Steven [Sat, 10 Jun 2017 01:49:17 +0000 (18:49 -0700)]
 
vhost: crash under heavy traffic condition due to memory corruption (VPP-1016)
With heavy traffic, tx code path may crash due to memory corruption
Thread 5 "vpp_wk_2" received signal SIGSEGV, Segmentation fault.
[Switching to Thread 0x7fff3995c700 (LWP 2505)]
0x00007ffff73675e8 in vhost_user_if_input (vm=0x7fffb5f5bf9c,
    vum=0x7ffff7882a40 <vhost_user_main>, vui=0x7fffb65570c4, qid=0,
    node=0x7fffb6577dac, mode=VNET_HW_INTERFACE_RX_MODE_POLLING)
    at /home/sluong/vpp-master/vpp/build-data/../src/vnet/devices/virtio/vhost-user.c:1610
1610		  bi_current = (vum->cpus[thread_index].rx_buffers)
	                       [vum->cpus[thread_index].rx_buffers_len];
(gdb) p vum->cpus[thread_index].rx_buffers_len
$2 = 
793212607
(gdb)
Apparently, some code accidentally wrote the bad value in rx_buffers_len.
rx_buffers_len should never be greater than 1024 since that is how many buffers
we request each time.
After debugging many hours, I discovered that the memory corruption happens
in the tx code path right here on line 2176.
	  {
	    vhost_copy_t *cpy = &vum->cpus[thread_index].copy[copy_len];
	    copy_len++;
	    cpy->len = bytes_left;
	    cpy->len = (cpy->len > buffer_len) ? buffer_len : cpy->len;
	    cpy->dst = buffer_map_addr;
	    cpy->src = (uword) vlib_buffer_get_current (current_b0) +
	      current_b0->current_length - bytes_left;
(gdb) p cpy
$3 = (vhost_copy_t *) 0x7fffb554077c
(gdb) p copy_len
$4 = 1025
(gdb) p &vum->cpus[3].rx_buffers_len
$8 = (u32 *) 0x7fffb5540784
copy_len is picking up the index entry 1024 before it was incremented. copy array has only
1024 members (0 - 1023 are valid).
The assignment here in cpy surely causes memory corruption. It is only discovered later
when the memory location that it corrupted is used.
The condition for the crash is to transmit jumbo frames under heavy volume. Since ring
size is 1024, with one packet taking up one index for frame size (less 2048), it does
not cause overflow. With jumbo frames, it requires multiple indices for one packet,
it can cause the overflow under heavy traffic.
The fix is to do copy out when we have 1000 entries in the array to avoid
overflow.
Change-Id: Iefbc739b8e80470f1cf13123113f8331ffcd0eb2
Signed-off-by: Steven <[email protected]>
Georgina Sheehan [Thu, 12 Oct 2017 11:13:59 +0000 (12:13 +0100)]
 
plugins/dpdk: align memory to avoid potential segfault and false sharing
Made Update to src/plugins/dpdk/buffer.c
Change-Id: I87bb8f38974a7be274c1b1d205f5513e7d068e48
Signed-off-by: Georgina <[email protected]>
Brian Brooks [Fri, 22 Sep 2017 17:26:34 +0000 (12:26 -0500)]
 
Use AESNI=y only on x86_64 machines
This fixes the native build on arm64 machines.
Change-Id: I89bff01beedb4c8e26ac55fab2dd1ed39754bf26
Signed-off-by: Brian Brooks <[email protected]>
Reviewed-by: Ola Liljedahl <[email protected]>
Dave Barach [Fri, 13 Oct 2017 23:16:56 +0000 (19:16 -0400)]
 
VPP-1029: Don't call clib_longjmp(...) directly from the SIGTERM handler
It's way too easy to imagine leaving a mutex or a spin-lock held in
the /vpe-api shared-memory segment, or elsewhere. Set a volatile
variable and check it in a safe place...
Change-Id: I9d91c38cffeb921143c272162d055c9c24a6c312
Signed-off-by: Dave Barach <[email protected]>
Neale Ranns [Fri, 13 Oct 2017 09:43:33 +0000 (02:43 -0700)]
 
Enforce FIB table creation before use
last i the serise of the use of the FIB table create/delete API. VPP now forces the tables to have been explicitly creted before they are used.
Change-Id: Ifde3b1bbb76697a01ab71bce4f5264e6d1725467
Signed-off-by: Neale Ranns <[email protected]>
Steve Shin [Fri, 13 Oct 2017 20:13:02 +0000 (13:13 -0700)]
 
acl-plugin: display "::" for INADDR6_ANY on ACL output
INADDR6_ANY should be displayed as "::" instead of "0.0.0.0"(ipv4 format).
Change-Id: I24ec7b6febbfeca5db7ff894f455ecb73d954334
Signed-off-by: Steve Shin <[email protected]>
Steven [Fri, 13 Oct 2017 19:52:28 +0000 (12:52 -0700)]
 
LDPRELOAD: Add TCP_KEEPIDLE, TCP_KEEPINTVL, and SO_KEEPALIVE
Implement the subject setsockopt by passing them to VCL
Change-Id: Ida5136cb3a51d2bf30080e8c4af4239681ed2184
Signed-off-by: Steven <[email protected]>
Dave Barach [Tue, 10 Oct 2017 21:53:14 +0000 (17:53 -0400)]
 
