Fahad Naeem [Tue, 10 May 2022 06:03:52 +0000 (01:03 -0500)]
pnat: add support to wildcard IP Protocol field if not specified
- add pnat_binding_add_v2 which explicitly requires match mask to
set to PNAT_PROTO if we want to match on IP Protocol
- fix pnat_binding_add backward compatibility i.e. no need to set
match mast to PNAT_PROTO
Type: improvement
Signed-off-by: Fahad Naeem <fahadnaeemkhan@gmail.com>
Change-Id: I5a23244be55b7d4c10552c555881527a4b2f325f
Klement Sekera [Wed, 11 May 2022 14:54:09 +0000 (16:54 +0200)]
tests: fix checkstyle-python
Add --check to black to pass back error value and fail checkstyle if
a reformat would occur.
Type: fix
Fixes:
d9b0c6fbf7aa5bd9af84264105b39c82028a4a29
Signed-off-by: Klement Sekera <klement.sekera@gmail.com>
Change-Id: I9a1fbe224929fc461ff833a589f73ca06e7cc9d6
Andrew Yourtchenko [Wed, 11 May 2022 13:41:20 +0000 (13:41 +0000)]
api: revert the changes to atexit for shared memory client
2ca88ff97884ec9ed20a853b13cee6d86f9c9d0f introduced the change
into the shared memory atexit, which breaks IPSec tests in some
environments.
Type: fix
Fixes:
2ca88ff97884ec9ed20a853b13cee6d86f9c9d0f
Change-Id: Ia132cb045e8d66f55e41d29cffdca3458d61096d
Signed-off-by: Andrew Yourtchenko <ayourtch@gmail.com>
Mohammed Hawari [Wed, 11 May 2022 09:36:19 +0000 (11:36 +0200)]
dpdk: clear the RTE_MEMPOOL_F_NON_IO
This mempool flag should be cleared when the mempool is populated, to
reproduce the behaviour of rte_mempool_populate_iova in DPDK 22.03
Change-Id: I4c0e07efca9df2e472e8e393689127c01cf66da2
Signed-off-by: Mohammed Hawari <mohammed@hawari.fr>
Type: fix
Fixes:
2f132efc3cafde5a0dd01ef8a91606528970cdf7
Klement Sekera [Tue, 26 Apr 2022 17:02:15 +0000 (19:02 +0200)]
tests: replace pycodestyle with black
Drop pycodestyle for code style checking in favor of black. Black is
much faster, stable PEP8 compliant code style checker offering also
automatic formatting. It aims to be very stable and produce smallest
diffs. It's used by many small and big projects.
Running checkstyle with black takes a few seconds with a terse output.
Thus, test-checkstyle-diff is no longer necessary.
Expand scope of checkstyle to all python files in the repo, replacing
test-checkstyle with checkstyle-python.
Also, fixstyle-python is now available for automatic style formatting.
Note: python virtualenv has been consolidated in test/Makefile,
test/requirements*.txt which will eventually be moved to a central
location. This is required to simply the automated generation of
docker executor images in the CI.
Type: improvement
Change-Id: I022a326603485f58585e879ac0f697fceefbc9c8
Signed-off-by: Klement Sekera <klement.sekera@gmail.com>
Signed-off-by: Dave Wallace <dwallacelf@gmail.com>
Klement Sekera [Wed, 6 May 2020 10:11:36 +0000 (10:11 +0000)]
nat: improve icmp type detection performance
Replace code with branchless code.
Type: improvement
Signed-off-by: Klement Sekera <ksekera@cisco.com>
Change-Id: Ic38a20ad33483c1c26f90a927f8b963b0ead4a87
Klement Sekera [Tue, 25 Jan 2022 17:32:38 +0000 (17:32 +0000)]
ip: reassembly: add documentation
Type: docs
Signed-off-by: Klement Sekera <ksekera@cisco.com>
Change-Id: I23008cde47d8b7a531346eab02902e2ced18742a
Klement Sekera [Thu, 20 May 2021 10:23:00 +0000 (12:23 +0200)]
ip: fix buffer leaks in reassembly
Type: fix
Signed-off-by: Klement Sekera <ksekera@cisco.com>
Change-Id: I952ba7e042779855e29628d048da7edec1caaafd
Steven Luong [Fri, 6 May 2022 20:34:10 +0000 (13:34 -0700)]
vhost: memory leak upon deleting vhost-user interface
We allocate vring_spinlock for all vrings in the vui, not just the ones
being used. So when we free the vui, we have to free vring_spinlock for
all vrings, not just the one being used.
Type: fix
Signed-off-by: Steven Luong <sluong@cisco.com>
Change-Id: I3951fda71ce6e11474b04302116ea9e08b404758
Gabriel Ganne [Thu, 5 May 2022 08:16:56 +0000 (10:16 +0200)]
devices: fix crash on invalid interface
Type: fix
A simple "create host-interface name xxx" is enough to trigger the bug:
The interface is not found, and we goto error with apif=NULL
Signed-off-by: Gabriel Ganne <gabriel.ganne@gmail.com>
Change-Id: I2f894176d39b3d15efab054dc7340e7a0600a2e8
Xiaoming Jiang [Mon, 2 May 2022 15:07:31 +0000 (15:07 +0000)]
session: fix session cli maybe parse wrong args if executed in files
Type: fix
Signed-off-by: Xiaoming Jiang <jiangxiaoming@outlook.com>
Change-Id: Id19a52df4f237cf5d85d305fdc279ab7df2d6f4b
Damjan Marion [Fri, 6 May 2022 10:39:10 +0000 (12:39 +0200)]
stats: add vlib_stats_free_string_vector
Type: improvement
Change-Id: Ifa9f908b24b5fe867826601d32eeb4f0d639fbeb
Signed-off-by: Damjan Marion <damarion@cisco.com>
Damjan Marion [Fri, 6 May 2022 10:37:30 +0000 (12:37 +0200)]
vppinfra: free vector against its heap
Type: fix
Change-Id: Ie292ee56dd5265a56ef472554aaf086e61da7089
Signed-off-by: Damjan Marion <damarion@cisco.com>
Damjan Marion [Fri, 6 May 2022 10:38:19 +0000 (12:38 +0200)]
stats: strings in string vector are c strings
Type: fix
Change-Id: I9cf9376f2813f7bceecc6a9d714dcb98df77615d
Signed-off-by: Damjan Marion <damarion@cisco.com>
Ting Xu [Thu, 5 May 2022 09:12:50 +0000 (09:12 +0000)]
dpdk: fix generic flow input parsing in FDIR
This patch fixes the issue that in DPDK FDIR generic flow parsing, the
inputs will be changed during processing, which will lead to a failure
in vnet flow when creating generic flow rules.
