Florin Coras [Thu, 17 Aug 2017 22:57:20 +0000 (15:57 -0700)]
 
gpe: fix sub-interface hash lookup
Change-Id: Ice6b3818ee24c7c248bf61e4d6c1ef2a85cb8fb1
Signed-off-by: Florin Coras <[email protected]>
(cherry picked from commit 
af8c8e5d9596b4bb1dc6edc5c3675de5304f6456)
John Lo [Fri, 18 Aug 2017 23:17:52 +0000 (19:17 -0400)]
 
Increase L2FIB MAC learn limit from 1M to 8M entries
Change-Id: I04589d3613653c402e6628202598972c2fa59d24
Signed-off-by: John Lo <[email protected]>
Marco Varlese [Mon, 14 Aug 2017 14:07:00 +0000 (16:07 +0200)]
 
Previous version was still downloading, unpacking and building IPSEC / AES
libraries.
This patch addresses the misbehaviour.
Change-Id: I41f1ece3ca21c5a8f2c95533ed3d77a535233ea6
Signed-off-by: Marco Varlese <[email protected]>
Sergio Gonzalez Monroy [Mon, 14 Aug 2017 08:26:44 +0000 (09:26 +0100)]
 
dpdk: force libdir for isa-l crypto library
Depending on the OS, the default libdir might change.
RHEL/Ubuntu:
libdir={exec_prefix}/lib
OpenSUSE:
libdir={exec_prefix}/lib64
Change-Id: I5f1672e5815ad821e6ac5fff95de5232ab735b67
Signed-off-by: Sergio Gonzalez Monroy <[email protected]>
Damjan Marion [Tue, 11 Jul 2017 15:13:37 +0000 (17:13 +0200)]
 
dpdk: prefetch 2nd cacheline of rte_mbuf during tx
Change-Id: I0db02dd0147dbd47d4296fdb84280d0e7d321f3c
Signed-off-by: Damjan Marion <[email protected]>
Sergio Gonzalez Monroy [Mon, 14 Aug 2017 08:46:19 +0000 (09:46 +0100)]
 
dpdk: cleanup unused build option *_uses_dpdk_cryptodev_sw
Change-Id: I62939592bd3cb151e02c55a3f1ee6e7d1ce469cb
Signed-off-by: Sergio Gonzalez Monroy <[email protected]>
Sergio Gonzalez Monroy [Wed, 19 Jul 2017 15:22:28 +0000 (16:22 +0100)]
 
dpdk: only build SW crypto for x86_64 platforms
Change-Id: If559747ad59c82c81d15734f27e15548eca0962b
Signed-off-by: Sergio Gonzalez Monroy <[email protected]>
Thomas F Herbert [Tue, 1 Aug 2017 16:46:41 +0000 (12:46 -0400)]
 
Fix nasm deps for Fedora.
Fedora 24 and 25 distro already includes nasm 2.12 but Centos does not as yet.
Change-Id: I060ea8b7b7892ac8444d850398ed1c9100631fbc
Signed-off-by: Thomas F Herbert <[email protected]>
Marco Varlese [Wed, 2 Aug 2017 12:16:31 +0000 (14:16 +0200)]
 
Added NASM package to support SW crypto
Change-Id: Idd6614b80e456eb40c760024b563ffd0e5c313ec
Signed-off-by: Marco Varlese <[email protected]>
Sergio Gonzalez Monroy [Tue, 6 Jun 2017 14:29:16 +0000 (15:29 +0100)]
 
dpdk: update build
Current optional DPDK PMDs are:
- AESNI MB PMD (SW crypto)
- AESNI GCM PMD (SW crypto)
- MLX4 PMD
- MLX5 PMD
This change will always build DPDK SW crypto PMDs and required SW crypto
libraries, while MLX PMDs are still optional and the user has to build
required libraries.
Now the configure script detects if any of the optional DPDK PMDs were
built and link against their required libraries/dependencies.
Change-Id: I1560bebd71035d6486483f22da90042ec2ce40a1
Signed-off-by: Sergio Gonzalez Monroy <[email protected]>
Andrew Yourtchenko [Wed, 16 Aug 2017 10:06:15 +0000 (12:06 +0200)]
 
acl-plugin: time out the sessions created by main thread too (VPP-948)
In multithread setup the main thread may send packets,
which may pass through the node with permit+reflect action.
This creates the connection in lists for thread0,
however in multithread there are no interupt handlers there.
Ensure we are not spending too much time spinning in a
tight cycle by suspending the main cleaner thread
until the current iteration of interrupts is processed.
Change-Id: Idb7346737757ee9a67b5d3e549bc9ad9aab22e89
Signed-off-by: Andrew Yourtchenko <[email protected]>
Florin Coras [Thu, 10 Aug 2017 00:50:09 +0000 (17:50 -0700)]
 
Fix LISP cp buffer leakage
Change-Id: Id7e0f967cc510f0b45f043f74493854083ac67ae
Signed-off-by: Florin Coras <[email protected]>
Andrew Yourtchenko [Thu, 10 Aug 2017 14:00:20 +0000 (16:00 +0200)]
 
acl-plugin: add the debug CLI to show macip ACLs and where they are applied (VPP-936)
When looking at resource utilisation, it is useful to understand
the interactions between the acl-plugin and the rest of VPP.
MACIP ACLs till now could only be dumped via API,
which is tricky when debugging. Add the CLIs to see
the MACIP ACLs and where they are applied.
Change-Id: I3211901589e3dcff751697831c1cd0e19dcab1da
Signed-off-by: Andrew Yourtchenko <[email protected]>
Andrew Yourtchenko [Thu, 10 Aug 2017 15:02:58 +0000 (17:02 +0200)]
 
acl-plugin: match index set to first portrange element if non-first portrange matches on the same hash key (VPP-938)
Multiple portranges that land on the same hash key will always report the match
on the first portrange - even when the subsequent portranges have matched.
Test escape, so make a corresponding test case and fix the code so it passes.
Change-Id: Idbeb8a122252ead2468f5f9dbaf72cf0e8bb78f1
Signed-off-by: Andrew Yourtchenko <[email protected]>
Andrew Yourtchenko [Thu, 10 Aug 2017 12:19:58 +0000 (14:19 +0200)]
 