VPP-1027: DNS name resolver
This patch is a plausible first-cut, suitable for initial testing by
vcl (host stack client library).
Main features;
- recursive name resolution
- multiple ip4/ip6 name servers
- cache size limit enforcement
  - currently limited to 65K
- ttl / aging
- static mapping support
- show / clear / debug CLI commands
Binary APIs provided for the following:
- add/delete name servers
- enable/disable the name cache
- resolve a name
To Do list:
- Respond to ip4/ip6 client DNS requests (vs. binary API requests)
- Perf / scale tuning
  - map pending transaction ids to pool indices, so the cache
    can (greatly) exceed 65K entries
- Security improvements
  - Use unpredictable dns transaction IDs, related to previous item
  - Make sure that response-packet src ip addresses match the server
- Add binary APIs
  - deliver raw response data to clients
  - control recursive name resolution
- Documentation
Change-Id: I48c373d5c05d7108ccd814d4055caf8c75ca10b7
Signed-off-by: Dave Barach <[email protected]>
Andrew Yourtchenko [Fri, 13 Oct 2017 10:15:34 +0000 (12:15 +0200)]
 
acl-plugin: split the "show" commands and add an option to show ACLs by interface
From the troubleshooting perspective, it is nice to immediately know
the ACEs for the ACLs applied to an interface, so implement that.
To make the CLI more friendly, split each of the "show" variants
into an independent _cmd function with the distinct CLI path.
Change-Id: I519e4799083c04e8f0fcdf3e262a73493be4b690
Signed-off-by: Andrew Yourtchenko <[email protected]>
Steven [Fri, 13 Oct 2017 00:10:33 +0000 (17:10 -0700)]
 
LDPRELOAD: Add ioctl, fcntl, and setsockopt support
Add support for the following system calls:
ioctl (FIONREAD)
fcntl (F_GETFL)
fcntl (F_SETFL)
setsockopt (SOL_IPV6, IPV6_V6ONLY)
setsockopt (SOL_TCP, TCP_NODELAY)
setsockopt (SOL_SOCKET, SO_REUSEADDR)
setsockopt (SOL_SOCKET, SO_BROADCAST)
This patch supersedes https://gerrit.fd.io/r/#/c/8765/
Change-Id: I5d5309d9f43d93a990b389d8cb667631de1903fe
Signed-off-by: Steven <[email protected]>
Steven [Fri, 13 Oct 2017 03:42:21 +0000 (20:42 -0700)]
 
VCL: Add SET_KEEPALIVE, SET_TCP_KEEPIDLE, and SET_TCP_KEEPINTVL
Add the subject enums to unblock LDPRELOAD. Just the enums,
no real implementation yet.
Change-Id: Ia3ec576c2779ee20956a37f0adebc06f16d1fe7f
Signed-off-by: Steven <[email protected]>
Sergio Gonzalez Monroy [Thu, 12 Oct 2017 10:43:41 +0000 (11:43 +0100)]
 
dpdk/ipsec: coverity fixes
Change-Id: Ica3bc74ffbb1c0df4e198b0abff8df10cdeb2182
Signed-off-by: Sergio Gonzalez Monroy <[email protected]>
Milan Lenco [Thu, 12 Oct 2017 12:19:31 +0000 (14:19 +0200)]
 
libmemif: Add memif_cancel_poll_event() + bug fixing.
Change-Id: I27d6bf93216f1f639f01fad730506afdc7115e46
Signed-off-by: Milan Lenco <[email protected]>
Marco Varlese [Tue, 10 Oct 2017 14:43:14 +0000 (16:43 +0200)]
 
Remove libsubunit 'dependency' for openSUSE and fix NASM
This patch addresses the unrequired dependency on libsubunit for
opensuse; it also adds the required new dependency on check (add
check-devel to the top-level Makefile).
It adds some extra logic to install the correct NASM version to support
AESNI.
Change-Id: Ie368dd8f8485a67ab125e735fd12cbe25b9b588f
Signed-off-by: Marco Varlese <[email protected]>
Steve Shin [Wed, 11 Oct 2017 20:55:16 +0000 (13:55 -0700)]
 
LLDP: Add Management Address TLV
- Management Address TLV is added as per IEEE Std 802.1AB-2009.
- Support of management ipv4/ipv6 addresses and OID.
Change-Id: I57c14741774390809ce5a829cc087947424432c7
Signed-off-by: Steve Shin <[email protected]>
Marco Varlese [Tue, 10 Oct 2017 10:23:03 +0000 (12:23 +0200)]
 
Add support for packaging SUSE RPMs.
This patch adds a new spec file for SUSE distribution and modifies the
Makefile to learn which platform is building the RPMs for.
Change-Id: Ic8ee0ddf978042cc1785ebc28bd1a6c9faf9bb74
Signed-off-by: Marco Varlese <[email protected]>
Florin Coras [Wed, 11 Oct 2017 08:43:15 +0000 (01:43 -0700)]
 
tcp: do not format sb if not established (VPP-1018)
Change-Id: I011dda118f37cb31a37dda270027612d0af57ca0
Signed-off-by: Florin Coras <[email protected]>
(cherry picked from commit 
87f141172212b7568f519653ab32ebd1b5d34344)
Steven [Wed, 11 Oct 2017 16:59:30 +0000 (09:59 -0700)]
 
VCL: Add REUSEADDR, BROADCAST, and V6ONLY to vppcom_session_attr API
1. Add the subject enum type
2. Fix a typo for the clib_warning
Change-Id: I59f6d15d51c66b96022d51592d65c41755c1582a
Signed-off-by: Steven <[email protected]>
Keith Burns (alagalah) [Mon, 9 Oct 2017 15:52:59 +0000 (08:52 -0700)]
 