Type: fix
Signed-off-by: Ting Xu <ting.xu@intel.com>
Change-Id: I107735a305ff48593d66746e0cd642c76ad5700d
Jieqiang Wang [Thu, 5 May 2022 12:33:57 +0000 (12:33 +0000)]
rdma: two small improvements for rdma interface
- fix branch prediction for checking rdma ERROR flag
- add the missing right angle bracket to help message
Type: improvement
Signed-off-by: Jieqiang Wang <jieqiang.wang@arm.com>
Reviewed-by: Lijian Zhang <lijian.zhang@arm.com>
Reviewed-by: Tianyu Li <tianyu.li@arm.com>
Change-Id: I2ce667631b3e3f60939069e2a16ddba0ff12a695
Dave Wallace [Wed, 4 May 2022 21:31:55 +0000 (17:31 -0400)]
vat2: fix argument parsing
Type: fix
Signed-off-by: Dave Wallace <dwallacelf@gmail.com>
Change-Id: I6d40ce90330d644469937a24eec47ea5bd5b649b
Stanislav Zaikin [Tue, 5 Apr 2022 17:23:12 +0000 (19:23 +0200)]
policer: output interface policer
Type: improvement
Change-Id: Ibc1b5059ed51c34334340534e9eb68121f556bce
Signed-off-by: Stanislav Zaikin <zstaseg@gmail.com>
Benoît Ganne [Wed, 4 May 2022 09:26:09 +0000 (11:26 +0200)]
udp: remove buggy assert in udp encap
It looks like in a distant past we were using a vnet_rewrite but this
no longer the case.
Type: fix
Change-Id: Ib8d336aec7d5abd7749f543739f531144e76e551
Signed-off-by: Benoît Ganne <bganne@cisco.com>
Florin Coras [Wed, 4 May 2022 19:02:56 +0000 (12:02 -0700)]
tls: free app session if connect notify refused
Type: fix
Signed-off-by: Florin Coras <fcoras@cisco.com>
Change-Id: Iee6784c37a835b49d962ae6f87c279cbe65dde15
Fahad Naeem [Mon, 4 Apr 2022 14:31:04 +0000 (10:31 -0400)]
vhost: use_custom_mac set in create_vhost_user_if_v2
Type: fix
set use_custom_mac for args in create_vhost_user_if_v2 API
Add testcase for custom mac-address
Signed-off-by: Fahad Naeem <fahadnaeemkhan@gmail.com>
Change-Id: Iac64d818e0f1e6d36187fe769ee33d202aaafd05
Signed-off-by: Fahad Naeem <fahadnaeemkhan@gmail.com>
Benoît Ganne [Mon, 11 Apr 2022 16:51:25 +0000 (18:51 +0200)]
ipsec: support per next-header next-nodes
Type: feature
Change-Id: I940b6c9d206e407f3e17d66c97233cd658984e61
Signed-off-by: Benoît Ganne <bganne@cisco.com>
Klement Sekera [Thu, 14 Apr 2022 14:29:07 +0000 (16:29 +0200)]
tests: handle removed interface
Catch exception if sw_if_index is invalid when querying interface
binding config. If the interface is not there, it's surely not bound to
any table ...
Type: improvement
Change-Id: I1f3e04a631653feb5c2350662b6a041adccefa1f
Signed-off-by: Klement Sekera <klement.sekera@gmail.com>
Ole Troan [Thu, 27 Jan 2022 15:25:43 +0000 (16:25 +0100)]
vapi: support api clients within vpp process
Add vapi_connect_from_vpp() and vapi_disconnect_from_vpp()
calls to allow API clients from within VPP process.
Add a new memclnt_create version that gives the user a
knob to enable or disable dead client scans (keepalive).
Type: feature
Signed-off-by: Ole Troan <ot@cisco.com>
Change-Id: Id0b7bb89308db3a3aed2d3fcbedf4e1282dcd03f
Signed-off-by: Ole Troan <ot@cisco.com>
Jing Peng [Fri, 29 Apr 2022 19:14:07 +0000 (15:14 -0400)]
dhcp: fix dhcp_compl_event
This patch fixes two problems:
1. The lease field in the dhcp_compl_event message can include a list of
vl_api_domain_server_t structs, but no memory is allocated for it.
2. The DNS server address is not copied properly, resulting in wrong IP4
addresses in the event message.
Type: fix
Signed-off-by: Jing Peng <pj.hades@gmail.com>
Change-Id: I42c533e7af697568c69714011d983f88368a7e15
Damjan Marion [Fri, 29 Apr 2022 17:09:38 +0000 (19:09 +0200)]
build: use env to find bash path
Type: make
Change-Id: I9f87134ac05d99051888024f889f05dae8e3feec
Signed-off-by: Damjan Marion <damarion@cisco.com>
Damjan Marion [Thu, 28 Apr 2022 15:46:13 +0000 (17:46 +0200)]
vppinfra: fix clib_mem_destroy
Passing wrong pointer to clib_mem_vm_unmap...