acl-plugin: hash lookup bitmask not cleared when ACL is unapplied from interface (VPP-935)
The logic in hash ACL bitmask update was using the vector
of ACLs applied to the interface to rebuild the hash lookup mask.
However, in transient cases (like doing group manipulation with
hash ACLs), that will not hold true. Thus, make
a local copy of for which ACL indices the hash_acl_apply
was called previously, and maintain that one local
to the hash_lookup.c file logic.
Change-Id: I30187d68febce8bba2ab6ffbb1eee13b5c96a44b
Signed-off-by: Andrew Yourtchenko <[email protected]>
Andrew Yourtchenko [Tue, 8 Aug 2017 18:10:12 +0000 (20:10 +0200)]
 
acl-plugin: avoid crash in multithreaded setup adding/deleting ACLs with traffic (VPP-910/VPP-929)
The commit fixing the VPP-910 and separating the memory operations
into separate heaps has missed setting the MHEAP_FLAG_THREAD_SAFE,
which quite obviously caused the issues in the multithread setup.
Fix that.
Also, add the debug CLIs
"set acl-plugin heap {main|hash} {validate|trace} {1|0}"
to toggle the memory instrumentation, in case we ever need it
in the future.
Change-Id: I8bd4f7978613f5ea75a030cfb90674dac34ae7bf
Signed-off-by: Andrew Yourtchenko <[email protected]>
Andrew Yourtchenko [Wed, 9 Aug 2017 09:28:02 +0000 (11:28 +0200)]
 
acl-plugin: all TCP sessions treated as transient (VPP-932)
The packet that was creating the session was not tracked,
consequently the TCP flags seen within the session record
never got the value for the session to get treated as
being in the established state.
Test-escape, so add the TCP tests which test the
three phases of the TCP session life and make them all pass.
Change-Id: Ib048bc30c809a7f03be2de7e8361c2c281270348
Signed-off-by: Andrew Yourtchenko <[email protected]>
Mohammed Hawari [Tue, 18 Jul 2017 07:25:01 +0000 (09:25 +0200)]
 
ping: fixing wrong value when there are worker threads
- the echo_reply_node is now notifying the cli process on the main thread/vlib_main
- the timestamp for the icmp reply is now acquired in the echo_reply_node and not in the cli process to avoid an off by 10ms error (see 【vpp-dev】delay is error in ping with multi worker thread)
Change-Id: I21d37002b0376b4f2ccab08d8f04c2f2944b9b39
Signed-off-by: Mohammed Hawari <[email protected]>
(cherry picked from commit 
03a6213fb5022d37ea92f974a1814db1c70bcbdf)
Andrew Yourtchenko [Tue, 8 Aug 2017 11:27:30 +0000 (13:27 +0200)]
 
acl-plugin: fix a misplaced return (VPP-910)
It was uncaught by make test because the corresponding tests are not there yet - part of 17.10 deliverables
Change-Id: I55456f1874ce5665a06ee411c7abf37cd19ed814
Signed-off-by: Andrew Yourtchenko <[email protected]>
Andrew Yourtchenko [Thu, 27 Jul 2017 13:39:50 +0000 (15:39 +0200)]
 
acl-plugin: rework the optimization 7383, fortify acl-plugin memory behavior (VPP-910)
The further prolonged testing from testbed that reported VPP-910
has uncovered a couple of deeper issues with optimization from
7384, and the usage of subscripts rather than vec_elt_at_index()
allowed to hide a couple of further errors in the code.
Also, the current acl-plugin behavior of using the global
heap for its dynamic data is problematic - it makes
the troubleshooting much harder by potentially spreading
the problem around.
Based on this experience, this commits makes a few changes to fix
the issues seen, also improving the serviceability of the acl-plugin
code for the future:
- Use separate mheaps for any ACL-related control plane
operations and separate for the hash lookup datastructures,
to compartmentalize any memory-related issues for the ACL plugin.
- Ensure vec_elt_at_index() usage throughout the hash_lookup.c file.
- Use vectors rather than raw memory for storing the "ordinary" ACL rules.
- Rework the optimization from 7384 to use a separate tail pointer
rather than overloading the "prev" field.
- Make get_session_ptr() more conservative and adjust is_valid_session_ptr
accordingly
Change-Id: Ifda85193f361de5ed3782a4acd39622bd33c5830
Signed-off-by: Andrew Yourtchenko <[email protected]>
Andrew Yourtchenko [Wed, 2 Aug 2017 10:36:07 +0000 (06:36 -0400)]
 
acl-plugin: multicore: CSIT c100k 2-core stateful ACL test does not pass (VPP-912)
Fix several threading-related issues uncovered by the CSIT scale/performance test:
- make the per-interface add/del counters per-thread
- preallocate the per-worker session pools rather than
  attempting to resize them within the datapath
- move the bihash initialization to the moment of ACL
  being applied rather than later during the connection creation
- adjust the connection cleaning logic to not require
  the signaling from workers to main thread
- make the connection lists check in the main thread robust against workers
  updating the list heads at the same time
- add more information to "show acl-plugin sessions" to aid in debugging
Change-Id: If82ef715e4993614df11db5e9afa7fa6b522d9bc
Signed-off-by: Andrew Yourtchenko <[email protected]>
Damjan Marion [Thu, 27 Jul 2017 08:07:50 +0000 (04:07 -0400)]
 
Fix interface reuse when running multithreaded
Node function pointer was not set on all node runtimes causing crash if
new interface is different type.
Change-Id: I4661fe883befc6cd3fc6dfc14fd44f6fa5faf27c
Signed-off-by: Damjan Marion <[email protected]>
(cherry picked from commit 
c418e4ac7cf36bd64f3130c258d5f1897c245f2b)
Jan Gelety [Fri, 28 Jul 2017 07:02:20 +0000 (09:02 +0200)]
 
