Radu Nicolau [Tue, 29 May 2018 10:42:33 +0000 (11:42 +0100)]
 
ipsec: fix IKEv2 crash when rsa cert is used for authentication
Cause: EVP_MD_CTX object used but not initialized.
Change-Id: I390b2acf580f16415685563fa52e56717efc7be7
Signed-off-by: Radu Nicolau <[email protected]>
Matus Fabian [Mon, 28 May 2018 11:09:52 +0000 (04:09 -0700)]
 
NAT44: code cleanup and refactor (VPP-1285)
Change-Id: I088163f10ae5515d7a9115781cc13ef563fafed5
Signed-off-by: Matus Fabian <[email protected]>
Damjan Marion [Mon, 28 May 2018 14:22:14 +0000 (16:22 +0200)]
 
Change optimizaton level from tree-vectorize to O3
Change-Id: Ia1b49d7fd5f32d9a5139df5df636b46264003a63
Signed-off-by: Damjan Marion <[email protected]>
Andrey "Zed" Zaikin [Fri, 25 May 2018 15:09:58 +0000 (18:09 +0300)]
 
add missing lb_put_writer_lock() to lb_vip_add() invalid args cases
Change-Id: I9343672c5765a5a4cb56c99fa5de176ddcac62c7
Signed-off-by: Andrey "Zed" Zaikin <[email protected]>
Pierre Pfister [Mon, 28 May 2018 11:56:04 +0000 (13:56 +0200)]
 
Fix flowhash size computation for very large hash tables
Change-Id: Ieae4ff6429fc5bdcf0e243db40ab7ec00c30730a
Signed-off-by: Pierre Pfister <[email protected]>
Andrew Yourtchenko [Sat, 26 May 2018 18:43:00 +0000 (20:43 +0200)]
 
acl-plugin: move to per-frame buffer pointer calculations and enqueue to next nodes
Use the new frame-at-once functions vlib_get_buffers() and vlib_buffer_enqueue_to_next()
to calculate the buffer pointers and to dispatch the packets after the processing.
This simplifies the dataplane node processing loop.
Change-Id: I454308f847aac76a199f8dd7490c1e176414bde7
Signed-off-by: Andrew Yourtchenko <[email protected]>
Sachin Saxena [Mon, 28 May 2018 04:15:12 +0000 (09:45 +0530)]
 
VPP-1284: Fix for TLS corruption on ARM platforms
 - The issue is appearing on ARM platofrms where DPDK drivers are also using
   __thread TLS vairables.
 - The issue was only appearing with dpdk as plgin to VPP and not if used
   as statically link with VPP.
 - Using traditional TLS scheme resolved the issue.
Change-Id: Ifb4c667fdd217c2b1d79be8a541a2c983222d95a
Signed-off-by: Sachin Saxena <[email protected]>
Sachin Saxena [Mon, 28 May 2018 09:24:47 +0000 (14:54 +0530)]
 
dpdk: set dmamap iova address value according to eal_iova_mode
 - Fix the issue where eal iova mode is Virtual Address (RTE_IOVA_VA) but
   setting DMA iova address to Physical address value always.
Change-Id: Ib1e9c1596d95885c7eff11723338121627203e61
Signed-off-by: Sachin Saxena <[email protected]>
Mohsin Kazmi [Thu, 17 May 2018 13:42:27 +0000 (15:42 +0200)]
 
af-packet: Add support for logging
Change-Id: I4cc6a20b69cce2aa52768a27c5d455eb098224c8
Signed-off-by: Mohsin Kazmi <[email protected]>
Mohsin Kazmi [Wed, 25 Apr 2018 13:58:05 +0000 (15:58 +0200)]
 
itf: Fix admin up down for AF_PACKET and vhost-user
Change-Id: I84327197d59c72d0d046dd2cb4071bf74af6fc28
Signed-off-by: Mohsin Kazmi <[email protected]>
John Lo [Tue, 22 May 2018 07:35:06 +0000 (03:35 -0400)]
 
Fix IP neighbor/arp pool full and static entry handling
Move handling of IP neighbor pool full into main thread on entry
creation and make sure static entriesare not deleted for reuse.
Fix IPv6 neighbor handling on interface down and up so that static
entries are not deleted.
Change-Id: I073794949a41a5b86201e519ebe479febfc506c8
Signed-off-by: John Lo <[email protected]>
Marek Gradzki [Fri, 25 May 2018 13:50:05 +0000 (15:50 +0200)]
 
proxy_arp: remove unused is_add
Change-Id: I1773d962b373693a737d39c0c97e8c53eb91545a
Signed-off-by: Marek Gradzki <[email protected]>
Damjan Marion [Sat, 26 May 2018 16:53:34 +0000 (18:53 +0200)]
 
ip4-input node rework
Gain is around 6 clocks per packet (22 to 16).
Change-Id: Ia6f4293ea9062368a9a6b235c650591dbc0707d0
Signed-off-by: Damjan Marion <[email protected]>
Sirshak Das [Fri, 18 May 2018 18:14:52 +0000 (13:14 -0500)]
 