Type: fix
Change-Id: I1f695d77bc45d9a6de3a4a3da1fbe6faebdad15e
Signed-off-by: Damjan Marion <damarion@cisco.com>
Klement Sekera [Mon, 25 Apr 2022 14:39:09 +0000 (16:39 +0200)]
tests: fix handling failed test case
Add missing parameter where required.
Type: fix
Signed-off-by: Klement Sekera <klement.sekera@gmail.com>
Change-Id: I8cd7c31848836e3233cb79d1dd21884167db4354
Klement Sekera [Sat, 23 Apr 2022 09:34:29 +0000 (11:34 +0200)]
tests: fix assert_nothing_captured
Type: fix
Fixes:
26cd0242c95025e0d644db3a80dfe8dee83b6d7a
Change-Id: I9a88221af65f170dc6b1f0dc0992df401e489fa2
Signed-off-by: Klement Sekera <klement.sekera@gmail.com>
Florin Coras [Thu, 28 Apr 2022 14:55:07 +0000 (07:55 -0700)]
build: remove mbedtls from rpm dependencies
Type: improvement
Signed-off-by: Florin Coras <fcoras@cisco.com>
Change-Id: I50dfed0fba3c8547f5c52998cf777f2ed1d2e4a5
Jon Loeliger [Tue, 12 Apr 2022 15:06:49 +0000 (10:06 -0500)]
wireguard: Document wireguard async mode default
Type: improvement
Signed-off-by: Jon Loeliger <jdl@netgate.com>
Change-Id: I446eb86c097d1bf99f05ee47f1c550689d70ced2
Benoît Ganne [Thu, 28 Apr 2022 09:07:14 +0000 (11:07 +0200)]
af_xdp: more meaningful frame_size error message
Type: improvement
Change-Id: If3a83848ae0741334887c654b65e424b99caa73c
Signed-off-by: Benoît Ganne <bganne@cisco.com>
Florin Coras [Wed, 27 Apr 2022 02:32:11 +0000 (19:32 -0700)]
session: fix coverity warning
Type: fix
Signed-off-by: Florin Coras <fcoras@cisco.com>
Change-Id: I67f5a2c8902dd14c09472c25599b3b1b493a6948
Renato Botelho do Couto [Wed, 27 Apr 2022 20:51:20 +0000 (17:51 -0300)]
vapi: Fix build when directory contains @
During build some header guards are created based on full path where
build is happening. If one directory contains @ character build breaks
because compiler believes it's a macro declaration.
Jenkins adds `@${EXECUTOR_NUMBER}` suffix to workspace directory when
it uses more than one executor for that job, breaking the build.
Replace any @ character on guard name by _ to get it fixed.
Type: fix
Change-Id: Id0f4cfc33fda95e168541aa4e353a0d08aa3b664
Signed-off-by: Renato Botelho do Couto <renato@netgate.com>
Stanislav Zaikin [Mon, 25 Apr 2022 17:11:36 +0000 (19:11 +0200)]
linux-cp: sync addr and neigh only for lcp interfaces
Type: fix
Signed-off-by: Stanislav Zaikin <zstaseg@gmail.com>
Change-Id: I792467b73449074e59c4232b1f82d134c399624c
Daniel Béreš [Fri, 22 Apr 2022 08:06:17 +0000 (08:06 +0000)]
libmemif: timer causes spin at 100% cpu
In case of timer is set and expires:
1. timer_fd is readable and stay readable.
2. timer_fd is part of epoll_fd set. This makes epoll_pwait()
calls return immediately instead of sleeping.
Type: fix
Signed-off-by: Daniel Béreš <dberes@cisco.com>
Change-Id: I9b228464fe45b83def9b182c885d6febf428049c
Ting Xu [Fri, 25 Mar 2022 03:45:07 +0000 (03:45 +0000)]
flow: enable RSS queue group action for 5G enhancement
Enable the flow action for RSS queue group. Packets can be distributed
among queues in group based on specific fields. Queues must be continous
in the group. This feature is to support 5G enhancement requirement.
Type: feature
Signed-off-by: Ting Xu <ting.xu@intel.com>
Change-Id: I74fdc617659bcb61f00b3b1934c95ab1c73bb8f3
Florin Coras [Mon, 25 Apr 2022 23:15:02 +0000 (16:15 -0700)]
session: export session counts to stats segment
Type: improvement
Signed-off-by: Florin Coras <fcoras@cisco.com>
Change-Id: I02aec410eaa7ccb999159b6967414fbaf4e76a3f
Damjan Marion [Fri, 15 Apr 2022 13:53:17 +0000 (15:53 +0200)]
stats: string vector and node collector improvements
Type: improvement
Change-Id: Ibdadeb4e685f45a93f45504a84709391489abb6a
Signed-off-by: Damjan Marion <damarion@cisco.com>
Damjan Marion [Mon, 25 Apr 2022 10:38:40 +0000 (12:38 +0200)]
build: add option to build only for native CPU
Significantly reduces compilation time for uses who are interested
to run binaries only on the build machine.
Type: make
Change-Id: I431f6f7374b6dfa8b3f7c72dc69f3d5cafd1f6bb
Signed-off-by: Damjan Marion <damarion@cisco.com>
Benoît Ganne [Fri, 22 Apr 2022 08:10:37 +0000 (10:10 +0200)]
build: fix 16-8-8 mtrie build option
VPP_IP_FIB_MTRIE_16 should be defined only if the option is enabled
instead of being defined as "ON" or "OFF".
Type: fix
Change-Id: Ib4e29a827bcbd84c8012f05ad264c1408ffccee7
Signed-off-by: Benoît Ganne <bganne@cisco.com>
Florin Coras [Fri, 15 Apr 2022 01:19:42 +0000 (18:19 -0700)]
hsa: vcl test client epoll worker loop
Supports more connections and track connect time. Can be used to measure
CPS. Only works in unidirectional mode for now.