Use CSIT release branch for verify job
Change-Id: If68d9cda27941305fe5186c034028684b6079380
Signed-off-by: Jan Gelety <[email protected]>
Steven [Fri, 21 Jul 2017 23:38:41 +0000 (16:38 -0700)]
 
vhost: debug vhost-user command needs better error checking on the syntax (VPP-916)
The syntax for debug vhost-user is
debug vhost-user <on | off>
However, currently the code does not reject the invalid command such as below
debug vhost-user
debug vhost-user on blah
debug vhost-user off blah
The fix is to enforece the correct syntax and reject the command when invalid
option is entered.
Change-Id: I1a04ae8ddb6dd299aa6d15b043362964e685ddde
Signed-off-by: Steven <[email protected]>
Andrew Yourtchenko [Wed, 19 Jul 2017 17:23:59 +0000 (13:23 -0400)]
 
acl-plugin: assertion failed at hash_lookup.c:226 when modifying ACLs applied as part of many (VPP-910)
change 7385 has added the code which has the first ACE's "prev" entry within the linked list of
shadowed ACEs pointing to the last ACE, in order to avoid the frequent linear list traversal.
That change was not complete and did not update this "prev" entry whenever the last ACE was deleted.
As a result the changes within the applied ACLs which caused the calls to hash_acl_unapply/hash_acl_apply
may result in hitting assert which does the sanity check. The solution is to add the missing update logic.
Change-Id: I9cbe9a7c68b92fa3a22a8efd11b679667d38f186
Signed-off-by: Andrew Yourtchenko <[email protected]>
Neale Ranns [Wed, 19 Jul 2017 15:01:10 +0000 (08:01 -0700)]
 
17.07 Release Note
Change-Id: Iffbfffac1c508b000451e9f0e0b688d80785f7f5
Signed-off-by: Neale Ranns <[email protected]>
Neale Ranns [Thu, 6 Jul 2017 08:39:05 +0000 (01:39 -0700)]
 
DHCP complete event sends mask length
Change-Id: I4a529dfab5d0ce6b0bbc0ccbbd89c6b109dbf917
Signed-off-by: Neale Ranns <[email protected]>
Eyal Bari [Tue, 11 Jul 2017 11:24:37 +0000 (14:24 +0300)]
 
L2INPUT:fix features mask cailculation
Change-Id: I84cea7530b01302a0adeef95b4924f54dc2e41ec
Signed-off-by: Eyal Bari <[email protected]>
(cherry picked from commit 
8af1b2fdecc883eadfec6b91434adc6044e24cb2)
John Lo [Wed, 12 Jul 2017 23:56:45 +0000 (19:56 -0400)]
 
Fix crash with worker threads on 4K VXLAN/BD setup (VPP-907)
Cleanup mapping of interface output node for the l2-output node
when interface is configured to L2 or L3 modes. The mapping is
now always done in the main thread as part of API/CLI processing,
instead of initiate mapping in the forwarding path which can be
in the worker threads.
Change-Id: Ia789493e7d9f5c76d68edfaf34db43f3e3f53506
Signed-off-by: John Lo <[email protected]>
Damjan Marion [Tue, 11 Jul 2017 10:05:06 +0000 (12:05 +0200)]
 
memif: avoid double buffer free
Change-Id: I902f54618c4e1f649af11497c1cb10922e43755a
Signed-off-by: Damjan Marion <[email protected]>
Damjan Marion [Wed, 5 Jul 2017 16:13:10 +0000 (18:13 +0200)]
 
memif: mask interrupts on startup if we are in the polling mode
Change-Id: Ief02eb1109a1bc463665d9747e9fa4e0c0e3d7e0
Signed-off-by: Damjan Marion <[email protected]>
Damjan Marion [Mon, 10 Jul 2017 13:38:21 +0000 (15:38 +0200)]
 
vlib: fix issues with PCI handling code
- PCI devices not properly discovered
- vlib_pci_bus_master_enable () not working
Change-Id: I7433ab1b19b890b8900635b43037b9a2017a1921
Signed-off-by: Damjan Marion <[email protected]>
Damjan Marion [Wed, 5 Jul 2017 00:04:36 +0000 (02:04 +0200)]
 
dpdk: add FiftyGigabitEtherenet interface support
Change-Id: Ied8b26179cdf4add34440a9c396cb821716cfb8e
Signed-off-by: Damjan Marion <[email protected]>
Damjan Marion [Wed, 5 Jul 2017 16:15:08 +0000 (18:15 +0200)]
 
vppinfra: revert clib_memcpy optimization
Looks like some compiler versions are producing wrong code when we are
copying 9-16 bytes so reverting back to the original code.
Change-Id: I74b5fa54a3b01f6288648f1cb0926030edd3b26f
Signed-off-by: Damjan Marion <[email protected]>
Igor Mikhailov (imichail) [Tue, 4 Jul 2017 00:01:50 +0000 (17:01 -0700)]
 
VPP-895 multi-thread: fix vpp crash on show runtime
In multi-threaded model (e.g. 1 main and 1 worker threads),
after an ethernet interface is deleted (e.g. vhost-user interface),
'show runtime' command produces garbled output and sometimes
leads to vpp crash.
The reason is because vlib_node_rename() frees and reallocates node's
'n->name' vector, however the change is not propagated into copies
of the node on worker threads.
Change-Id: Ibf22422913b7f2df22f70f3b2fe8dafd34c1dd06
Signed-off-by: Igor Mikhailov (imichail) <[email protected]>
Ed Warnicke [Mon, 10 Jul 2017 19:03:12 +0000 (19:03 +0000)]
 
Fix vppctl error messages to handle lack off permissions
Change-Id: Ia35edcb14eb8d786065ee4ab394f4f1aa52e1625
Signed-off-by: Ed Warnicke <[email protected]>
Steve Shin [Fri, 7 Jul 2017 21:57:46 +0000 (14:57 -0700)]
 
lldp packet transmission on a bonded interface
LLDP packets are dropped at interface output node if each slave's link
is configured as the LLDP interface. The admin state is configured and
managed by the bonded interface, so slave link's state is down by default.
The checking for the admin state UP should be ignored for the slave link.
Change-Id: I06ca250f42fcb8cc50e0ea3a3817a2c5b56865df
Signed-off-by: Steve Shin <[email protected]>
(cherry picked from commit 
042a621b90c9f521b546cbbf724bb908e36f3b25)
Alexander Kotov [Mon, 10 Jul 2017 15:23:31 +0000 (18:23 +0300)]
 