Initial push of vcl-ldpreload to extras
- fix checkstyle
Change-Id: I4317757258ed6a65b8fae1377f17db39375282ac
Signed-off-by: Keith Burns (alagalah) <[email protected]>
Signed-off-by: shrinivasan ganapathy <[email protected]>
Damjan Marion [Wed, 11 Oct 2017 12:15:47 +0000 (14:15 +0200)]
 
Revert "VPP-1001 - update AF Packet Driver to for modern kernels"
Issues observed with specific kernel versions, e.g. stock Ubuntu 16.04
kernel.
This reverts commit 
3eab064e3fadaf2a6a128f167ad04ca0319b4e17.
Change-Id: I24241f3b580df749fc686af3a319011ca035fb5e
Signed-off-by: Damjan Marion <[email protected]>
Damjan Marion [Tue, 10 Oct 2017 17:01:06 +0000 (19:01 +0200)]
 
test: retry 3 times if test fails during verify
Change-Id: Ib1cb7f09c444f3667904eade935eb220f327b6fe
Signed-off-by: Damjan Marion <[email protected]>
John DeNisco [Wed, 27 Sep 2017 20:35:23 +0000 (16:35 -0400)]
 
Redhat and small system support
Initial 17.10 commit
Final 17.07 cleanup, 17.10 next
Added CentOS grub support, this should complete the CentOS support
Added Centos install/unistall
Added TCP parameters.
Change-Id: I064e3a4118969ac36e62924a6a3f8a98f132ba60
Signed-off-by: John DeNisco <[email protected]>
Signed-off-by: Dave Barach <[email protected]>
Dave Wallace [Mon, 9 Oct 2017 05:43:42 +0000 (01:43 -0400)]
 
Add VCL session get/set attributes api function.
Change-Id: I72b0c063e89bf8299699dafec2a7e0395b86c8b9
Signed-off-by: Dave Wallace <[email protected]>
Florin Coras [Mon, 2 Oct 2017 07:18:51 +0000 (00:18 -0700)]
 
session: add support for application namespacing
Applications are now provided the option to select the namespace they
are to be attached to and the scope of their attachement. Application
namespaces are meant to:
1) constrain the scope of communication through the network by
association with source interfaces and/or fib tables that provide the
source ips to be used and limit the scope of routing
2) provide a namespace local scope to session layer communication, as
opposed to the global scope provided by 1). That is, sessions can be
established without assistance from transport and network layers.
Albeit, zero/local-host ip addresses must still be provided in session
establishment messages due to existing application idiosyncrasies. This
mode of communication uses shared-memory fifos (cut-through sessions)
exclusively.
If applications request no namespace, they are assigned to the default
one, which at its turn uses the default fib. Applications can request
access to both local and global scopes for a namespace. If no scope is
specified, session layer defaults to the global one.
When a sw_if_index is provided for a namespace, zero-ip (INADDR_ANY)
binds are converted to binds to the requested interface.
Change-Id: Ia0f660bbf7eec7f89673f75b4821fc7c3d58e3d1
Signed-off-by: Florin Coras <[email protected]>
Damjan Marion [Tue, 10 Oct 2017 16:18:07 +0000 (18:18 +0200)]
 
dpdk: fix mempool size calculation
Change-Id: I5b48310c46ca8a2143b2132110240d7e9a52c25d
Signed-off-by: Damjan Marion <[email protected]>
Klement Sekera [Thu, 5 Oct 2017 08:26:03 +0000 (10:26 +0200)]
 
make test: add RETRIES option
Change-Id: Ibe31e932bc997f0101a8947e01df90a90d1f100f
Signed-off-by: Klement Sekera <[email protected]>
Matej Perina [Mon, 11 Sep 2017 08:11:51 +0000 (10:11 +0200)]
 
jvpp: adding callbacks for all messages (VPP-914)
1) In the previous version callbacks were generated based on
request-replay naming conventions. It turned out they were too
strict in case of events (e.g. BFD sends Details messages as
notifications). So now we generate callback for all messages,
allowing to receive any message as notification.(callback_gen.py)
2) "notification" suffix is no longer added because all messages
are treated same (dto_gen.py, jvpp_c_gen_.py)
3) name of property that holds notification/events changed in callback
facade and future apis
4) JVppNotification.java is no longer used since all events are treated
equally
Change-Id: I13f6438affc3473040d63cd4acb3984d03e97482
Signed-off-by: Matej <[email protected]>
Neale Ranns [Mon, 31 Jul 2017 09:30:50 +0000 (02:30 -0700)]
 
punt and drop features:
 - new IPv4 and IPv6 feature arcs on the punt and drop nodes
 - new features:
   - redirect punted traffic to an interface and nexthop
   - police punted traffic.
Change-Id: I53be8bf4e06545add8a3619e462de5ffedd0a95c
Signed-off-by: Neale Ranns <[email protected]>
Steve Shin [Mon, 9 Oct 2017 22:04:56 +0000 (15:04 -0700)]
 
dpdk: patch to support bonded interface for MLX NIC
At present, creating bonding devices using --vdev is broken for PMD like
mlx5 as it is neither UIO nor VFIO based and hence PMD driver is unknown
to find_port_id_by_pci_addr().
This DPDK patch fixes parsing PCI ID from bonding device params by verifying
it in RTE PCI bus, rather than checking dev->kdrv.
Change-Id: If575f63ef31733102566610d769ddd212d74736a
Signed-off-by: Steve Shin <[email protected]>
Marco Varlese [Tue, 10 Oct 2017 07:30:33 +0000 (09:30 +0200)]
 
openSUSE packages fix.
Adding the capability for CLANG for various opensuse distros.
Added rpm-build package to build RPMs.
Tiny edit for correct error message.
Change-Id: I96a1e009d1daa44cbf8d0df60fc24091a50688d7
Signed-off-by: Marco Varlese <[email protected]>
Ole Troan [Tue, 10 Oct 2017 06:43:35 +0000 (08:43 +0200)]
 
