed-off-by: Andrew Yourtchenko <ayourtch@gmail.com>
2017-06-09dpdk: fix ipsec coverity warningSergio Gonzalez Monroy1-2/+2
CID 170475 Change-Id: I9748dd56bdcb62e68d8f672e5b1619a3be400b8f Signed-off-by: Sergio Gonzalez Monroy <sergio.gonzalez.monroy@intel.com>
2017-06-09NAT64: ICMP error supportMatus Fabian6-23/+207
Added ICMP error messages translation. Added check for multi thread (not supported yet, so init failed). Added API definition for custom NAT64 refix. Change-Id: Ice2f04631af63e594aecc09087a1cf59f3b676fb Signed-off-by: Matus Fabian <matfabia@cisco.com>
2017-06-08LISP: add NSH supportFilip Tehlar15-44/+826
Change-Id: I971c110ed126f1a24a963f9d3b88cf8f8c308816 Signed-off-by: Filip Tehlar <ftehlar@cisco.com>
2017-06-08acl-plugin: remove clib_warnings on plugin initAndrew Yourtchenko1-3/+0
Change-Id: Ic3c9a914a588824b8abd6668961f731432083c4f Signed-off-by: Andrew Yourtchenko <ayourtch@gmail.com>
2017-06-08Add gpe native-forward static route supportFlorin Coras5-16/+402
Change-Id: I744e7d64d94dbb302f2c1246663480f720672ee2 Signed-off-by: Florin Coras <fcoras@cisco.com>
2017-06-08P2P Ethernet - APIPavel Kotucek8-6/+442
API for P2P Ethernet feature Change-Id: Id0280f42b9ce2428262e79c4dc309595037cd10e Signed-off-by: Pavel Kotucek <pkotucek@cisco.com>
2017-06-08NAT64: Add NAT64 support for snat plugin (VPP-699)Matus Fabian12-11/+3676
Basic NAT64 feature (no hairpinning, no multi-thread). Change-Id: I392fccbce93e70c117f4a9a7ec7cf08d6c537f2d Signed-off-by: Matus Fabian <matfabia@cisco.com>
2017-06-07Small update to session APIFlorin Coras2-1/+5
Change-Id: I6a566d1dc9531b790bdcb00edc73516f86daeb72 Signed-off-by: Florin Coras <fcoras@cisco.com>
2017-06-07VPP-874: fix coverity warning in vnet_classify.cDave Barach1-1/+1
Change-Id: Icffd2862eadbe9ddfb3ee34f3cb19c9324b3d9b4 Signed-off-by: Dave Barach <dave@barachs.net>
2017-06-07acl-plugin: add a plugin-specific control-ping message api and make the test ↵Andrew Yourtchenko4-1/+75
code use it This fixes the undesirable pause in the dump commands in case there is nothing to dump. Change-Id: I0554556c9e442038aa2a1ed8c88234f21f7fe9b9 Signed-off-by: Andrew Yourtchenko <ayourtch@gmail.com>
2017-06-07acl-plugin: make the ACL plugin multicore-capableAndrew Yourtchenko5-207/+912
Add the logic to be able to use stateful ACLs in a multithreaded setup. Change-Id: I3b0cfa6ca4ea8f46f61648611c3e97b00c3376b6 Signed-off-by: Andrew Yourtchenko <ayourtch@gmail.com>
2017-06-07VPP-873: fix vector expansion bug in dispatch_pending_nodeDave Barach1-13/+27
The main interior graph-node dispatch loop had a longstanding dangling vector element reference: for (i = 0; i < _vec_len (nm->pending_frames); i++) cpu_time_now = dispatch_pending_node (vm, nm->pending_frames + i, cpu_time_now); Passing a pointer to a vector element (nm->pending_frames + i) has considerable comedic potential if there's any chance that the vector could expand. dispatch_pending_node() calls dispatch_node(), and indirectly any interior graph node dispatch function. If that node happens to expand nm->pending_frames by filling in a new frame, nm->pending_frames can expand. After calling the node dispatch function, dispatch_node() does the following: nf = vec_elt_at_index (nm->next_frames, p->next_frame_index); If nm->pending_frames expands during dispatch function execution, p is a dangling reference to freed memory. By luck, the TCP stack managed to allocate a fresh frame which included "old-p," which caused p->next_frame_index to be filled with the new-frame poison pattern 0xfefefefe. This has been broken from day 1, summer 2007, first use of the third-generation vector processing library. Change-Id: Ideb6363bb060c4e8bf9b901882c318bd83853121 Signed-off-by: Dave Barach <dave@barachs.net>