VPP-904: fixes zero length CLI parameters parse
Change-Id: I21fbc9aff2b97a8b3f4cbed202c00b6d84557a6e
Signed-off-by: Alexander Kotov <[email protected]>
(cherry picked from commit 
28160f38488743b8cee0a7bd62b432a9dd8f4bfd)
Chris Luke [Sun, 9 Jul 2017 18:30:25 +0000 (14:30 -0400)]
 
format: Check for NaN when rendering doubles
- The result of 0.0/0.0 was being rendered as a lot of
  zeroes in the integer portion, as in this example:
  DBGvpp# show physmem
  0: 16 objects, 576k of 582k used, 3k free, 0 reclaimed, 2k overhead,
  16380k capacity
       alloc. from small object cache: 0 hits 0 attempts (0.00%) replacements 0
       alloc. from free-list: 0 attempts, 0 hits (0.00%), 0 considered (per-attempt 0.00)
       alloc. from vector-expand: 16
       allocs: 16 73643.06 clocks/call
       frees: 0 000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000.00 clocks/call
- Add two macros to vppinfra/math.h that use compiler builtins to check
  for NaN and Infinity and then use them in format_float().
Change-Id: Iccc03997e6e33d6b888d1e7e20cd78df0cfd02e8
Signed-off-by: Chris Luke <[email protected]>
(cherry picked from commit 
bb18ee6f1c7c172d30cb0c98153499af571777ee)
Klement Sekera [Wed, 28 Jun 2017 11:35:30 +0000 (13:35 +0200)]
 
LLDP: properly parse lldp cmds from startup config
Change-Id: I0e6c86bd923fcf7cf16f948b9869a5927e6d3745
Signed-off-by: Klement Sekera <[email protected]>
(cherry picked from commit 
3d62a7f0b9a4b967ad53f5990729acca932f90b4)
Steve Shin [Sat, 1 Jul 2017 04:16:20 +0000 (04:16 +0000)]
 
Add API support for LLDP config/interface set
Add API methods to configure LLDP and set interface to enable/disable.
Also add port description TLV for LLDP.
Change-Id: Ib959d488c2ab8a0069f143558871f41fcc43a5d3
Signed-off-by: Steve Shin <[email protected]>
(cherry picked from commit 
99a0e60eb6f6acd7eabd5a4cb7ded1e0419ccd54)
Jan Gelety [Fri, 7 Jul 2017 08:22:27 +0000 (10:22 +0200)]
 
Update CSIT tests 170622 -> 170706
- update of CSIT operational branch to be used for VPP-patch test
Change-Id: I6bd86ea60f323b524f2de1a2236f1af48184a99f
Signed-off-by: Jan Gelety <[email protected]>
John Lo [Mon, 26 Jun 2017 05:40:20 +0000 (01:40 -0400)]
 
Send GARP/NA on bonded intf slave up/down if in active-backup mode
If a bonded interface is in active-backup mode and configured with
IPv4 and/or IPv6 addresses, on slave interface link up/down, send
a GARP packet if configured with an IPv4 address and an unsolcited
NA if configured with an IPv6 address. These packets can help with
faster route convergence in the next hop router/switch.
Change-Id: I68ccb11a4a40cda414704fa08ee0171c952befa2
Signed-off-by: John Lo <[email protected]>
(cherry picked from commit 
8b81cb43359380e50d3fc216d93ff05894149939)
Ole Troan [Thu, 6 Jul 2017 12:25:38 +0000 (14:25 +0200)]
 
VPP-902: LISP-CP: Wrong size in one_l2_arp_entries_get message.
Change-Id: I56bf6b46527f9465d78ed7c08b6e216e50c135ec
Signed-off-by: Ole Troan <[email protected]>
Ed Warnicke [Thu, 6 Jul 2017 14:43:17 +0000 (07:43 -0700)]
 
Remove autosudo from pythonic vppctl
Change-Id: Iaea91a95d58678b8b3c56f3fceab76817e0f63ff
Signed-off-by: Ed Warnicke <[email protected]>
Chris Luke [Wed, 5 Jul 2017 16:57:10 +0000 (12:57 -0400)]
 
Buffer name inconsistently used a cstring/vec (VPP-901)
Spotted in the output of CLI command "show buffers", the name field
sometimes had trailing garbage, the hall sign of a string not being
terminated. In this case it was being inconsistently used as a cstring
or a vec.
- CLI printf needs %v to print the vec srring
- vlib_buffer_create_free_list_helper tried to use
  clib_mem_is_heap_object() to detect a vec object, wheras it should
  use clib_mem_is_vec()
Change-Id: Ib8b242a0c5a18924b8af7e8e1432784eebcf572c
Signed-off-by: Chris Luke <[email protected]>
Billy McFall [Wed, 5 Jul 2017 13:33:30 +0000 (09:33 -0400)]
 
VPP-900: VPP is released under the Apache 2.0 License (ASL 2.0). Update RPM specfile to reflect the proper license.
Change-Id: I9e8d1643ea65afd91a0cd5ad9545248575e32617
Signed-off-by: Billy McFall <[email protected]>
Klement Sekera [Fri, 9 Jun 2017 04:06:49 +0000 (06:06 +0200)]
 
Refactor API message handling code
This is preparation for new C API. Moving common stuff to separate
headers reduces dependency issues.
Change-Id: Ie7adb23398de72448e5eba6c1c1da4e1bc678725
Signed-off-by: Klement Sekera <[email protected]>
(cherry picked from commit 
58eb866b15a45514dc356170f28640d6c9db8034)
Andrew Yourtchenko [Mon, 3 Jul 2017 14:25:37 +0000 (16:25 +0200)]
 
acl-plugin: fix acl plugin test failing sporadically (VPP-898)
The "acl_plugin" tests has one of the tests sporadically fail with the following traceback:
r.reply.decode().rstrip('\x00') UnicodeDecodeError: 'ascii' codec can't decode byte
0xd8 in position 20666: ordinal not in range(128)
This occurs in the newly added "show acl-plugin table" debug CLI.
This CLI has only the numeric outputs, so the conclusion is that it is
the incorrect termination (trailing zero) that might be most probably
causing it. The other acl-plugins show commands also
lack the zero-termination termination, so fix all of them.
The particularity of this command vs. the other acl-plugin debug CLIs
is that the accumulator is freed and allocated multiple times,
this might explain the issue is not seen with them.
Change-Id: I87b5c0d6152fbebcae9c7d0ce97155c1ae6666db
Signed-off-by: Andrew Yourtchenko <[email protected]>
Matus Fabian [Mon, 3 Jul 2017 08:21:38 +0000 (01:21 -0700)]
 