Fixes make test errors with clang compiler on aarch64
(VAPI_*BIN).d targets didnt have fake.api.vapi.h* as dependencies
this causes the compilation to proceed before the python script
generates the header files.
Explicit linking of stdc++ is required for clang as errors like
undefined reference to 'new operator' pop up.
Change-Id: I3ca0ef048f392c4a032160ce0e4f7ae759f4c79d
Signed-off-by: Sirshak Das <[email protected]>
Reviewed-by: Brian Brooks <[email protected]>
Reviewed-by: Honnappa Nagarahalli <[email protected]>
Damjan Marion [Fri, 25 May 2018 22:50:39 +0000 (00:50 +0200)]
 
bond-input performance optimization
Old code ~25 clocks/packet, new ~10.
Change-Id: I202cd6cbafb1ab2296939634d674f7ffd28253fc
Signed-off-by: Damjan Marion <[email protected]>
Andrew Yourtchenko [Sat, 26 May 2018 17:02:34 +0000 (19:02 +0200)]
 
acl-plugin: use clib_bihash_search_inline_2_40_8 rather than clib_bihash_search_40_8 for session lookups
Use inline version rather than calling the function, this gives slightly better performance.
The straighforward diff uncovered an interesting problem: the stateful ACL IPv4 unit tests would fail
for the "make test" but succeed in "make test-debug". Also, they would succeed even in "make test",
if before calling the clib_bihash_search_inline_2_40_8 we would change the code
to store the key in a temporary variable.
Debugging revealed that the generated optimized code is not what one would expect:
the zeroing of the u64s overlaying the memcpy into ipv4 value of ip46_address_t
made the optimizer not notice the latter, and think that those fields should be
always zero in the bihash, thus generating incorrect assembly for the bihash key
comparison for the ipv4 nodes.
Changing the zeroing to be non-overlapping by zeroing only the pad fields resulted
in the optimizer generating the correct code and the tests pass.
Change-Id: Ib0f55cef2b5fe70c931d17ca4dc32a5755d160cd
Signed-off-by: Andrew Yourtchenko <[email protected]>
Dave Barach [Sat, 26 May 2018 14:48:55 +0000 (10:48 -0400)]
 
VPP-1294: add missing feature arc constraint
the ip4-dhcp-client-detect feature MUST run prior to nat44-out2in, or
inbound dhcp broadcast packets will be dropped. Certain dhcp servers
answer lease renewal dhcp-request packets with broadcast dhcp-acks, leading
to unrecoverable lease loss.
In detail, this constraint:
VNET_FEATURE_INIT (ip4_snat_out2in, static) = {
  .arc_name = "ip4-unicast",
  .node_name = "nat44-out2in",
  .runs_after = VNET_FEATURES ("acl-plugin-in-ip4-fa"),
};
doesn't get the job done:
ip4-unicast:
  [17] nat44-out2in
  [23] ip4-dhcp-client-detect
  [26] ip4-not-enabled
Add a proper constraint:
VNET_FEATURE_INIT (ip4_snat_out2in, static) = {
  .arc_name = "ip4-unicast",
  .node_name = "nat44-out2in",
  .runs_after = VNET_FEATURES ("acl-plugin-in-ip4-fa",
                               "ip4-dhcp-client-detect"),
};
and the interface feature order is OK, at least in this regard:
ip4-unicast:
  [17] ip4-dhcp-client-detect
  [18] nat44-out2in
  [26] ip4-not-enabled
We need to carefully audit (especially) the ip4-unicast feature arc,
which has [gasp] 37 features on it!
Change-Id: I5e749ead7ab2a25d80839a331de6261e112977ad
Signed-off-by: Dave Barach <[email protected]>
John Lo [Sat, 26 May 2018 01:10:23 +0000 (21:10 -0400)]
 
Fix interface-rx-dpo-l2 node to setup l2_len in vnet buffer
Change-Id: Ic1fab1f3aba92bbdbfd281459562d1f9697ab465
Signed-off-by: John Lo <[email protected]>
Zhiyong Yang [Thu, 24 May 2018 09:24:29 +0000 (05:24 -0400)]
 
dpdk: enable RX for no-multi-seg
The option no-multi-seg doesn't take effect for RX since MTU
which is too large is passed to DPDK lib, Which causes PMDs
are running XXX_scattered_rx function. The patch fixes the issue.
Change-Id: I91a6fb23fd118e872c8a52a6c35c36a86cb2c02b
Signed-off-by: Zhiyong Yang <[email protected]>
Florin Coras [Thu, 24 May 2018 04:01:30 +0000 (21:01 -0700)]
 
tcp: loss recovery improvements/fixes
- fix newreno cwnd computation
- reset snd_una_max on entering recovery
- accept acks beyond snd_nxt but less than snd_congestion when in
recovery
- avoid entering fast recovery multiple times when using sacks
- avoid as much as possible sending small segments when doing fast
retransmit
- more event logging
Change-Id: I19dd151d7704e39d4eae06de3a26f5e124875366
Signed-off-by: Florin Coras <[email protected]>
Andrew Yourtchenko [Thu, 24 May 2018 14:53:27 +0000 (16:53 +0200)]
 
acl-plugin: create forward and return sessions in lieu of making a special per-packet session key
Using a separate session key has proven to be tricky for the following reasons:
- it's a lot of storage to have what looks to be nearly identical to 5tuple,
just maybe with some fields swapped
- shuffling the fields from 5tuple adds to memory pressure
- the fact that the fields do not coincide with the packet memory
  means for any staged processing we need to use up a lot of memory
Thus, just add two entries into the bihash table pointing to
the same session entry, so we could match the packets from either
direction.
With this we have the key layout of L3 info (which takes up
the majority of space for IPv6 case) the same as in the packet,
thus, opening up the possibility for other optimizations.
Not having to create and store a separate session key
should also give us a small performance win in itself.
Also, add the routine to show the session bihash in a better
way than a bunch of numbers.
Alas, the memory usage in the bihash obviously doubles.
Change-Id: I8fd2ed4714ad7fc447c4fa224d209bc0b736b371
Signed-off-by: Andrew Yourtchenko <[email protected]>
Dave Barach [Fri, 25 May 2018 21:36:05 +0000 (17:36 -0400)]
 