Type: improvement
Signed-off-by: Florin Coras <fcoras@cisco.com>
Change-Id: I70bc6a271996407dd16a96115f509bd680a0f302
Florin Coras [Fri, 22 Apr 2022 01:03:12 +0000 (18:03 -0700)]
session: fix ctrl evt rpc elt pool realloc
Type: fix
Signed-off-by: Florin Coras <fcoras@cisco.com>
Change-Id: I79bfe91e81983b619c61a32285d8e038c2654147
Florin Coras [Wed, 20 Apr 2022 01:57:24 +0000 (18:57 -0700)]
session svm: fix mq producer wait on q and ring
Make sure producer drops lock when it waits for empty ring slot.
Type: fix
Signed-off-by: Florin Coras <fcoras@cisco.com>
Change-Id: Id77d54ee8c01bed20c9eaf5ad372ed4b1e9fa712
Ole Troan [Thu, 17 Mar 2022 10:58:38 +0000 (11:58 +0100)]
nat: tweak rfc7857 tcp connection tracking
The RFC7857 state machine introduced in
56c492a is a trade-off.
It tries to retain sessions as much as possible and also offers
some protection against spurious RST by re-establishing sessions if data
is received after the RST. From experience in the wild, this algorithm is
a little too liberal, as it leaves too many spurious established sessions
in the session table.
E.g. a oberserved pattern is:
client server
<- FIN, ACK
ACK ->
ACK ->
RST, ACK ->
With the current state machine this would leave the session in established state.
These proposed changes do:
- require 3-way handshake to establish session.
(current requires only to see SYNs from both sides)
- RST will move session to transitory without recovery if data is sent after
- Only a single FIN is needed to move to transitory
Fixes:
56c492aa0502751de2dd9d890096a82c5f04776d
Type: fix
Signed-off-by: Ole Troan <ot@cisco.com>
Change-Id: I92e593e00b2efe48d04997642d85bd59e0eaa2ea
Signed-off-by: Ole Troan <ot@cisco.com>
Mohsin Kazmi [Mon, 11 Apr 2022 12:52:28 +0000 (12:52 +0000)]
devices: remove redundant access in af-packet input
Type: fix
current_data is set to 0 for each packet in af-packet input node.
It is not required to include it to calculate the headers offset.
Signed-off-by: Mohsin Kazmi <sykazmi@cisco.com>
Change-Id: I538d8c04e24c758155b3f8d6a1532472ef549459
Florin Coras [Fri, 15 Apr 2022 19:37:48 +0000 (12:37 -0700)]
session: add support for listen proxies
Listener proxies are allowed to listen on IPs that are not local.
Configurable only by builtin apps for now.
Type: improvement
Signed-off-by: Florin Coras <fcoras@cisco.com>
Change-Id: Idb380ee3584a088878a03d45fd85e7bb0deeb590
Alexander Skorichenko [Fri, 15 Apr 2022 16:32:18 +0000 (16:32 +0000)]
nat: fix deleting nat ei out interface feature
Type: fix
Set is_add function argument to 0 when deleting interface role.
Change-Id: I6ca88d6511e1c88285e51b3750eb501fde2b341b
Signed-off-by: Alexander Skorichenko <askorichenko@netgate.com>
Florin Coras [Mon, 18 Apr 2022 16:29:59 +0000 (09:29 -0700)]
rpm-packaging: remove mbedtls dependency
Type: improvement
Signed-off-by: Florin Coras <fcoras@cisco.com>
Change-Id: Idf325b7f1ce75e973dbea4d5836609590c85dc38
Florin Coras [Fri, 15 Apr 2022 23:01:43 +0000 (16:01 -0700)]
hsa: vcl test client allow non-blocking connects
Type: improvement
Signed-off-by: Florin Coras <fcoras@cisco.com>
Change-Id: If7dd56e76efc31ed66b865e2c7231d22ec2322b4
Florin Coras [Wed, 13 Apr 2022 05:16:11 +0000 (22:16 -0700)]
hsa: support configurable vcl client wrk loop
Type: refactor
Signed-off-by: Florin Coras <fcoras@cisco.com>
Change-Id: I5e49f43b18ff011ce0b7259ed58854d81f910826
Damjan Marion [Fri, 15 Apr 2022 13:27:24 +0000 (15:27 +0200)]
stats: store heap in the directory_entry vector
Type: improvement
Change-Id: I878803d14d1070ef5a00ed9d3f72022906d55191
Signed-off-by: Damjan Marion <damarion@cisco.com>
Damjan Marion [Thu, 14 Apr 2022 20:18:19 +0000 (22:18 +0200)]
build: c compiler version warnings
Type: make
Change-Id: I9455da47f03383df822436d1adc4c4b5e58c7cf9
Signed-off-by: Damjan Marion <damarion@cisco.com>
Andrew Yourtchenko [Fri, 15 Apr 2022 14:23:41 +0000 (14:23 +0000)]
api: fix infinite loop in show api dump CLI
The following illustrates the problem:
./build-root/install-vpp_debug-native/vpp/bin/vpp api-trace { on } unix { cli-listen /tmp/vpp-api-cli.sock } plugins { plugin dpdk_plugin.so { disable } }
sleep 5
./build-root/install-vpp_debug-native/vpp/bin/vppctl -s /tmp/vpp-api-cli.sock show version
./build-root/install-vpp_debug-native/vpp/bin/vppctl -s /tmp/vpp-api-cli.sock show api dump file /tmp/api-table.master-api-baseline compare
The last CLI hangs in an infinite loop.