SNAT: fix failing test_session_limit_per_user (VPP-896)
Change-Id: Idf46a03803125babd9bb880363686359fbcca27d
Signed-off-by: Matus Fabian <[email protected]>
Andrew Yourtchenko [Mon, 3 Jul 2017 10:32:44 +0000 (12:32 +0200)]
 
acl-plugin: VPP-897: applying of large number of ACEs is slow
When applying ACEs, in the new hash-based scheme, for each ACE
the lookup in the hash table is done, and either that ACE is added
to the end of the existing list if there is a match,
or a new list is created if there is no match.
Usually ACEs do not overlap, so this operation is fast, however,
the fragment-permit entries in case of a large number of ACLs
create a huge list which needs to be traversed for every other
ACE being added, slowing down the process dramatically.
The solution is to add an explicit flag to denote the first
element of the chain, and use the "prev" index of that
element to point to the tail element. The "next" field
of the last element is still ~0 and if we touch that
one, we do the linear search to find the first one,
but that is a relatively infrequent operation.
Change-Id: I352a3becd7854cf39aae65f0950afad7d18a70aa
Signed-off-by: Andrew Yourtchenko <[email protected]>
Steven [Fri, 30 Jun 2017 14:15:02 +0000 (07:15 -0700)]
 
devices: show interface rx-placement displays the wrong information (VPP-894)
show interface rx-placement somtimes displays the wrong interface names.
This happens when there exists subinterfaces in VPP.
The problem is due to the function show_interface_rx_placement_fn is calling
format_vnet_sw_if_index_name with hw_if_index instead of sw_if_index.
VPP has the concept of sw_if_index and hw_if_index. Each serves a different
purpose. When there is no subinterfaces, both hw_if_index and sw_if_index
may happen to have the same value.But don't count on it. When the API calls
for sw_if_index, we must pass the sw_if_index although the hw_if_index has
the same type which the compiler does not catch. Passing hw_if_index for an
API which requires sw_if_index may have an unpredictable result such as
described in the VPP-894 and sometimes it may even crash if the particular
index does not exist.
Change-Id: I76c4834f79b88a1c20684fcba64f14b2da142d77
Signed-off-by: Steven <[email protected]>
Dave Barach [Fri, 30 Jun 2017 12:46:24 +0000 (08:46 -0400)]
 
VPP-893: handle multiple simultaneous event registrations
Change-Id: I8cd90820624987dbef848935e2de86fa66a86c17
Signed-off-by: Dave Barach <[email protected]>
Pavel Kotucek [Wed, 14 Jun 2017 11:56:55 +0000 (13:56 +0200)]
 
IP4/IP6 FIB: fix crash during interface delete
after deleting a sub interface with IP4/IP6 address vpp crash
Change-Id: Ie768ca845b9e2394f61e2a8e9722a80a788746e7
Signed-off-by: Pavel Kotucek <[email protected]>
(cherry picked from commit 
9f5a2b6310ce5c8e59c32ca6f27d8a187b0e4346)
Neale Ranns [Thu, 29 Jun 2017 07:19:08 +0000 (00:19 -0700)]
 
VPP debug image with worker threads hit assert on adding IP route with traffic (VPP-892)
When stacking DPOs the VLIB graph is also updated to add the edge between the nodes, if this edge does not yet exist. This addition should be done with the workers stopped.
Change-Id: I327e4d7d26f0b23eb280f17e4619ff2093ff7940
Signed-off-by: Neale Ranns <[email protected]>
Eyal Bari [Sun, 25 Jun 2017 11:42:33 +0000 (14:42 +0300)]
 
L2-LEARN:fix l2fib entry seq num not updated on hit (VPP-888)
fixed instability in l2bd_multi_instnce test - sometimes failing with extra
packets captured
it appears l2-learn was not updating hit entries but rather a copy of them.
if the ager did not have a chance to run before the test was running the
learning cycle - entries were not updated with the packet's seq num - causing
packets to flood when hitting the stale seq_num in l2-fwd - hence the extra
packets
fixed handling of filter entries
revert workaround for instability in test
Change-Id: I16d918e6310a5bf40bad5b7335b2140c2867cb71
Signed-off-by: Eyal Bari <[email protected]>
Ole Troan [Mon, 26 Jun 2017 16:12:37 +0000 (18:12 +0200)]
 
VPP-889: MAP Stats API/CLI crashes when no domains.
Change-Id: Ib7824bfc08cb3c8f20258379e1a1f2c159c4f687
Signed-off-by: Ole Troan <[email protected]>
Hongjun Ni [Fri, 23 Jun 2017 09:38:49 +0000 (17:38 +0800)]
 
Add Maintainers for Vxlan-gpe feature
Change-Id: I3f42e9bbd816a6e2192cc65eeb10a4681cf9e29a
Signed-off-by: Hongjun Ni <[email protected]>
(cherry picked from commit 
fcfa38d68007418d9460533d248adf34aca88ec1)
Hongjun Ni [Thu, 22 Jun 2017 16:18:40 +0000 (00:18 +0800)]
 
VPP crash on creating vxlan gpe interface. VPP-875
Change-Id: I6b19634ecb03860a7624d9408e09b52e95f47aef
Signed-off-by: Hongjun Ni <[email protected]>
(cherry picked from commit 
04ffd0ad83b2d87edb669a9d76eee85f5c589564)
Neale Ranns [Thu, 22 Jun 2017 19:04:27 +0000 (12:04 -0700)]
 
17.07 change default branch in gitreview
Change-Id: I7d0a27c4d103dd11561ac7ae4d59592ba77ab899
Signed-off-by: Neale Ranns <[email protected]>
Florin Coras [Wed, 21 Jun 2017 23:27:01 +0000 (16:27 -0700)]
 