API versioning: Fix coverity errors from strncpy()
Change-Id: Ife87f9b00f918ff1bb8c91c6f13ebe53a3555a12
Signed-off-by: Ole Troan <[email protected]>
Eyal Bari [Sun, 8 Oct 2017 12:53:34 +0000 (15:53 +0300)]
 
TEST,L2-FIB:refactor test-removing shared state
and remove dependencies between tests
Change-Id: I6ceacfdeb65b2d3c64811309358c3bfd47b213ef
Signed-off-by: Eyal Bari <[email protected]>
Neale Ranns [Mon, 9 Oct 2017 12:26:13 +0000 (05:26 -0700)]
 
IP neighbour move incorrectly placed jump label
Change-Id: I19fdf13a4848306ee3841d822b832cba96c5bce5
Signed-off-by: Neale Ranns <[email protected]>
Dave Barach [Thu, 28 Sep 2017 19:11:16 +0000 (15:11 -0400)]
 
vppapigen: support per-file (major,minor,patch) version stamps
Add one of these statements to foo.api:
  vl_api_version 1.2.3
to generate a version tuple stanza in foo.api.h:
/****** Version tuple *****/
vl_api_version_tuple(foo, 1, 2, 3)
Change-Id: Ic514439e4677999daa8463a94f948f76b132ff15
Signed-off-by: Dave Barach <[email protected]>
Signed-off-by: Ole Troan <[email protected]>
Matus Fabian [Wed, 4 Oct 2017 15:03:56 +0000 (08:03 -0700)]
 
NAT: hairpinning rework (VPP-1003)
Change-Id: I7c6911cd6ac366fe62675fd0ff8b0246a25ea1db
Signed-off-by: Matus Fabian <[email protected]>
Matus Fabian [Thu, 5 Oct 2017 06:57:58 +0000 (23:57 -0700)]
 
NAT: fixed ICMP broken translation for GRE tunnel interface (VPP-1008)
Change-Id: Ie3245b96c511cc30915e70e8c881f445291a38c2
Signed-off-by: Matus Fabian <[email protected]>
Pierre Pfister [Thu, 5 Oct 2017 12:24:05 +0000 (14:24 +0200)]
 
fix buffer allocation for sparse jumbo frames in vhost
A bug was reported where a jumbo packet would stay in vhost
queue forever or until a large enough number of other packets
arrived in the queue too.
This is due to a bug in vhost input node buffer allocation.
The fix is to make sure that vhost always allocates at least
enough buffers for one single big packet. '40' is used to
account for 65kB frames.
Change-Id: I1d293028854165083e30cd798fab9d4140230b78
Signed-off-by: Pierre Pfister <[email protected]>
(cherry picked from commit 
67700d41169ac37d21c400949a316750eabad969)
Marco Varlese [Fri, 6 Oct 2017 13:07:08 +0000 (15:07 +0200)]
 
Allow use of /etc/os-release file
The top-level Makefile in VPP already uses the file /etc/os-release to
recognize which OS the build is being performed on.
The scripts for vagrant images instead were still using different files
for different distros and adding a new distro to be supported causes
issues with the extra-logic to deal with it.
This patch aligns the vagrant scripts to use the same approach followed
by the top-level Makefile and simplifies the steps to identify / update
the OS and build / run VPP.
Change-Id: I539f4a7c27b3fef70ed1c12b0276049bc47dc289
Signed-off-by: Marco Varlese <[email protected]>
Chris Luke [Wed, 4 Oct 2017 17:59:14 +0000 (13:59 -0400)]
 
Coverity fixes for API socket
- Coverity whines about a zero-length field not being initialized.
  Change the struct setup to an initializer which will implicitly zero
  all unused fields, and add the coverity notation that should stop
  it whining. One or both of these should shut it up!
- Fix some incorrect use of ntohl that was tainting values; in these
  cases htonl should have been used, and avoid a double-swap.
Change-Id: I00493a77eb23a0b8feb647165ee349e1e9d5cfdb
Signed-off-by: Chris Luke <[email protected]>
Dave Wallace [Tue, 3 Oct 2017 05:48:42 +0000 (01:48 -0400)]
 
VCL: add epoll_* functions.
Change-Id: Ife27795ea96919c116fb6ff33d106663b54df72d
Signed-off-by: Dave Wallace <[email protected]>
Steven [Thu, 5 Oct 2017 07:12:33 +0000 (00:12 -0700)]
 
tuntap: Introduce per thread structure to suport multi-threads
https://gerrit.fd.io/r/#/c/8551/ decoupled the global variable,
namely tm->iovecs from TX and RX. However, to support multi-threads,
we have to eliminate the use of this global variable with per thread
variable. I notice that rx_buffers must also be per thread variable.
So, we introduce per thread struct to contain rx_buffers and iovecs.
Each thread will find the per thread struct with thread_index.
Change-Id: I61abf2fdace8d722525a382ac72f0d04a173b9ce
Signed-off-by: Steven <[email protected]>
Marco Varlese [Tue, 19 Sep 2017 12:25:28 +0000 (14:25 +0200)]
 