Add interface rx pcap tracing
Should cost at most 1 clock per frame when not enabled.
Add "pcap rx trace..." debug CLI, refactored "pcap tx trace" debug CLI
to avoid duplicating code.
Change-Id: I19ac75d1cf94a6a24c98facbf0753381d37963ea
Signed-off-by: Dave Barach <[email protected]>
Juraj Sloboda [Tue, 15 May 2018 09:43:56 +0000 (11:43 +0200)]
 
Fix possible null pointer dereference
Replace clib_warning with vlib_log_warn
Change-Id: I6d0b8d97048b75f4418609264af0c14e19fad79b
Signed-off-by: Juraj Sloboda <[email protected]>
Florin Coras [Thu, 24 May 2018 03:44:12 +0000 (20:44 -0700)]
 
tcp: handle acks in close wait
Thanks to Ning Li <
[email protected]> for reporting.
Change-Id: I758bc6760ec5a9ec688172bc162a1873f96ab4f3
Signed-off-by: Florin Coras <[email protected]>
Jakub Grajciar [Tue, 22 May 2018 08:21:57 +0000 (10:21 +0200)]
 
memif: Add support for logging
Change-Id: I0fe60a639c7589dc842d85db092c81c1a7441cb7
Signed-off-by: Jakub Grajciar <[email protected]>
Steven [Fri, 11 May 2018 18:06:23 +0000 (11:06 -0700)]
 
bond: performance harvesting
- hash is great. But it is a bit too slow for the DP. Use direct array indexing
to quickly retrieve the slave interface.
- the algorithm used by flow hash is great. But it is a bit too slow for the DP.
Use l2_hash_hash() extracted from lb_hash.h which ECMP is using. It makes use
of intrinsic crc32 instruction set.
- shortcut modulo arithmetic when the operand is 2**x (where x up to 4) to
avoid division instruction.
- special case for link count == 1 in bond_tx_fn()
- use clib_mem_unaligned to access data for the packet to avoid alignment error
- Fix some typos for packet tracing.
Change-Id: I8eae3ad497061c5473aa675ba894ee0211120d25
Signed-off-by: Steven <[email protected]>
Neale Ranns [Tue, 22 May 2018 15:40:52 +0000 (08:40 -0700)]
 
ARP proxy dumps
Change-Id: I8335ebf266becf2f42bb3f28a17dfed8d9b08f97
Signed-off-by: Neale Ranns <[email protected]>
Bin Huang [Thu, 24 May 2018 08:43:19 +0000 (16:43 +0800)]
 
Fix VPP DPDK build failure with Mellanox NIC on aarch64
This compile issue was first reported by Sirshak Das in following thread:
https://lists.fd.io/g/vpp-dev/message/8384
The issue was caused by auto-config shell script auto-config-h.sh regard
quotation mark "" as $CROSS prefix for $CC when CROSS is empty.
Change-Id: Ied535c6d18c4dffacbddabc3ad2087dffe19438d
Signed-off-by: Bin Huang <[email protected]>
Damjan Marion [Wed, 23 May 2018 18:21:51 +0000 (20:21 +0200)]
 
Vectorized bihash_{48,40,24,16}_8 key compare
bihash_48_8 case:
Scalar code: 6 clocks
SSE4.2 code: 3 clocks
AVX2 code: 2.27 clocks
AVX512 code: 1.5 clocks
Change-Id: I40700175835a1e7321276e47eadbf9771d3c5a68
Signed-off-by: Damjan Marion <[email protected]>
Ole Troan [Thu, 24 May 2018 11:21:43 +0000 (13:21 +0200)]
 
VPP-1277: IPIP - Copy TOS/TC from inner packet to outer.
Add support for either copying TOS/TC from inner packet to outer,
or set to fixed value.
Change-Id: I716a95f875349acec94317b266c8cf9f2f81a785
Signed-off-by: Ole Troan <[email protected]>
Dave Barach [Thu, 24 May 2018 21:32:00 +0000 (17:32 -0400)]
 
VPP-1286: close the fd after mmap-ing svm segments
Broken for years. Duh.
Change-Id: Ie5fb8e802f143aacd3301c45b136b24a8d4f6d74
Signed-off-by: Dave Barach <[email protected]>
Damjan Marion [Tue, 15 May 2018 17:51:38 +0000 (19:51 +0200)]
 
Rewrite of l2-output node
Change-Id: I8cbd1eac80ae4aeb173d02786e9ccf3b4877304d
Signed-off-by: Damjan Marion <[email protected]>
Klement Sekera [Wed, 23 May 2018 18:22:20 +0000 (20:22 +0200)]
 
make test: VPP-1288 fix from sw_if_index values
Change-Id: I80297e78d93d8cf0d347863e4d2fdb12ea9294ac
Signed-off-by: Klement Sekera <[email protected]>
Ole Troan [Wed, 23 May 2018 09:21:42 +0000 (11:21 +0200)]
 
VPP-1283: IPv6 PMTU missing MTU value in ICMP6 message.
Fix GRE/IPv6 setting of ip->payload_length (which has never worked).
Change-Id: Ie68f1cc7bbb70489d6ec97356132c783f2345e1e
Signed-off-by: Ole Troan <[email protected]>
Ole Troan [Fri, 18 May 2018 09:01:31 +0000 (11:01 +0200)]
 
VPP-1283: IPv4 PMTU missing MTU value in ICMP4 message.
Change-Id: I7a4133c59ff45b0744b48e246a049d9f015026fc
Signed-off-by: Ole Troan <[email protected]>
Ole Troan [Tue, 24 Apr 2018 04:02:37 +0000 (00:02 -0400)]
 