Update lisp map record default ttl to 24h
Change-Id: Ib8c72f8e08e89357b64f2f69ab70d60d3a7ec506
Signed-off-by: Florin Coras <[email protected]>
Florin Coras [Mon, 19 Jun 2017 16:26:09 +0000 (12:26 -0400)]
 
Improve svm fifo and tcp tx path performance (VPP-846)
- multiarch on svm fifo
- avoid ip lookup on tx
Change-Id: Iab0d85204a710979417bca1d692cc47877131203
Signed-off-by: Florin Coras <[email protected]>
Signed-off-by: Dave Barach <[email protected]>
Hongjun Ni [Tue, 20 Jun 2017 15:09:32 +0000 (23:09 +0800)]
 
Export and Install GTP-U API file
Change-Id: I064d22277a0334c63f3d5072b1584b93e327b331
Signed-off-by: Hongjun Ni <[email protected]>
Andrew Yourtchenko [Thu, 22 Jun 2017 12:51:06 +0000 (14:51 +0200)]
 
acl-plugin: clean up the code enabling/disabling acl-plugin processing on interface
Multiple subsequent calls to vnet_feature_enable_disable() to enable the feature
cause the feature to be inserted into the processing graph multiple times in a row.
This might be argued to be a bug in that function, but enabling already enabled feature
is suboptimal anyway, so avoid that. The existing tests already catch this issue whenever
the ASSERT() part of this patch was added.
Change-Id: Ia2c06f7dc87bbe05795c2c7b7d19ea06270ce150
Signed-off-by: Andrew Yourtchenko <[email protected]>
Jan Gelety [Thu, 22 Jun 2017 06:06:53 +0000 (08:06 +0200)]
 
Update CSIT tests 170612 -> 170622
- update of CSIT operational branch to be used for VPP-patch test
Change-Id: I5645ebfaa32599797e4edf83b2281270ea4a8376
Signed-off-by: Jan Gelety <[email protected]>
Matus Fabian [Thu, 22 Jun 2017 10:03:53 +0000 (03:03 -0700)]
 
NAT64: documentation
added CLI command documentation
added NAT64 user documentation page
Change-Id: I3df400013800fe16351e02db7762ee3f92b195ff
Signed-off-by: Matus Fabian <[email protected]>
Eyal Bari [Wed, 21 Jun 2017 12:32:13 +0000 (15:32 +0300)]
 
VNET:explicitly pad l2_classify
Change-Id: I77412aa8c17b45b1533604e7bfe8fe052ed0f80a
Signed-off-by: Eyal Bari <[email protected]>
Damjan Marion [Wed, 21 Jun 2017 12:29:44 +0000 (14:29 +0200)]
 
Introduce default rx mode for device drivers
If interface is down and queues are not configured then we are not able
to change rx-mode. This change introducess default mode which is stored
per interface and applied if driver wants.
Change-Id: I70149c21c1530eafc148d5e4aa03fbee53dec62f
Signed-off-by: Damjan Marion <[email protected]>
Andrew Yourtchenko [Tue, 20 Jun 2017 11:54:57 +0000 (13:54 +0200)]
 
acl-plugin: the second and subsequent ACEs incorrect endianness when custom-dump and in VAT (VPP-885)
Add the missing function to convert the entire array of rules in the respective _endian functions,
rather than just the first rule.
Change-Id: Ic057f27ff7ec20150595efca1a48b74e5850f52b
Signed-off-by: Andrew Yourtchenko <[email protected]>
Andrew Yourtchenko [Wed, 21 Jun 2017 09:24:25 +0000 (11:24 +0200)]
 
acl-plugin: CLI to clear all sessions
It is useful to have the CLI to clear the existing sessions.
There was a work-in-progress CLI but it did not work properly.
Fix it and split into a separate "clear acl-plugin sessions",
and add a unit test into the extended connection-oriented tests.
Change-Id: I55889165ebcee139841fdac88747390903a05394
Signed-off-by: Andrew Yourtchenko <[email protected]>
Andrew Yourtchenko [Wed, 21 Jun 2017 10:20:39 +0000 (12:20 +0200)]
 
acl-plugin: use ethernet_buffer_header_size() to determine the size of the ethernet header
When extracting the 5-tuple, use the ethernet_buffer_header_size() so we can correctly
handle the case of subinterfaces, etc.
Change-Id: Ied73fde98d6b313e9eeab2aff4f22daa50a6cbbf
Signed-off-by: Andrew Yourtchenko <[email protected]>
Andrew Yourtchenko [Wed, 21 Jun 2017 17:34:02 +0000 (19:34 +0200)]
 
acl-plugin: fix coverity issue 170476
Remove the unnecessary variable assignment which coverity detected.
Change-Id: I66ac20a8495400ac59192ddb72f16c95f6b4d03c
Signed-off-by: Andrew Yourtchenko <[email protected]>
Andrew Yourtchenko [Wed, 21 Jun 2017 17:26:59 +0000 (19:26 +0200)]
 
acl-plugin: fix coverity issue 166801
A typo resulted in a value being overwritten and flagged as unused, fix the typo.
Change-Id: I512ba94321afb80d12c71ebbb0eec42d9fa6f299
Signed-off-by: Andrew Yourtchenko <[email protected]>
Matus Fabian [Wed, 21 Jun 2017 13:15:18 +0000 (06:15 -0700)]
 
NAT64: custom prefix
Change-Id: If397b49861468eed29b964fa64b186f80eb0eceb
Signed-off-by: Matus Fabian <[email protected]>
Damjan Marion [Wed, 21 Jun 2017 12:54:52 +0000 (14:54 +0200)]
 
memif: minor changes in memif.h
Change-Id: Iff550fd65f6e559b9fdfbbd53ef92d287c18166c
Signed-off-by: Damjan Marion <[email protected]>
Damjan Marion [Wed, 21 Jun 2017 10:01:37 +0000 (12:01 +0200)]
 
Add option to create clib_socket with group write permissions
Also allow group write as default for CLI socket connections.
Change-Id: I6af1f277f70581358cd9241bf0f5cb0752fe250f
Signed-off-by: Damjan Marion <[email protected]>
Damjan Marion [Wed, 21 Jun 2017 09:57:07 +0000 (11:57 +0200)]
 