Initial GENEVE TUNNEL implementation and tests.
Notes on this first implementation:
* First version of the implementation does NOT support GENEVE OPTIONS
HEADER: it isn't well understood what the purpose of the OPTIONS will be and/or
what content would be placed in the variable option data;
Once the IETF work will evolve and further information will be available
it could be possible to modify the frame rewrite to contemplate the
actual GENEVE OPTIONS.
Change-Id: Iddfe6f408cc45bb0800f00ce6a3e302e48a4ed52
Signed-off-by: Marco Varlese <[email protected]>
Hongjun Ni [Fri, 29 Sep 2017 21:04:33 +0000 (05:04 +0800)]
 
Separate CP and DP fib table for PPPoE
CP table: link_table
DP table: session_table
Change-Id: I2adbfd8f6a63d51d00d6dd291f32aebf20d13e4d
Signed-off-by: Hongjun Ni <[email protected]>
Sergio Gonzalez Monroy [Sat, 26 Aug 2017 14:22:05 +0000 (15:22 +0100)]
 
dpdk/ipsec: rework plus improved cli commands
This patch reworks the DPDK ipsec implementation including the cryptodev
management as well as replacing new cli commands for better usability.
For the data path:
 - The dpdk-esp-encrypt-post node is not necessary anymore.
 - IPv4 packets in the decrypt path are sent to ip4-input-no-checksum instead
 of ip4-input.
The DPDK cryptodev cli commands are replaced by the following new commands:
 - show dpdk crypto devices
 - show dpdk crypto placement [verbose]
 - set dpdk crypto placement (<device> <thread> | auto)
 - clear dpdk crypto placement <device> [<thread>]
 - show dpdk crypto pools
Change-Id: I47324517ede82d3e6e0e9f9c71c1a3433714b27b
Signed-off-by: Sergio Gonzalez Monroy <[email protected]>
Dave Barach [Wed, 4 Oct 2017 14:03:52 +0000 (10:03 -0400)]
 
Clean up "show api ring" debug CLI
Add a primary svm_region_t pointer to the api_main_t so we can always
find the primary region, even when processing an API message from a
memfd segment.
Change-Id: I07fffe2ac1088ce44de10a34bc771ddc93af967d
Signed-off-by: Dave Barach <[email protected]>
Neale Ranns [Tue, 3 Oct 2017 15:20:21 +0000 (08:20 -0700)]
 
Distributed Virtual Router Support
A distributed virtual router works by attmpeting to switch a packet, but on failing to find a local consumer (i.e. the packet is destined to a locally attached host) then the packet is sent unmodified 'upstream' to where the rest of the 'distributed' router is present. When L3 switching a packet this means the L2 header must not be modifed. This patch adds a 'l2-bridge' object to the L3 FIB which re-injects packets from the L3 path back into the L2 path - use with extreme caution.
Change-Id: I069724eb45956647d7980cbe40a80a788ee6ee82
Signed-off-by: Neale Ranns <[email protected]>
Christophe Fontaine [Mon, 2 Oct 2017 16:10:54 +0000 (18:10 +0200)]
 
[aarch64] Fixes CLI crashes on dpaa2 platform.
- always use 'va_args' as pointer in all format_* functions
- u32 for all 'indent' params as it's declaration was inconsistent
Change-Id: Ic5799309a6b104c9b50fec309cba789c8da99e79
Signed-off-by: Christophe Fontaine <[email protected]>
Marco Varlese [Wed, 4 Oct 2017 12:13:53 +0000 (14:13 +0200)]
 
Packages dependencies: added clang3_8 and indent packages
Change-Id: I4ed2d5f7e743369e2a41cfcb93b016d928cfed95
Signed-off-by: Marco Varlese <[email protected]>
Klement Sekera [Wed, 4 Oct 2017 04:26:36 +0000 (06:26 +0200)]
 
checkstyle: add clang-format dependency, fix bug
Change-Id: I608d3b73700d57652b015a9fc09300e99386a37f
Signed-off-by: Klement Sekera <[email protected]>
Neale Ranns [Wed, 4 Oct 2017 09:29:07 +0000 (02:29 -0700)]
 
Set MAC address needs the HW interface index
Change-Id: I7b175d57b85e626aab00221b6dac0498aebcbeae
Signed-off-by: Neale Ranns <[email protected]>
Damjan Marion [Thu, 20 Jul 2017 16:10:35 +0000 (18:10 +0200)]
 
dpdk: use vpp physmem allocator for dpdk buffers
This allows us to have single contignuous allocation for DPDK buffers
with single mmap FD, so buffer memory can be easily shared with diffrent
process.
As a consequence dpdk socket-mem is no longer in charge for allocating
buffer memory, but still we need some space allocated for dpdk
structures so default socket-mem is reduced form 256 to 64 MB.
For a default of 16K buffers per numa node, physmem allocation is now
40MB, so basically this change reduces footprint from 256MB per socket
to 48 (64 + 40).
Change-Id: Ic8cfe83930a18411545b37a12b14aac89affd04f
Signed-off-by: Damjan Marion <[email protected]>
Signed-off-by: Sergio Gonzalez Monroy <[email protected]>
Signed-off-by: Damjan Marion <[email protected]>
Neale Ranns [Sun, 1 Oct 2017 19:08:10 +0000 (12:08 -0700)]
 