Fix the typo which got in during the conversion of _vec_len to read-only:
.@@ -1285,7 +1285,7 @@ extract_name (u8 * s)
. rv = vec_dup (s);
.
. while (vec_len (rv) && rv[vec_len (rv)] != '_')
.- _vec_len (rv)--;
.+ vec_dec_len (rv, 0);
.
Type: fix
Fixes:
8bea589cfe0fca1a6f560e16ca66a4cf199041a2
Signed-off-by: Andrew Yourtchenko <ayourtch@gmail.com>
Change-Id: I4f895348ae0ebaaba9da97c3a440912d38210f10
Benoît Ganne [Thu, 9 Dec 2021 17:24:21 +0000 (18:24 +0100)]
vlib: disable cpu pinning if not configured
In some environment like when running a lot of functional tests, it can
be useful to run more VPP instances than CPU and let the Linux scheduler
decide what to do. This change disable cpu pinning altogether in the
single-threaded case, provided that no main-core is explicitely
specified in the config
Type: improvement
Change-Id: I8c2f36fdd49c00f9adaaeb4c81aefb27c3420a9b
Signed-off-by: Benoît Ganne <bganne@cisco.com>
Signed-off-by: Mohammed Hawari <mohammed@hawari.fr>
Leung Lai Yung [Sat, 9 Apr 2022 10:45:12 +0000 (10:45 +0000)]
gtpu: fix memory leak
Type: fix
Free the old rewrite string before assigning a new rewrite string for the updated new tteid value.
Signed-off-by: Leung Lai Yung <benkerbuild@gmail.com>
Change-Id: I1ec19bce6afda3dfdc31c8724b32ac7b9bc84e89
Renato Botelho do Couto [Thu, 14 Apr 2022 12:03:30 +0000 (09:03 -0300)]
build: Ignore buildinfo file
During deb package build, a .buildinfo file is created at build-root.
Add this to .gitignore.
Type: make
Signed-off-by: Renato Botelho do Couto <renato@netgate.com>
Change-Id: Id86c21e22aa2b9e4b559cfc0bc662de835fa1621
Zachary Leaf [Fri, 25 Jun 2021 13:11:15 +0000 (08:11 -0500)]
ipsec: perf improvement of ipsec4_input_node using flow cache
Adding flow cache support to improve inbound IPv4/IPSec Security Policy
Database (SPD) lookup performance. By enabling the flow cache in startup
conf, this replaces a linear O(N) SPD search, with an O(1) hash table
search.
This patch is the ipsec4_input_node counterpart to
https://gerrit.fd.io/r/c/vpp/+/31694, and shares much of the same code,
theory and mechanism of action.
Details about the flow cache:
Mechanism:
1. First packet of a flow will undergo linear search in SPD
table. Once a policy match is found, a new entry will be added
into the flow cache. From 2nd packet onwards, the policy lookup
will happen in flow cache.
2. The flow cache is implemented using a hash table without collision
handling. This will avoid the logic to age out or recycle the old
flows in flow cache. Whenever a collision occurs, the old entry
will be overwritten by the new entry. Worst case is when all the
256 packets in a batch result in collision, falling back to linear
search. Average and best case will be O(1).
3. The size of flow cache is fixed and decided based on the number
of flows to be supported. The default is set to 1 million flows,
but is configurable by a startup.conf option.
4. Whenever a SPD rule is added/deleted by the control plane, all
current flow cache entries will be invalidated. As the SPD API is
not mp-safe, the data plane will wait for the control plane
operation to complete.
Cache invalidation is via an epoch counter that is incremented on
policy add/del and stored with each entry in the flow cache. If the
epoch counter in the flow cache does not match the current count,
the entry is considered stale, and we fall back to linear search.
The following configurable options are available through startup
conf under the ipsec{} entry:
1. ipv4-inbound-spd-flow-cache on/off - enable SPD flow cache
(default off)
2. ipv4-inbound-spd-hash-buckets %d - set number of hash buckets
(default 4,194,304: ~1 million flows with 25% load factor)
Performance with 1 core, 1 ESP Tunnel, null-decrypt then bypass,
94B (null encrypted packet) for different SPD policy matching indices:
SPD Policy index : 2 10 100 1000
Throughput : Mbps/Mbps Mbps/Mbps Mbps/Mbps Mbps/Mbps
(Baseline/Optimized)
ARM TX2 : 300/290 230/290 70/290 8.5/290
Type: improvement
Signed-off-by: Zachary Leaf <zachary.leaf@arm.com>
Signed-off-by: mgovind <govindarajan.Mohandoss@arm.com>
Tested-by: Jieqiang Wang <jieqiang.wang@arm.com>
Change-Id: I8be2ad4715accbb335c38cd933904119db75827b
Guillaume Solignac [Wed, 13 Apr 2022 13:52:05 +0000 (15:52 +0200)]
crypto-openssl: use getrandom syscall
The sys/random.h header, which provides the getrandom syscall wrapper,
was only added in glibc2.25. To make it compatible with older version,
we can directly call the syscall.
Type: improvement
Signed-off-by: Guillaume Solignac <gsoligna@cisco.com>
Change-Id: I93c5f8a49c0323511a4e34273f0b3c0e24663bfd
Guillaume Solignac [Wed, 13 Apr 2022 10:03:48 +0000 (12:03 +0200)]
vppinfra: fix GCC 7.3 build error with asm inline
GCC added asm inline in 8.3, so we change asm inline to asm volatile.
Type: fix
Fixes:
d5045e68a782 ("vppinfra: introduce clib_perfmom")
Signed-off-by: Guillaume Solignac <gsoligna@cisco.com>
Change-Id: I9f7781ba9de66211404348ff477a17059b408a78
Tianyu Li [Tue, 12 Apr 2022 07:05:08 +0000 (15:05 +0800)]
build: fix rpm build nasm not found
Type: make
Signed-off-by: Tianyu Li <tianyu.li@arm.com>
Change-Id: I7ac1d0472edf8d48eac21a7b580a06456bf60c30
Tianyu Li [Tue, 12 Apr 2022 03:58:29 +0000 (03:58 +0000)]
vppinfra: fix clang-10 build error with asm inline
clang start to support parse asm inline from clang-11,
Use asm volatile instead.