VPPAPIGEN: Add union and enum support and IP4/IP6 address type.
Note: The Python, Java and C/C++ bindings must be updated before ip/ip_types.api can be used.
ip_types.api:
typedef ip4_address {
  u8 address[4];
};
typedef ip6_address {
  u8 address[16];
};
enum address_family {
  ADDRESS_IP4 = 0,
  ADDRESS_IP6,
};
union address_union {
  vl_api_ip4_address_t ip4;
  vl_api_ip6_address_t ip6;
};
typedef address {
  vl_api_address_family_t af;
  vl_api_address_union_t un;
};
Change-Id: I22f67092f24db5bd650a03c6f446a84cd9fd1074
Signed-off-by: Ole Troan <[email protected]>
Eyal Bari [Thu, 17 May 2018 13:26:34 +0000 (16:26 +0300)]
 
dpdk:flow add vxlan flow support
Change-Id: Ic9f98c022e32715af395c9ed618589434eb0e526
Signed-off-by: Eyal Bari <[email protected]>
Florin Coras [Tue, 22 May 2018 18:39:59 +0000 (11:39 -0700)]
 
tcp: cc improvements and fixes
Change-Id: I6615bb612bcc3f795b5f822ea55209bb30ef35b5
Signed-off-by: Florin Coras <[email protected]>
Jakub Grajciar [Mon, 21 May 2018 10:39:03 +0000 (12:39 +0200)]
 
avf plugin: add support for logging
Change-Id: Ic8c5b527395fc99f1e1a72e51f8d41c9b4f415df
Signed-off-by: Jakub Grajciar <[email protected]>
Andrew Yourtchenko [Fri, 18 May 2018 16:48:00 +0000 (18:48 +0200)]
 
acl-plugin: refactor to introduce multiarch dataplane functions
This commit splits the functions from fa_node.c
into the pure dataplane node functions (which are multiarch-compiled),
session management node functions (which are compiled only once),
and session find/add/delete functions which are split out into the inlines.
As part of the refactoring:
- get rid of BV() macros in the affected chunk of code,
  rather use the explicit bihash function names.
- add the magic trailer to the new files to
  ensure make checkstyle watches them.
- move the bihash_template.c include for 40_8 bihash into acl.c
Change-Id: I4d781e9ec4307ea84e92af93c09470ea2bd0c375
Signed-off-by: Andrew Yourtchenko <[email protected]>
Damjan Marion [Tue, 22 May 2018 12:07:47 +0000 (14:07 +0200)]
 
vppinfra: add clib_count_equal_uXX and clib_memset_uXX functions
Change-Id: I56782652d8ef10304900cc293cfc0502689d800e
Signed-off-by: Damjan Marion <[email protected]>
Radu Nicolau [Mon, 12 Mar 2018 13:52:41 +0000 (13:52 +0000)]
 
CSIT-928 dpdk/ipsec: performance improvement
Replace hash with a vector to improve performance.
Plus other minor performance improvements.
Change-Id: I3f0ebd909782ce3727f6360ce5ff5ddd131f8574
Signed-off-by: Radu Nicolau <[email protected]>
Florin Coras [Thu, 17 May 2018 20:28:34 +0000 (13:28 -0700)]
 
tcp: unlock link-local adjacencies on connection cleanup
Change-Id: I37705fb572045f42be4c2dabbd8460c8f8872167
Signed-off-by: Florin Coras <[email protected]>
Eyal Bari [Wed, 16 May 2018 08:30:23 +0000 (11:30 +0300)]
 
dpdk:enable flow director perfect mode
when flows are enabled on the device
Change-Id: I971764988d5a9e7078468f627205b3fa60736263
Signed-off-by: Eyal Bari <[email protected]>
Damjan Marion [Fri, 18 May 2018 22:04:23 +0000 (00:04 +0200)]
 
vector functions cleanup and improvements
Remove functions which have native C equivalent (i.e. _is_equal can be
replaced with ==, _add with +)
Add SSE4.2, AVX-512 implementations of splat, load_unaligned, store_unaligned,
is_all_zero, is_equal, is_all_equal
Change-Id: Ie80b0e482e7a76248ad79399c2576468532354cd
Signed-off-by: Damjan Marion <[email protected]>
Igor Mikhailov (imichail) [Sat, 19 May 2018 03:08:26 +0000 (20:08 -0700)]
 
MLX DPDK glue: exclude dependency on OFED libraries
MLX DPDK mlx5_glue.so, compiled under RTE_LIBRTE_MLX5_DLOPEN_DEPS,
provides a run-time check for OFED libraries.
To do so, it links with -libverbs -lmlx5 so that the binding could
occur or fail at runtime (see DPDK 
59b91be and VPP 
59b91be).
However RPM install fails on systems without OFED installed since
RPM spec has an entry "Requires: libmlx5".
To overcome this, exclude such requirement from the spec.
Same applies to mlx4_glue.so, compiled under RTE_LIBRTE_MLX4_DLOPEN_DEPS
Change-Id: I0ff6efc49581104743cc7e5b1f7cdbc1665ce9ba
Signed-off-by: Igor Mikhailov (imichail) <[email protected]>
Mohsin Kazmi [Fri, 18 May 2018 14:27:26 +0000 (16:27 +0200)]
 
log: Validate the size of vec in vlib_log
Change-Id: I6d1218c17ee055275596b9a49767f15994aa1b2b
Signed-off-by: Mohsin Kazmi <[email protected]>
Damjan Marion [Sat, 19 May 2018 08:27:10 +0000 (10:27 +0200)]
 