Dump of deag/lookup routes has is_drop=1 (VPP-995)
Change-Id: I58772a83e22885a9ea8a7a981d2bcb4b31a050d2
Signed-off-by: Neale Ranns <[email protected]>
Jakub Grajciar [Thu, 28 Sep 2017 10:52:03 +0000 (12:52 +0200)]
 
libmemif: memif_rx_burst fix
Change-Id: I2f488fef828df8915b57552567e1be79efe69700
Signed-off-by: Jakub Grajciar <[email protected]>
Steven [Sat, 30 Sep 2017 17:50:20 +0000 (10:50 -0700)]
 
memif: crash on slave mode
Crash was seen on recent image with this BT on top of the stack
(gdb) bt full
    (mif=0x7fffb6226568) at
    /vpp/build-data/../src/plugins/memif/memif.c:297
        ring = 0x0 <<<<<<<<<<
        i = 0
        j = 0
        buffer_offset = 65792
        r = 0x7fffb5e59f80
        alloc = {flags = 1, name = 0x7fffb449f965 "memif region",
          size = 
4260096, numa_node = 0, addr = 0x7fff41dac000,
          fd = 11,
          log2_page_size = 12, n_pages = 1041}
        err = 0x0
        __FUNCTION__ = "memif_init_regions_and_queues"
The crash happened at this line.
      ring = memif_get_ring (mif, MEMIF_RING_S2M, i);
      ring=>head = ring->tail = 0; <=====
Please note that the crash is caused by dereferencing NULL rinng.
Put breakpoint into the function. I notice that
mif->regions[0].shm is not initialized.
(gdb) p mif->regions[0].shm
$8 = (void *) 0x0
It looks like we forgot to set shm after clib_mem_vm_ext_alloc().
Add the missing cide and the crash is fixed.
Change-Id: Ib722a6c241c77acfa8e33962106b57faa50e1ea7
Signed-off-by: Steven <[email protected]>
Jan Gelety [Mon, 2 Oct 2017 07:27:37 +0000 (09:27 +0200)]
 
Update CSIT tests 170926 -> 171002
- update of CSIT operational branch to be used for VPP-patch test
Change-Id: I6331016b17b0811bf0ea1be03c5782428514a01a
Signed-off-by: Jan Gelety <[email protected]>
Anton Ivanov [Tue, 3 Oct 2017 09:08:05 +0000 (10:08 +0100)]
 
VPP-1001 - update AF Packet Driver to for modern kernels
1. Add VNET headers support for checksumming - required
to operate correctly on any recent Linux
2. Bypass QDISC on transmit - improves performance by ~ 5%.
Enabled only if the macro is detected - apparently not
present on archaic distributions.
This still does not solve all issues with TSO - it can be
fixed only by going to tpacket v3 and dynamic rx ring as
well as significant changes in the TX (sendmmsg?).
Change-Id: Iea14ade12586c0a8da49e6dd1012108a08bc85b3
Signed-off-by: Anton Ivanov <[email protected]>
Matthew Smith [Tue, 26 Sep 2017 18:33:44 +0000 (13:33 -0500)]
 
Add API support to dump IPsec SAs
Add an API request message type to dump IPsec SAs. Either
all IPsec SAs can be dumped or it can be limited to a single
SA ID (numeric ID set at creation time - not an index).
Add a handler for incoming messages with the new request type.
Add an API response message type containing the data
for an IPsec SA.
Add VAT support for new message type.
Change-Id: Id7828d000efc637dee7f988a87d3f707a8b466b7
Signed-off-by: Matthew Smith <[email protected]>
Florin Coras [Tue, 3 Oct 2017 18:26:10 +0000 (14:26 -0400)]
 
api: fix internal client registrations
Makes sure vlib_rp and shmem_hdr are initialized for internal
registrations. They are needed for keepalive msg exchanges.
Change-Id: I805dec2d2aa84b1efdc1fdd692fc1d94389b776e
Signed-off-by: Florin Coras <[email protected]>
John Lo [Tue, 3 Oct 2017 17:13:47 +0000 (13:13 -0400)]
 
Update L2FIB entry timestamp only if BD aging enabled (VPP-1002)
Change L2 learning path so it update stale timestamp in MAC entry
only if aging is enabled on the BD for the MAC entry.
Change-Id: I7babe986ceef3c030d8ef9185076c42b405f7b0f
Signed-off-by: John Lo <[email protected]>
eyal bari [Tue, 3 Oct 2017 09:25:07 +0000 (12:25 +0300)]
 
L2FIB,TEST:add max macs in event test
Change-Id: Ied72d44f8695af524751ffc54196cc3ac1addc85
Signed-off-by: Eyal Bari <[email protected]>
Florin Coras [Fri, 29 Sep 2017 03:49:42 +0000 (23:49 -0400)]
 
tcp: updates to connection closing procedure (VPP-996)
- add separate TIME_WAIT time constant
- fix output node for TIME_WAIT acks
- ensure snd_nxt is snd_una_max after retransmitting fin
- debugging improvements
Change-Id: Ic947153346979853f2526824b229126e47aead86
Signed-off-by: Florin Coras <[email protected]>
Matej Perina [Mon, 25 Sep 2017 07:42:42 +0000 (09:42 +0200)]
 
jvpp: added logs for sending and receiving event messages (VPP-982)
Change-Id: I47f9d12d934378f18c6f841b902af2a64ee7b187
Signed-off-by: Matej Perina <[email protected]>
Dave Barach [Sun, 10 Sep 2017 19:04:27 +0000 (15:04 -0400)]
 