Type: fix
Fixes:
d5045e68a782 ("vppinfra: introduce clib_perfmom")
Signed-off-by: Tianyu Li <tianyu.li@arm.com>
Change-Id: I00e5e19856caaed94e22f8fa6cf4f918483976a4
Damjan Marion [Mon, 11 Apr 2022 16:41:49 +0000 (18:41 +0200)]
vppinfra: vector perf improvements
Type: improvement
Change-Id: I37c187af80c21b8fb1ab15af112527a837e0df9e
Signed-off-by: Damjan Marion <damarion@cisco.com>
Alexander Chernavin [Mon, 11 Apr 2022 13:02:11 +0000 (13:02 +0000)]
ip: fix arc start in ip46-local for local mfib entries
Type: fix
After changes made in
f840880, VRRP IPv6 cannot reply for neighbor
solicitations requesting the link layer address of the configured
virtual address.
VRRP IPv6 enables the vrrp6-nd-input feature in the ip6-local feature
arc for an interface on which a virtual router is configured. When
neighbor solicitations arrive on that interface, ip6-local should start
feature arc walk for that interface and the messages should be processed
by vrrp6-nd-input. The problem is that currently, the feature arc is
started for the interface obtained from the receive DPO that has
interface unset (i.e. max u32) for local mfib entries. Thus, the feature
arc is started not on the interface the messages were received on and
vrrp6-nd-input is not traversed.
With this fix, if interface obtained from the receive DPO is unset, use
RX interface from the buffer to start the ip46-local feature arc.
Also, enable tests of this case for both IPv4 and IPv6 address families
that are currently tagged as extended and not run on every change. They
configure VRRP with priority 255 and are expected to be stable.
Signed-off-by: Alexander Chernavin <achernavin@netgate.com>
Change-Id: I11ef3d5a7a986e04431e8613d1510b8666094bd7
Florin Coras [Tue, 12 Apr 2022 14:34:35 +0000 (07:34 -0700)]
hsa: fix coverity warning
Type: fix
Signed-off-by: Florin Coras <fcoras@cisco.com>
Change-Id: I9cf21ee7ad363dd1af5ca75f07bfe38d8fe749f9
Florin Coras [Tue, 12 Apr 2022 02:28:11 +0000 (19:28 -0700)]
hsa: vcl test client option to close only client
Type: improvement
Signed-off-by: Florin Coras <fcoras@cisco.com>
Change-Id: I45c63e0a7d7179a0f27ca3f093bd3cf7458a12d3
Florin Coras [Tue, 15 Mar 2022 21:24:59 +0000 (14:24 -0700)]
tcp: limit persist segment size if window available
Type: improvement
Signed-off-by: Florin Coras <fcoras@cisco.com>
Change-Id: Ie1ae401d5105aa42761d3cac5dfbe523f3995c87
Jing Peng [Mon, 11 Apr 2022 20:36:28 +0000 (16:36 -0400)]
tests: fix bihash unit test threads count
In test_bihash_threads, if a test thread fails to be created,
it is still counted towards the total thread count, which could
lead to never-ending test loop. This patch fixes the issue.
Type: fix
Signed-off-by: Jing Peng <pj.hades@gmail.com>
Change-Id: Ic0f1d4dde9c5ea672b52f0e2e49f16d42f982b77
Benoît Ganne [Mon, 11 Apr 2022 08:45:43 +0000 (10:45 +0200)]
teib: use nexthop table id
Use the specified nexthop table id instead of the interface table id.
Type: fix
Change-Id: I61bf61d50d2716fcd9a6e35df4d60222dc4f36d5
Signed-off-by: Benoît Ganne <bganne@cisco.com>
Mohsin Kazmi [Fri, 1 Apr 2022 13:42:20 +0000 (13:42 +0000)]
interface: fix the offloads
Type: fix
Signed-off-by: Mohsin Kazmi <sykazmi@cisco.com>
Change-Id: I9f3d1a8574b15f09a458baad98c815e087fd60b8
Florin Coras [Sun, 10 Apr 2022 20:34:47 +0000 (13:34 -0700)]
tls: fix connected notifications with no app wrk
Type: fix
Signed-off-by: Florin Coras <fcoras@cisco.com>
Change-Id: I805131b4e3d0cb2fab1d3bf76db659c67522c2e8
Jing Peng [Fri, 8 Apr 2022 18:19:32 +0000 (14:19 -0400)]
tests: fix bihash unittest error reporting
This patch fixes test_bihash_unittest in two ways:
1. The number of searches, namely tm->search_iter, defaults to 0,
thus disabling the test. This patch changes the default to 1.
2. Test errors are reported by clib_warning() instead of being
returned, thus the caller test/test_bihash.py is never aware of them.
This patch returns the errors constructed by clib_error_return().
Type: fix
Signed-off-by: Jing Peng <pj.hades@gmail.com>
Change-Id: I60e99a829ebe6aa2a56e7a9332cf973afa100311
Mohsin Kazmi [Tue, 5 Apr 2022 13:08:53 +0000 (13:08 +0000)]
devices: refactor fanout support
Type: refactor
Signed-off-by: Mohsin Kazmi <sykazmi@cisco.com>
Change-Id: I9e68ecb91f6433f68a8a87dd066f3e369f25a3c9
Damjan Marion [Sun, 10 Apr 2022 09:48:29 +0000 (11:48 +0200)]
build: add clang-14
clang-14 is default for Upcoming Ubuntu 22.04 LTS...