Add knob to specify effective group id (gid) for VPP process
Change-Id: Icf9bd4abda058fb380f1a25d5fe3917ffb38b1c4
Signed-off-by: Damjan Marion <[email protected]>
Neale Ranns [Wed, 14 Jun 2017 13:50:08 +0000 (06:50 -0700)]
 
ARP: ignore non-connected routes and non-interface sources when determing if source is connected
Change-Id: I39fb0ec44cc322eaa12c0ff0700fc405d3982bfc
Signed-off-by: Neale Ranns <[email protected]>
Andrew Yourtchenko [Tue, 20 Jun 2017 13:13:12 +0000 (15:13 +0200)]
 
acl-plugin: fix coverity error 171135
The code path which sets the sw_if_index aimed to restrict the output
did not set the flag to trigger that output.
Change-Id: I0a1a3977fdddbce9a276960df43fed745d099ca0
Signed-off-by: Andrew Yourtchenko <[email protected]>
Andrew Yourtchenko [Tue, 20 Jun 2017 12:40:44 +0000 (14:40 +0200)]
 
acl-plugin: vat: acl_interface_list_dump confusing/incorrect output in case n_input == 0
The logic to print the line " output " is wrong for the case of n_input == 0,
and the applied ACLs are printed as if they were applied on input.
One may still figure out the truth by looking at the n_input value above,
but it is confusing.
Change-Id: I7b4a4d548e569994678dd1e139eb829456548b88
Signed-off-by: Andrew Yourtchenko <[email protected]>
Eyal Bari [Tue, 6 Jun 2017 11:18:55 +0000 (14:18 +0300)]
 
L2-VTR: add vtr tests
re-enable l2 fib flush tests
reorder l2bd multi instance tests - move flags test as last
enabling of uu-flood will now flood when entry is stale
Change-Id: I052663ec3eb4acee5f296fb7525dd535924e0003
Signed-off-by: Eyal Bari <[email protected]>
Igor Mikhailov (imichail) [Fri, 16 Jun 2017 03:47:48 +0000 (20:47 -0700)]
 
vlib: make runtime_data handling thread-local
Change-Id: Ic2f2dc234199a5f882846880cbacff20fc8d477b
Signed-off-by: Igor Mikhailov (imichail) <[email protected]>
Andrew Yourtchenko [Tue, 20 Jun 2017 10:26:23 +0000 (12:26 +0200)]
 
Parenthesize the usage of the macro argument within vec_search() macro definition
Change-Id: I488d7c2b864c0e3661c8abf0363e4b97984d4974
Signed-off-by: Andrew Yourtchenko <[email protected]>
Matus Fabian [Tue, 20 Jun 2017 08:45:49 +0000 (01:45 -0700)]
 
SNAT: unknow protocol hairpinning fix
Change-Id: I15813167e7c8529f229143de4a8f64f0fb530951
Signed-off-by: Matus Fabian <[email protected]>
Ole Troan [Wed, 14 Jun 2017 11:12:33 +0000 (13:12 +0200)]
 
VPP-879 MAP: s/u32 is_add/u8 is_add in map.api
Change-Id: If35171005e409f77bed4cc16eccb66a85aae5dfb
Signed-off-by: Ole Troan <[email protected]>
Eyal Bari [Wed, 14 Jun 2017 10:11:20 +0000 (13:11 +0300)]
 
L2FWD:fix seq_num overwritten + validate l2fib entries when forwarding
l2_classify memeber table_index was overlaid over l2.l2fib_seq_num
which over written when table_index gets initialized in l2_input_classify
solved by overlaying both table_index and opaque_index as only one is used
seperated l2fib seq num from l2_input configs
for better handling of theoretical ABA issue where an entry for a deleted
interface is considered valid by the ager because a different interface with
same sw_if_index and seq_num was created before the ager got a chance to delete
Change-Id: I7b0eeded971627406f1c80834d7e02c0ebe62136
Signed-off-by: Eyal Bari <[email protected]>
Matus Fabian [Mon, 19 Jun 2017 12:28:27 +0000 (05:28 -0700)]
 
NAT64: change not supported multi threading behaviour
Disable CLI/API commands instead of error message on startup.
Change-Id: I313ed6e2ea009f573afb5e08b0e85ed1f9091dc3
Signed-off-by: Matus Fabian <[email protected]>
Damjan Marion [Fri, 16 Jun 2017 20:06:00 +0000 (22:06 +0200)]
 
memif: add ip mode
In IP mode memif interface is L3 point-to-point interfaces and
we don't pass l2 header. There is no l2 header rewrite operation and
received packets are sent straight to ip4-input / ip6-input nodes.
Change-Id: I4177f3fce3004da7ecf14d235006ae053fcf3f09
Signed-off-by: Damjan Marion <[email protected]>
Florin Coras [Sat, 10 Jun 2017 04:07:32 +0000 (21:07 -0700)]
 
Overall tcp performance improvements (VPP-846)
- limit minimum rto per connection
- cleanup sack scoreboard
- switched svm fifo out-of-order data handling from absolute offsets to
  relative offsets.
- improve cwnd handling when using sacks
- add cc event debug stats
- improved uri tcp test client/server:  bugfixes and added half-duplex mode
- expanded builtin client/server
- updated uri socket client/server code to work in half-duplex
- ensure session node unsets fifo event for empty fifo
- fix session detach
Change-Id: Ia446972340e32a65e0694ee2844355167d0c170d
Signed-off-by: Florin Coras <[email protected]>
Matus Fabian [Mon, 19 Jun 2017 11:28:04 +0000 (04:28 -0700)]
 