Repair vlib API socket server
- Teach vpp_api_test to send/receive API messages over sockets
- Add memfd-based shared memory
- Add api messages to create memfd-based shared memory segments
- vpp_api_test supports both socket and shared memory segment connections
- vpp_api_test pivot from socket to shared memory API messaging
- add socket client support to libvlibclient.so
- dead client reaper sends ping messages, container-friendly
- dead client reaper falls back to kill (<pid>, 0) live checking
  if e.g. a python app goes silent for tens of seconds
- handle ping messages in python client support code
- teach show api ring about pairwise shared-memory segments
- fix ip probing of already resolved destinations (VPP-998)
We'll need this work to implement proper host-stack client isolation
Change-Id: Ic23b65f75c854d0393d9a2e9d6b122a9551be769
Signed-off-by: Dave Barach <[email protected]>
Signed-off-by: Dave Wallace <[email protected]>
Signed-off-by: Florin Coras <[email protected]>
Jon Loeliger [Thu, 28 Sep 2017 18:54:16 +0000 (13:54 -0500)]
 
Propagate duplicate IF addr add/del error up to API.
Identify and complain when the same IP prefix is assigned
to two different SW interfaces:
    vpp# set int ip address TenGigabitEthernet6/0/0 1.2.3.4/32
    vpp# set int ip address TenGigabitEthernet6/0/1 1.2.3.4/32
    set interface ip address: Prefix 1.2.3.4/32 already found on
	interface TenGigabitEthernet6/0/0
Change-Id: I1aee1b6a7ddd00d3109a53d8e1b6ce97bf45e372
Signed-off-by: Jon Loeliger <[email protected]>
Dave Wallace [Sun, 1 Oct 2017 02:04:21 +0000 (22:04 -0400)]
 
make test: Copy api_post_mortem.$$ file tmp test dir for archiving.
Change-Id: I4baf89ef383dbc2f309081a6b56b13ebcb8fc2df
Signed-off-by: Dave Wallace <[email protected]>
Eyal Bari [Wed, 27 Sep 2017 18:43:51 +0000 (21:43 +0300)]
 
L2-FIB:add mac learn events test
fixes an issue where events were not sent if BD doesn't enable  mac aging
Change-Id: Iddc53cb5c45e560633e6c5cff2731dccfc70ad5b
Signed-off-by: Eyal Bari <[email protected]>
Dave Wallace [Sat, 30 Sep 2017 19:12:19 +0000 (15:12 -0400)]
 
make test: Create link to failed test dir on timeout.
- Also change default coredump configuration from
  "coredump-size unlimited" to "full-coredump"
Change-Id: Iefedc2636f2d9696b7575b34e91dd7be49f601fa
Signed-off-by: Dave Wallace <[email protected]>
Dave Wallace [Sat, 30 Sep 2017 05:53:26 +0000 (01:53 -0400)]
 
make test: archive failed test data with build logs.
- Fix invocation of compress_failed.sh
- Fix compress_failed to copy compressed results
  files to $WORKSPACE/archives and return failure
  exit code.
Failed test case data will be copied to logs.fd.io
and found in the archives/<make test data dir>-FAILED
directory in the build log link in the
vpp-verify-master-ubuntu1604 jenkins job page.
For example:
https://logs.fd.io/production/vex-yul-rot-jenkins-1/vpp-verify-master-ubuntu1604/7353/archives/
Change-Id: Ife9a0737115e69c0a8441e3bb0133af1528d909b
Signed-off-by: Dave Wallace <[email protected]>
Klement Sekera [Fri, 29 Sep 2017 10:36:37 +0000 (12:36 +0200)]
 
make test: fix/disable VAPI tests on centos
Workaround old `check' library on centos.
Disable building/running of C++ VAPI test as centos's gcc can't compile
our C++ code (vapi.hpp) due to bug.
Change-Id: If9da9c7f1bc076f7cdfb9bd3016dfe60a08afa36
Signed-off-by: Klement Sekera <[email protected]>
Steven [Thu, 28 Sep 2017 23:38:56 +0000 (16:38 -0700)]
 
cdp/lldp: punt for no buffer
When making a call to vlib_packet_template_get_packet(), it
is possible to get back a NULL if the system runs out of buffer.
This can happen when there is buffer leaks. But don't crash
just because we run out of buffers, just punt.
Change-Id: Ie90ea41f3dda6e583d48959cbd18ff124158d7f8
Signed-off-by: Steven <[email protected]>
Klement Sekera [Fri, 22 Sep 2017 05:52:28 +0000 (07:52 +0200)]
 
C++ API: remove deprecated throw lists
Change-Id: Ia58664438c9dc949884a794bd123555a13a02e6c
Signed-off-by: Klement Sekera <[email protected]>
Klement Sekera [Thu, 28 Sep 2017 04:31:53 +0000 (06:31 +0200)]
 
drop python3 dependency
Change-Id: I99c2c1d0d5b96f33efdb58dd3a2897a752e65349
Signed-off-by: Klement Sekera <[email protected]>
Florin Coras [Thu, 28 Sep 2017 06:31:07 +0000 (23:31 -0700)]
 
Update package version
Change-Id: Ic9bc303b65c95a0e06f90c75b067056b0b11e654
Signed-off-by: Florin Coras <[email protected]>
Chris Luke [Wed, 27 Sep 2017 19:09:48 +0000 (15:09 -0400)]
 