Type: make
Change-Id: I65328d0e90a4c13d5766e51da8b90a8899b773d9
Signed-off-by: Damjan Marion <dmarion@me.com>
Mohsin Kazmi [Fri, 8 Apr 2022 17:49:32 +0000 (17:49 +0000)]
devices: fix the offset for af-packet
Type: fix
Signed-off-by: Mohsin Kazmi <sykazmi@cisco.com>
Change-Id: I12b2e53ddb797cc809a2d742d17a1a60edde385d
Matthew Smith [Tue, 5 Apr 2022 18:20:07 +0000 (18:20 +0000)]
linux-cp: fix setting mtu on hardware interfaces
Type: fix
Fixes:
616447c39231
In lcp_router_link_mtu(), either vnet_hw_interface_set_mtu() or
vnet_sw_interface_set_mtu() is called, based on whether this appears to
be a physical interface. The test to determine whether this is true was
incorrect and probably never worked right so vnet_sw_interface_set_mtu()
was always being called. This causes some breakage with Recent changes
to code which manages interface MTUs. Fix the test so the right function
is called.
Change-Id: I1ecccbce37d5a1e53b2349ed40f3d0d27eb03569
Signed-off-by: Matthew Smith <mgsmith@netgate.com>
Mohsin Kazmi [Thu, 31 Mar 2022 21:59:15 +0000 (21:59 +0000)]
dpdk: add multi-txq support
Type: improvement
Signed-off-by: Mohsin Kazmi <sykazmi@cisco.com>
Change-Id: I9f061a05d947bc2867e1b962bf0522ad344bcc1a
Laszlo Kiraly [Wed, 6 Apr 2022 14:25:32 +0000 (16:25 +0200)]
build: opensuse: remove nasm, change to clang
Type: make
Signed-off-by: Laszlo Kiraly <laszlo.kiraly@est.tech>
Change-Id: I3951be5be95a7fb76f54c4ce0daab0748cb8419c
Dmitry Valter [Fri, 8 Apr 2022 10:08:32 +0000 (10:08 +0000)]
stats: fix vector overrun in expend check
Do not access allocated elements beyond the end of the vector. They are
allocated, but not yet valid both logically (they are at best NULLs) and
according to ASAN.
Type: fix
Change-Id: Iaf43767d6d3bd4c24c7c5a0ba9b3410bbeeb0556
Signed-off-by: Dmitry Valter <d-valter@yandex-team.ru>
Damjan Marion [Wed, 6 Apr 2022 19:16:37 +0000 (21:16 +0200)]
vppinfra: introduce clib_perfmom
Type: improvement
Change-Id: I85a90774eb313020435c9bc2297c1bdf23d52efc
Signed-off-by: Damjan Marion <damarion@cisco.com>
Paul Atkins [Wed, 6 Apr 2022 13:51:21 +0000 (14:51 +0100)]
vppinfra: clib_interrupt_get_next reading unallocated memory
The clib interrupt structure has a couple of fields at the start of
the cacheline, and then in the next cacheline it has a bitmap, which
is then followed by an atomic bitmap. The size of the bitmaps is
based on the number of interrupts, and when the memory is allocated
the number of interrupts needed is used to size the overall block of
memory. The interrupts typically map to pool entries, so if we want
to store 512 entries then we store them in indices 0..511. This
would then take 8 6 4bit words, so each bitmap would be this size
when the struct is allocated.
It is possible to walk over the end of the allocated data with certain
sizes, one of which is 512. The reason this happens with 512 is that
the check to see when to exit the loop is returning when offset is
greater than the value needed to fit all the values. In this case
512 >> 6 = 8. If there had only been 511 entries then the size would
have been 511 >> 6 = 7, and so it would have fitted in the space.
Therefore modify the check to also check that we are not looking into
the memory beyond what we have allocated in the case where the
number of interrupt is one of the boundary values like 512.
Also add a similar check first time round the loop as it is
possible we could have ate same problem there too.
Add a new test file to verify the new code works. The old version
of the code made this test fail when run with the address
sanitizer. Without the sanitiser it tended to pass because the
following memory was typically set to 0 even though it was
uninitialised.
Type: fix
Signed-off-by: Paul Atkins <patkins@graphiant.com>
Change-Id: I2ec4afae43d296a5c30299bd7694c072ca76b9a4
Damjan Marion [Fri, 8 Apr 2022 11:42:41 +0000 (13:42 +0200)]
vppinfra: add bright colors to format_table
Type: improvement
Change-Id: I21de21af6dea9e39df5e912e20e56d878a40659f
Signed-off-by: Damjan Marion <damarion@cisco.com>
Neale Ranns [Fri, 25 Mar 2022 08:34:53 +0000 (08:34 +0000)]
api: Do not assert of short message lengths
Type: improvement
Short message lengths are correctly handled by the code, asserting makes unit tests that verify this behaviour (e.g. test_ip_punt_api_validation) fail/crash with a debug image.