Disable vector code in vlib_buffer_enqueue_to_next if no msb mask function
This fixes ARM64 build where we dont have defined u16x8_msb_mask(...)
Change-Id: I864f5134a0d951601810c800f587d173b3b7ef41
Signed-off-by: Damjan Marion <[email protected]>
Florin Coras [Fri, 18 May 2018 07:41:55 +0000 (00:41 -0700)]
 
tcp_echo: support multiple connections
Change-Id: I6d8e1351e088728f7363550a0fc117256cae2841
Signed-off-by: Florin Coras <[email protected]>
Neale Ranns [Fri, 18 May 2018 09:27:10 +0000 (02:27 -0700)]
 
IP unnumbered dump
Change-Id: I4f245fd225bcc563fafee2696cd039477d661c57
Signed-off-by: Neale Ranns <[email protected]>
Damjan Marion [Thu, 17 May 2018 19:12:13 +0000 (21:12 +0200)]
 
Add vlib_buffer_enqueue_to_next inline function
Change-Id: I1042c0fe179b57a00ce99c8d62cb1bdbe24d9184
Signed-off-by: Damjan Marion <[email protected]>
Neale Ranns [Thu, 17 May 2018 13:34:24 +0000 (06:34 -0700)]
 
IP table bind allowed only if table exists
Change-Id: If01400e3434b25b2da36ba28ceb8444b216d0e38
Signed-off-by: Neale Ranns <[email protected]>
Jon Loeliger [Thu, 17 May 2018 20:55:00 +0000 (15:55 -0500)]
 
ARP: Ensure STATIC and DYANMIC ARP flags are mutually exclusive.
Change-Id: I44278dea2ee1daa147b0928bfe26e861907a209f
Signed-off-by: Jon Loeliger <[email protected]>
Neale Ranns [Thu, 17 May 2018 16:38:13 +0000 (09:38 -0700)]
 
IP address dump - don't send subnets for unnumbered interfaces
Change-Id: I8c64a0d2f757d96ffa7fd042c23b0d814217c215
Signed-off-by: Neale Ranns <[email protected]>
Dave Wallace [Thu, 17 May 2018 16:06:27 +0000 (12:06 -0400)]
 
18.01.2 Release Notes
Change-Id: I17ba98b48409d907081a0fd8d7db35adf45192ef
Signed-off-by: Dave Wallace <[email protected]>
Florin Coras [Thu, 17 May 2018 02:28:24 +0000 (19:28 -0700)]
 
session: add session process node
Add a session process node that handles main thread tx and retransmit in
order to avoid having a polling input node.
Change-Id: I3357e987c023a84b533b32793e37ab4204420f64
Signed-off-by: Florin Coras <[email protected]>
Mohsin Kazmi [Thu, 17 May 2018 15:21:39 +0000 (17:21 +0200)]
 
tap: remove the local vlib_log_info definition
Change-Id: Idff55a19d27fed0d57e222f38d2e16c5367911cb
Signed-off-by: Mohsin Kazmi <[email protected]>
Hongjun Ni [Tue, 6 Feb 2018 15:00:22 +0000 (23:00 +0800)]
 
Rework kube-proxy into LB plugin
Add support of NAT66
Change-Id: Ie6aa79078a3835f989829b9a597c448dfd2f9ea3
Signed-off-by: Hongjun Ni <[email protected]>
Damjan Marion [Thu, 17 May 2018 10:44:00 +0000 (12:44 +0200)]
 
Add buffer pointer-to-index and index-to-pointer array functions
Change-Id: Ib3fcc3ceb7f315389bcdecbb7d9632540a5dd6ba
Signed-off-by: Damjan Marion <[email protected]>
Mohsin Kazmi [Thu, 17 May 2018 14:47:08 +0000 (16:47 +0200)]
 
vlib: Fix WARN-ING macro in function
Change-Id: I238106c2afc46904fb0eb17164f30dbd1378892e
Signed-off-by: Mohsin Kazmi <[email protected]>
Matthew Smith [Tue, 15 May 2018 20:51:30 +0000 (15:51 -0500)]
 
Fix failure during enable/disable of features
vnet_feature_enable_disable_with_index() checks the
return status of vnet_config_{add,del}_feature().
If the config string heap index returned is the same
index that was in use prior to the add/delete, it is
concluded that a failure occurred and processing of
the feature stops.
Sometimes the config index that is returned
can legitimately be the same index that was in used
before the add/delete. The old list of features can
have its heap entry deallocated before a new entry for
the new list is allocated. The heap entry for the new
list can be the entry that was deallocated while
deleting the old one.
Make vnet_config_{add,del}_feature() return ~0 on
failure. Look for that return value as an indication
that an error occurred in
vnet_enable_disable_feature_by_index().
Change-Id: I88bb3ff88a76971c1b5e5ece74784ce8ba78373c
Signed-off-by: Matthew Smith <[email protected]>
Marco Varlese [Thu, 17 May 2018 13:46:13 +0000 (15:46 +0200)]
 
Allow openSUSE tumbleweed
Change-Id: I2ab7f5d2a30620b12bd345d6102a3d381ee5d5ec
Signed-off-by: Marco Varlese <[email protected]>
Juraj Sloboda [Thu, 17 May 2018 10:05:27 +0000 (12:05 +0200)]
 