SNAT: NAT packet with unknown L4 protocol if match 1:1 NAT
Change-Id: Ic81c6098d615fdb6a874e532921efd833fed872c
Signed-off-by: Matus Fabian <[email protected]>
Andrew Yourtchenko [Wed, 24 May 2017 11:20:47 +0000 (13:20 +0200)]
 
acl-plugin: bihash-based ACL lookup
Add a bihash-based ACL lookup mechanism and make it a new default.
This changes the time required to lookup a 5-tuple match
from O(total_N_entries) to O(total_N_mask_types), where
"mask type" is an overall mask on the 5-tuple required
to represent an ACE.
For testing/comparison there is a temporary debug CLI
"set acl-plugin use-hash-acl-matching {0|1}", which,
when set to 0, makes the plugin use the "old" linear lookup,
and when set to 1, makes it use the hash-based lookup.
Based on the discussions on vpp-dev mailing list,
prevent assigning the ACL index to an interface,
when the ACL with that index is not defined,
also prevent deleting an ACL if that ACL is applied.
Also, for the easier debugging of the state, there are
new debug CLI commands to see the ACL plugin state at
several layers:
"show acl-plugin acl [index N]" - show a high-level
ACL representation, used for the linear lookup and
as a base for building the hashtable-based lookup.
Also shows if a given ACL is applied somewhere.
"show acl-plugin interface [sw_if_index N]" - show
which interfaces have which ACL(s) applied.
"show acl-plugin tables" - a lower-level debug command
used to see the state of all of the related data structures
at once. There are specifiers possible, which make
for a more focused and maybe augmented output:
"show acl-plugin tables acl [index N]"
show the "bitmask-ready" representations of the ACLs,
we well as the mask types and their associated indices.
"show acl-plutin tables mask"
show the derived mask types and their indices only.
"show acl-plugin tables applied [sw_if_index N]"
show the table of all of the ACEs applied for a given
sw_if_index or all interfaces.
"show acl-plugin tables hash [verbose N]"
show the 48x8 bihash used for the ACL lookup.
Change-Id: I89fff051424cb44bcb189e3cee04c1b8f76efc28
Signed-off-by: Andrew Yourtchenko <[email protected]>
Matus Fabian [Thu, 15 Jun 2017 09:28:50 +0000 (02:28 -0700)]
 
NAT64: Hairpinning (VPP-699)
Change-Id: I83a6c277fa211ac2c2ca2d603650c992886af0a7
Signed-off-by: Matus Fabian <[email protected]>
Florin Coras [Thu, 15 Jun 2017 21:33:48 +0000 (14:33 -0700)]
 
Fix map-notify processing with multiple workers
Change-Id: Id160346ebf533ee5f55bd735803624a75ed997b9
Signed-off-by: Florin Coras <[email protected]>
Steven [Thu, 15 Jun 2017 22:32:24 +0000 (15:32 -0700)]
 
memif: show memif CLI enhancement
Add optional keywords to show memif to allow display a particular
interface and option to display the descriptor tables. The new syntax for
the show memif command is now
  show memif [<interface>] [descriptors]
Change-Id: I20696bbea1142bdc152b6e351c6ece24b1cf5500
Signed-off-by: Steven <[email protected]>
Steven [Thu, 8 Jun 2017 19:52:29 +0000 (12:52 -0700)]
 
memif: jumbo frames support
Current memif interface supports frame size up to 2048. This patch is to
enhance memif to support jumbo frames.
On tx (writing buffers to the ring), keep reading the next buffer in vlib
when the flag VLIB_BUFFER_NEXT_PRESENT and merge it to the same ring entry.
Use descriptor chaining if the buffer is not big enough.
On rx (reading buffers from the ring), if the packet is greater than 2048,
create multiple vlib buffers, chained with the VLIB_BUFFER_NEXT_PRESENT.
Testing:
Because the ping command provided by VPP does not support jumbo frames,
I have to use linux ping. Here is the set up that I use for testing.
VM1 --- vhost ---- VPP1 --- memif --- VPP2 --- vhost --- VM2
Create vhost-user interfaces between VM1 and VPP1 and between VPP2 and VM2
VM configuration:
Set the interface mtu on the VM, e.g 9216 to support jumbo frames.
create static route and static arp on VM1 to VM2 and vice versa.
Use iperf3 or ping -s 8000 from VM1 to VM2 or vice versa.
Sample run
sluong@ubuntu:~$ ping 131.1.1.1 -c1 -s 8000
ping 131.1.1.1 -c1 -s 8000
PING 131.1.1.1 (131.1.1.1) 8000(8028) bytes of data.
8008 bytes from 131.1.1.1: icmp_seq=1 ttl=62 time=0.835 ms
--- 131.1.1.1 ping statistics ---
1 packets transmitted, 1 received, 0% packet loss, time 0ms
rtt min/avg/max/mdev = 0.835/0.835/0.835/0.000 ms
sluong@ubuntu:~$
DBGvpp# sh interface memif0
              Name               Idx       State          Counter          Count
memif0                            1         up       rx packets                     1
                                                     rx bytes                    8042
                                                     tx packets                     1
                                                     tx bytes                    8042
                                                     ip4                            1
DBGvpp#
Change-Id: I469bece3d45a790dceaee1d6a8e976bd018feee2
Signed-off-by: Steven <[email protected]>
Filip Tehlar [Mon, 12 Jun 2017 11:36:02 +0000 (13:36 +0200)]
 
LISP-GPE: add test CLI for NSH
Change-Id: I9999474c1a4b744f5d5880ee99a0293c576f2819
Signed-off-by: Filip Tehlar <[email protected]>
Damjan Marion [Thu, 15 Jun 2017 17:01:31 +0000 (19:01 +0200)]
 
Add missing barrier sync to rx placement infra code
Change-Id: I25ccf8260dbe7e1550aee3904a688fc135ce1f03
Signed-off-by: Damjan Marion <[email protected]>
Florin Coras [Thu, 15 Jun 2017 22:07:32 +0000 (15:07 -0700)]
 
Fix vni/dp_table endianness for gpe iface addition (VPP-882)
Change-Id: I2b78dad740b67fc05b0e2cf9c180809bc0962cd5
Signed-off-by: Florin Coras <[email protected]>
Florin Coras [Thu, 15 Jun 2017 22:44:14 +0000 (15:44 -0700)]
 
Fix gpe_native_fwd_rpaths_get (VPP-883)
Change-Id: Iab2aa5fd92b9e95049f55fce4177e236a482723c
Signed-off-by: Florin Coras <[email protected]>
Hongjun Ni [Wed, 14 Jun 2017 10:38:26 +0000 (18:38 +0800)]
 
Add maintainer for GTPU Plugin
Change-Id: Ic8cecdee7ae74a6b816e0a02985c456fd3ec8d8f
Signed-off-by: Hongjun Ni <[email protected]>