Signed-off-by: Neale Ranns <neale@graphiant.com>
Change-Id: Ib3a377e5d49fde0eee252b92f0e58a8a0d0d83ec
Florin Coras [Wed, 6 Apr 2022 22:10:13 +0000 (15:10 -0700)]
tls http: run config fns after init ones
Type: fix
Signed-off-by: Florin Coras <fcoras@cisco.com>
Change-Id: Ia4d8aaafeb3629f421601edffefe9c61c3e69dba
Florin Coras [Thu, 7 Apr 2022 02:05:05 +0000 (19:05 -0700)]
tls: fix session pool realloc on accept
Type: fix
Signed-off-by: Florin Coras <fcoras@cisco.com>
Change-Id: I68ada775810bb4a4f280962a979605b211562a52
Mohsin Kazmi [Tue, 5 Apr 2022 12:43:13 +0000 (12:43 +0000)]
devices: add cli support for checksum and gso disable
Type: improvement
Signed-off-by: Mohsin Kazmi <sykazmi@cisco.com>
Change-Id: I33a29cf11998736347eca5016eee112619d847c1
Damjan Marion [Wed, 6 Apr 2022 10:31:15 +0000 (12:31 +0200)]
vppinfra: add vec_new_heap()
Type: improvement
Change-Id: Iab3d65b6276829ad1e522e66380d1797e37579b8
Signed-off-by: Damjan Marion <damarion@cisco.com>
Mohsin Kazmi [Tue, 5 Apr 2022 12:03:47 +0000 (12:03 +0000)]
devices: add cli support to disable qdisc bypass
Type: improvement
Signed-off-by: Mohsin Kazmi <sykazmi@cisco.com>
Change-Id: Ie5f2bdb8fb559680bab863a7c24a49360e005b58
Damjan Marion [Wed, 6 Apr 2022 10:06:41 +0000 (12:06 +0200)]
stats: avoid linear search for empty entry
Type: improvement
Change-Id: Ie4cdc6d8906da3d1cd18a8f1d7076283546d3003
Signed-off-by: Damjan Marion <damarion@cisco.com>
Damjan Marion [Wed, 6 Apr 2022 09:07:35 +0000 (11:07 +0200)]
interface: unregister node counters on interface delete
Type: fix
Change-Id: I2562ae5833b542c29bcd5025a9a6756e5de95a42
Signed-off-by: Damjan Marion <damarion@cisco.com>
Damjan Marion [Wed, 6 Apr 2022 10:01:47 +0000 (12:01 +0200)]
vppinfra: add MAX macros for clib types
Type: improvement
Change-Id: I1bca733d2a35733275efa46ee0a23bf572365c74
Signed-off-by: Damjan Marion <damarion@cisco.com>
Stanislav Zaikin [Thu, 31 Mar 2022 12:16:28 +0000 (14:16 +0200)]
vlib: clear frame flags on free
Type: fix
Change-Id: If4a7ac244832ef72d82c71b0277bc110b9500537
Signed-off-by: Stanislav Zaikin <zstaseg@gmail.com>
Damjan Marion [Tue, 5 Apr 2022 17:26:51 +0000 (19:26 +0200)]
build: remove nasm
Type: make
Change-Id: I5ee34e9d7156ccdc7a8310e8332347d850459495
Signed-off-by: Damjan Marion <damarion@cisco.com>
Jon Loeliger [Tue, 5 Apr 2022 19:05:38 +0000 (14:05 -0500)]
wireguard: prevent segfault on non-adj packets
An unexpected packet that shows up on a Wireguard interace
that happens not to have a forwarding peer will cause a
segfault trying to index the vector of peers by adjacency.
Rather than segfaulting, recognize a non-adjacent packet
and drop it instead.
This leaves open the question of what _should_ be
happening to, say, IPv6 multicast packets.
Signed-off-by: Jon Loeliger <jdl@netgate.com>
Type: fix
Fixes:
edca1325cf296bd0f5ff422fc12de2ce7a7bad88
Change-Id: Ic0a29e6cf6fe812a4895ec11bedcca86c62e590b
Dastin Wilski [Wed, 30 Mar 2022 12:19:00 +0000 (14:19 +0200)]
dpdk: bump to DPDK v22.03
This patch bumps dpdk version from 21.11 to 22.03.
Type: feature
Signed-off-by: Dastin Wilski <dastin.wilski@gmail.com>
Change-Id: I152a7857378371d3fd26d7473421c2b3113cd3ee
Dastin Wilski [Wed, 30 Mar 2022 12:15:56 +0000 (14:15 +0200)]
dpdk: macros changes for dpdk 22.03
New dpdk version deprecates some macros used by VPP.
This patch changes them to 22.03 version.
Type: improvement
Signed-off-by: Dastin Wilski <dastin.wilski@gmail.com>
Change-Id: Ic362ed318dc1ad88bb682ef13fbd6159171fbaef
Dastin Wilski [Wed, 30 Mar 2022 12:06:44 +0000 (14:06 +0200)]
dpdk: compatibility layer for dpdk 22.03 bump
New version of dpdk changes some macros names.
This patch ensures VPP will be compatible with older dpdk versions.
Type: improvement
Signed-off-by: Dastin Wilski <dastin.wilski@gmail.com>
Change-Id: I3d9736278e70064610a1dcad5f2d2f6eb26e0d4b
Damjan Marion [Sun, 13 Feb 2022 19:08:30 +0000 (20:08 +0100)]
dpdk: fix max frame size
Type: fix
Change-Id: I70f9ec2eb6c9c1494a4ecd56e06898f6162a0e0e
Signed-off-by: Damjan Marion <damarion@cisco.com>
Filip Varga [Thu, 31 Mar 2022 14:12:44 +0000 (16:12 +0200)]
nat: nat44 cli bug fix
Two similar CLI paths "nat44" and "nat44 add interface address"
caused unexpected behavior. If "nat44 add interface address"
command would fail the vlib cli processing function would
call "nat44" handler. This would also clean any previously
set errors from the first command and basically return
same error returned by "nat44" handler for every failed
command that starts with the same path string.
Fixes nat44-ed and nat44-ei plugin.
Change-Id: I1aac85c8ae2932da582a2b78243521d1bf8a0653
Ticket: VPP-2021
Type: fix
Signed-off-by: Filip Varga <fivarga@cisco.com>
Damjan Marion [Tue, 5 Apr 2022 10:40:31 +0000 (12:40 +0200)]
vppinfra: refactor address sanitizer
Type: refactor
Change-Id: I5ca142ec1557d5b5c3806b43553ad9d3b5ea1112
Signed-off-by: Damjan Marion <damarion@cisco.com>