Fixes in IPv6 RD control plane
Add default route to the VRF table in which the interface is bound.
Add missing pool_put.
Change-Id: Id76c7dbfbf9bcf18357f372f3eee9b931df1995e
Signed-off-by: Juraj Sloboda <[email protected]>
Eyal Bari [Wed, 16 May 2018 09:15:32 +0000 (12:15 +0300)]
 
flow:redirect to node
Change-Id: I4b6577b496c56f27f07dd0066fcfdfd0cebb6f1a
Signed-off-by: Eyal Bari <[email protected]>
Matus Fabian [Mon, 14 May 2018 13:20:28 +0000 (06:20 -0700)]
 
NAT44: nat44_del_session and nat44_user_session_details API update (VPP-1271)
Change-Id: I484d79000c1bbd87ff83847cf567bf3414a719d3
Signed-off-by: Matus Fabian <[email protected]>
Florin Coras [Thu, 26 Apr 2018 15:26:52 +0000 (08:26 -0700)]
 
tcp: handle link-local addresses
Change-Id: I9ede6bc861350c7d9e78fa4d96cd584c2816d06f
Signed-off-by: Florin Coras <[email protected]>
Dave Barach [Wed, 16 May 2018 15:34:35 +0000 (11:34 -0400)]
 
Packet generator: preserve pcap file timestamps
Set vnet_buffer2(b0)->pg_replay_timestamp, for use when desired.
Fix a memory leak in pg_stream_free(...), which wasn't freeing the
replay packet templates.
Change-Id: I01822a9e91a52de4774d2b95cf0c2ee254a915e9
Signed-off-by: Dave Barach <[email protected]>
Rui Cai [Thu, 26 Apr 2018 23:15:57 +0000 (23:15 +0000)]
 
dpdk: fix rte_eth_dev_set_mtu callsites to use same mtu value
During dpdk_lib_init, it calculates MRU and MTU and later calls
rte_eth_dev_set_mtu with calculated MTU value. However, dpdk_device_setup
calls rte_eth_dev_set_mtu with hi->max_packet_bytes, which is set to be
MRU value in dpdk_lib_init earlier.
Most of the time, MRU != MTU in dpdk_lib_init and it looks like
hi->max_packet_bytes is treated as MTU in other parts of vpp codebase.
Therefore, dpdk_lib_init should be consistent and use MTU instead of MRU
for hi->max_packet_bytes.
Change-Id: I23ff2a6cd45d6bc819b6f64d5f0fc0490b8a44de
Signed-off-by: Rui Cai <[email protected]>
Matthew Smith [Wed, 16 May 2018 03:03:05 +0000 (22:03 -0500)]
 
Drop IPsec packets when interface is down
Packets arriving on an IPsec tunnel interface
are decrypted and forwarded even if the
interface is down.
Check interface flags. If the interface is down,
cause packet to be dropped and increment the
counters for drops.
Change-Id: I94456bda3bd8eade0f3f522ad7cc341251174e6e
Signed-off-by: Matthew Smith <[email protected]>
Klement Sekera [Wed, 16 May 2018 08:52:54 +0000 (10:52 +0200)]
 
make test: unify packet checksum verifications
Change-Id: If9cc7c5e32ebecff398fd38b39e8f485754a4ad4
Signed-off-by: Klement Sekera <[email protected]>
Sachin Saxena [Thu, 10 May 2018 10:52:09 +0000 (16:22 +0530)]
 
Fix broken compilation for non-numa aware platforms
 - The dpdk plugin always looks for libnuma library during compilation.
   For non-numa aware platforms compilation breaks, if third party
   libnuma lib is not available.
 - Issue is more severe with Cross Compilation scenario where one has to
   download and cross compile libnuma-dev package even when target platofrom
   is NUMA disabled.
   Like when cross compiling for ARM platforms, Linaro tool-chain doesn't have
   libnuma by default.
Change-Id: Ib85b3188b787c23ba33b47e3f6123c74fd37190e
Signed-off-by: Sachin Saxena <[email protected]>
Florin Coras [Wed, 16 May 2018 16:28:02 +0000 (09:28 -0700)]
 
echo client: used fixed pool for preallocated sessions
Change-Id: I9e2cf74ebe3e8750fa8d03930d2d72f4cae453c2
Signed-off-by: Florin Coras <[email protected]>
Dave Barach [Tue, 15 May 2018 14:26:41 +0000 (10:26 -0400)]
 
Update ipfix documentation
Change-Id: Ie942efab86d24a953fe34754e3d50df54b560dc0
Signed-off-by: Dave Barach <[email protected]>
Neale Ranns [Mon, 14 Aug 2017 17:35:44 +0000 (10:35 -0700)]
 
No overlapping sub-nets on any interface in the same table/VRF (VPP-943)
DBGvpp# set int ip addr loop0 10.10.10.10/24
DBGvpp# set int ip addr loop0 10.10.10.11/24
set interface ip address: failed to add 10.10.10.11/24 which conflicts with 10.10.10.10/24 for interface loop0
Change-Id: Iba63ffafbd36b6146ce86adb78139da9d55b40ba
Signed-off-by: Neale Ranns <[email protected]>
Neale Ranns [Mon, 14 May 2018 12:16:46 +0000 (05:16 -0700)]
 
VOM: nat-binding populate handle errors
Change-Id: I8f41c659c6f50efd679a56878c6fdcf426ac9410
Signed-off-by: Neale Ranns <[email protected]>
Florin Coras [Mon, 14 May 2018 08:44:01 +0000 (01:44 -0700)]
 
proxy: fix active open connection cleanup
Thanks to DucTM for spotting the issue.
Change-Id: I7985560f224c99cf0fdeea0c8457a3ac6f10b03c
Signed-off-by: Florin Coras <[email protected]>
Mohsin Kazmi [Fri, 11 May 2018 13:49:49 +0000 (15:49 +0200)]
 
vom: fix interface admin up/down
Change-Id: I7b9d28a940e0d7c4a4acda3f4048261c67bf49ff
Signed-off-by: Mohsin Kazmi <[email protected]>
Juraj Sloboda [Thu, 3 May 2018 08:03:50 +0000 (10:03 +0200)]
 
Rework CP and DP communication in IPv6 RD (VPP-1256)
Replace binary API communication between CP and DP with
direct communication using function calls and callbacks.
Change-Id: Ib54f09062217c028e5ee0e96ae2449cf7e9224e3
Signed-off-by: Juraj Sloboda <[email protected]>
Matus Fabian [Fri, 11 May 2018 05:48:53 +0000 (22:48 -0700)]
 
NAT44: delete closed TCP session (VPP-1274)
Change-Id: Id25b447bddccb7b321123e4abc4134e7261a0807
Signed-off-by: Matus Fabian <[email protected]>
Dave Barach [Sun, 13 May 2018 12:50:25 +0000 (08:50 -0400)]
 
Improve ipfix template packet rewrite construction
Instead of repeatedly cutting, pasting, and hacking to create a new
callback, use vnet_flow_rewrite_generic_callback(). Add three
arguments to the flow rewrite callback:
(in) pointer to an array of report elements,
(in) length of array,
(out) pointer to the stream index
Change existing code prototypes. Code owners encouraged to evaluate
whether they can use the generic callback or not, at leisure.
/* ipfix field definitions for a particular report */
typedef struct
{
  u32 info_element;
  u32 size;
} ipfix_report_element_t;
Best generated like so:
_(sourceIPv4Address, 4)                         \
_(destinationIPv4Address, 4)                    \
_(sourceTransportPort, 2)                       \
_(destinationTransportPort, 2)                  \
_(protocolIdentifier, 1)                        \
_(flowStartMicroseconds, 8)                     \
_(flowEndMicroseconds, 8)
static ipfix_report_element_t simple_report_elements[] = {
  foreach_simple_report_ipfix_element
};
  ...
  /* Set up the ipfix report */
  memset (&a, 0, sizeof (a));
  a.is_add = 1 /* to enable the report */ ;
  a.domain_id = 1 /* pick a domain ID */ ;
  a.src_port = UDP_DST_PORT_ipfix /* src port for reports */ ;
  a.rewrite_callback = vnet_flow_rewrite_generic_callback;
  a.report_elements = simple_report_elements;
  a.n_report_elements = ARRAY_LEN (simple_report_elements);
  a.stream_indexp = &jim->stream_index;
  a.flow_data_callback = simple_flow_data_callback;
  /* Create the report */
  rv = vnet_flow_report_add_del (frm, &a, &template_id);
  if (rv)
    return rv;
  ...
Change-Id: If6131e6821d3a37a29269c0d58040cdf18ff05e4
Signed-off-by: Dave Barach <[email protected]>
Florin Coras [Fri, 11 May 2018 16:20:12 +0000 (09:20 -0700)]
 
session: improve app verbose format function
Change-Id: Idae4ecb60351f2e74bad2f2a33c073de8412fcb0
Signed-off-by: Florin Coras <[email protected]>
Florin Coras [Thu, 10 May 2018 20:20:47 +0000 (13:20 -0700)]
 
session: alloc one frame per output node dispatch
Change-Id: I1f7877af61f3726cfb7b93ce7893f6df23e866a6
Signed-off-by: Florin Coras <[email protected]>
Rui Cai [Fri, 11 May 2018 22:13:58 +0000 (22:13 +0000)]
 
dpdk: Add constants for failsafe PMD
Adding name, enum constants and formatting code
for failsafe PMD.
This is part of initial effort to enable vpp running over
dpdk on failsafe PMD in Microsoft Azure(2/4).
Change-Id: I4eb0093db9f666e2635f7ddff451e3c9064bd0c4
Signed-off-by: Rui Cai <[email protected]>
Rui Cai [Fri, 11 May 2018 21:52:22 +0000 (21:52 +0000)]
 
dpdk: Add build related keywords for failsafe PMD
Added build related keywords for TAP, FAILSAFE PMD
and also added some missing keywords for mlx4 PMD
This is part of initial effort to enable vpp running over
dpdk on failsafe PMD in Microsoft Azure (1/4).
Change-Id: I2aebf209fbc6db030185f41971b51a593a003a3a
Signed-off-by: Rui Cai <[email protected]>
Steve Shin [Thu, 10 May 2018 21:14:52 +0000 (14:14 -0700)]
 
dpdk: fix Unknown interface with Mellanox NIC
When port_type_from_speed_capa() is called before the port link update isn't completed,
xd->port_type becomes VNET_DPDK_PORT_TYPE_UNKNOWN. This happens with Mellanox NIC
without lsc interrupt. Calling rte_eth_link_get before getting dev_info will ensure
the link state is up-to-date.
Change-Id: I83a59654778eb4bf0c65a4a4e225a326227b9641
Signed-off-by: Steve Shin <[email protected]>
John Lo [Sat, 28 Apr 2018 05:19:24 +0000 (01:19 -0400)]
 
Periodic scan and probe of IP neighbors to maintain neighbor pools
Scan IPv4 and IPv6 neigbor pool entries once a minute to keep them
up to date. The neighbor of an entry is probed if its time-stamp
is older than 1 minute. If the neighbor respond, its time-stamp
will be updated. If there is no response from a neighbor, its
entry will be deleted when the time-stamp of the entry become more
than 4 minutes old. Static neighbor entries are not probed nor
deleted.
Implemented CLI and API to enable and disable priodic scan of IPv4,
IPv6 or both types of IP neighbors. CLI is "ip scan-neighbor" and
API is "ip_scan_neighbor_enable_disable". Other IP neighbor scan
parameters can also be changed from their defaults via the CLI/API.
Change-Id: Id1a0a934ace15d03db845aa698bcbb9cdabebfcd
Signed-off-by: John Lo <[email protected]>
Klement Sekera [Fri, 11 May 2018 09:06:09 +0000 (11:06 +0200)]
 
make test: reorganize ipsec_ah test code
Change-Id: Ie0eb0127affd3d771d19bb7c60e79c31858d82cd
Signed-off-by: Klement Sekera <[email protected]>
Klement Sekera [Fri, 11 May 2018 10:59:05 +0000 (12:59 +0200)]
 
VPP-1275 Fix memory leaks in IPsec CLI
Change-Id: I1f7c634328f25b33580a215af2daeb498cd3b181
Signed-off-by: Klement Sekera <[email protected]>
Dave Barach [Wed, 9 May 2018 17:25:09 +0000 (13:25 -0400)]
 
Add ipfix exporter coding guide
Change-Id: Iaa28f96d613d6fb75bd29958d757de206448eb22
Signed-off-by: Dave Barach <[email protected]>
Damjan Marion [Thu, 10 May 2018 18:26:36 +0000 (20:26 +0200)]
 
Fix issue with xconnect not working on the main interface
Due to union, l2 sub-interface bits were wrongly set
causing sporadic misconfiguration of l2 mode on some
interfaces.
Change-Id: Id77ee281e3a0030878641a786c22ffe16ce1c759
Signed-off-by: Damjan Marion <[email protected]>
Dave Barach [Thu, 10 May 2018 20:44:27 +0000 (16:44 -0400)]
 
Remove the historical memfd api segment bootstrap
Clean up default and vpp_api_test custom private api segment allocator
ring configurations.
Change-Id: I145b6d64ba0a6315b5ccb07909c8256eeb772146
Signed-off-by: Dave Barach <[email protected]>
Damjan Marion [Thu, 10 May 2018 11:40:44 +0000 (13:40 +0200)]
 
vppinfra: use count_trailing_zeros in sparse_vec_index
It is much cheaper to use ctzll than to do shift,subtract and mask
in likely case when we are looking for 1st set bit in the uword.
Change-Id: I31954081571978878c7098bafad0c85a91755fa2
Signed-off-by: Damjan Marion <[email protected]>
Matus Fabian [Wed, 9 May 2018 11:51:03 +0000 (04:51 -0700)]
 
NAT44: sessions counters per user fix (VPP-1270)
Change-Id: I6306b81e0e1c3e1c591f929a76bb265c1c1d0859
Signed-off-by: Matus Fabian <[email protected]>
Damjan Marion [Fri, 16 Mar 2018 00:25:27 +0000 (01:25 +0100)]
 
vnet: device flow offload infra
Change-Id: Ibea4a96bdec5e368301a03d8b11a0712fa0265e0
Signed-off-by: Damjan Marion <[email protected]>
Florin Coras [Thu, 10 May 2018 00:33:00 +0000 (17:33 -0700)]
 
session: fix proxy app multithreading
Change-Id: Ic5304749935f69018eb00183bb4670bb9f16273c
Signed-off-by: Florin Coras <[email protected]>
Szymon Sliwa [Wed, 9 May 2018 12:28:08 +0000 (14:28 +0200)]
 
Change the way IP header pointer is calculated in esp_decrypt nodes
The pointer to IP header was derived from l3_hdr_offset,
which would be ok, if l3_hdr_offset was valid. But it does not
have to be, so it was a bad solution. Now the previous nodes
mark whether it is a IPv6 or IPv4 packet tyle, and in esp_decrypt
we count get ip header pointer by substracting the size
of the ip header from the pointer to esp header (which lies
in front of the ip header).
Change-Id: I6d425b90931053711e8ce9126811b77ae6002a16
Signed-off-by: Szymon Sliwa <[email protected]>
Matthew Smith [Mon, 7 May 2018 12:52:12 +0000 (07:52 -0500)]
 
DHCP4 client process replies when renewing lease
When a DHCP client is in the bound state, it wakes up
halfway through it's lease (by default) to try and renew
the lease. The ip4-dhcp-client-detect is not enabled as
a feature at this point, so replies sent from the DHCP
server do not get applied to the lease. Eventually the
lease expires, the address is removed from the interface,
a new discovery is performed and the same address is added
back to the interface.
Before sending a request to renew in the bound state, enable
the feature to process the reply.
Change-Id: I95332ee0596f47df6f3c8bf8e3f0698dde9a1fc5
Signed-off-by: Matthew Smith <[email protected]>
Damjan Marion [Thu, 10 May 2018 01:04:08 +0000 (03:04 +0200)]
 
vppinfra: use popcnt instruction when available
Change-Id: Id02d613b8613a2d448840fe2d6a5e3b168a3c563
Signed-off-by: Damjan Marion <[email protected]>
Florin Coras [Wed, 9 May 2018 18:34:25 +0000 (11:34 -0700)]
 
tcp: fix jumbo retransmits
Change-Id: I1c8a14d4d51aa730f0edcf491e3c4725e2d8bd66
Signed-off-by: Florin Coras <[email protected]>
Eyal Bari [Thu, 10 May 2018 06:12:42 +0000 (09:12 +0300)]
 
dpdk:fix tx count
Change-Id: I921465ea64b59d42674cc8f19069ed04e3b25026
Signed-off-by: Eyal Bari <[email protected]>