General documentation updates
- We now have several developer-focused docs, so create an index page
  for them.
- Rework several docs to fit into the index structure.
- Experiment with code highlighting; tweak the CSS slightly to make
  it slightly nicer to look at.
Change-Id: I4185a18f84fa0764745ca7a3148276064a3155c6
Signed-off-by: Chris Luke <[email protected]>
Steven [Tue, 26 Sep 2017 22:58:24 +0000 (15:58 -0700)]
 
tun/tap: Bad packets sent to kernel via tun/tap interface
It was observed that under heavy traffic, VPP accidentally sent traffic
with the wrong source and destination to the tun/tap interface. Traffic
appears to be sent to the wrong direction. This problem is only
seen when worker thread is configured.
When worker thread is used, TX and RX may reside in different
core. Yet both TX and RX threads are sharing the same global variable,
namely iovecs without any mutex or memory barrier protection.
This creates a race condition when heavy traffic is blasted to VPP,
like 1000 pps.
We could create a mutex or memory barrier to ensure atomic memory access.
But why bother? It is a lot cheaper to just decouple the iovecs such
that TX and RX have their own iovecs.
Change-Id: I86a5a19bd8de54d54f32e1f0845bae6a81bbf686
Signed-off-by: Steven <[email protected]>
Matej Perina [Thu, 21 Sep 2017 15:03:27 +0000 (17:03 +0200)]
 
VPP-990 remove registered handler if control ping fails
Change-Id: I5ca5763f0dc0a73cc6f014b855426b7ac180f356
Signed-off-by: Matej Perina <[email protected]>
Filip Tehlar [Wed, 27 Sep 2017 12:32:02 +0000 (14:32 +0200)]
 
LISP: add API handlers for set/get transport protocol
Change-Id: Ib675164c475edcdbe3013df7b847adf5e050c53f
Signed-off-by: Filip Tehlar <[email protected]>
Akshaya N [Fri, 15 Sep 2017 12:07:53 +0000 (17:37 +0530)]
 
VLAN support on host(af-packet) interface.
On host interface if a VLAN tagged packet is received, linux kernel removes
the VLAN header from packet byte stream and adds metadata in tpacket2_hdr.
This patch explicitely checks for the presense of VLAN metadata and adds it
in VPP packet.
Change-Id: I0ba35c1e98dbc008ce18d032f22f2717d610c1aa
Signed-off-by: Akshaya N <[email protected]>
Dave Wallace [Tue, 26 Sep 2017 22:15:47 +0000 (18:15 -0400)]
 
Update vagrant centos config to CentOS 7.4
Change-Id: I45c1227b53ba9e57b94f1bc68de939cd3ce9d619
Signed-off-by: Dave Wallace <[email protected]>
Steve Shin [Tue, 26 Sep 2017 17:07:58 +0000 (10:07 -0700)]
 
Fix: unnecesary uio binding for Mellanox NIC
UIO binding is not required for Mellanox NIC and calling vlib_pci_bind_to_uio()
should be skipped.
Change-Id: I10ea457bc3c8d4be8117dec51d5bd940ee416a44
Signed-off-by: Steve Shin <[email protected]>
Chris Luke [Tue, 26 Sep 2017 17:15:16 +0000 (13:15 -0400)]
 
Various fixes for issues found by Coverity (VPP-972)
174267: Revisit this string termination issue
174816: Add check for NULL when trace is enabled
177211: Add notation that mutex is not required here
177117: Added check for log2_page_size == 0 and returns an error if so
163697,163698: Added missing sw_if_index validation
Change-Id: I5a76fcf6505c785bfb3269e353360031c6a0fd0f
Signed-off-by: Chris Luke <[email protected]>
Andrew Yourtchenko [Wed, 27 Sep 2017 11:50:31 +0000 (13:50 +0200)]
 
acl-plugin: take 2 at VPP-991 fix, this time with a test case which verifies it.
The replacement of [] with pool_elt_at_index and subsequent fixing it
was incorrect - it was equivalent to &[], since it returns a pointer to
the element. I've added VPP-993 previously to create a testcase,
so this commit partially fulfills that one as well.
Change-Id: I5b15e3ce48316f0429232aacf885e8f7c63d9522
Signed-off-by: Andrew Yourtchenko <[email protected]>
Klement Sekera [Wed, 27 Sep 2017 04:48:44 +0000 (06:48 +0200)]
 
make test: clean ext binaries when doing test-wipe
Change-Id: I9f5212ee670ea91c6b35f1406c256d0687b9c6b5
Signed-off-by: Klement Sekera <[email protected]>
Jan Gelety [Tue, 26 Sep 2017 07:52:18 +0000 (09:52 +0200)]
 
Update CSIT tests 
1700906 -> 170926
- update of CSIT operational branch to be used for VPP-patch test
Change-Id: If582dc7c5e37bd3cda7ba4858e98fc504e2b7b1e
Signed-off-by: Jan Gelety <[email protected]>
Marco Varlese [Mon, 25 Sep 2017 08:05:01 +0000 (10:05 +0200)]
 
Fix SUSE dependencies to contemplate both python and python3 scripts.
Change-Id: Ib677955448833dfeb1291490340f5ea1e417213b
Signed-off-by: Marco Varlese <[email protected]>
Florin Coras [Tue, 26 Sep 2017 16:30:40 +0000 (12:30 -0400)]
 
tcp: update snd_nxt after congestion recovery
Change-Id: I2cf4c4850b9c3c093a7dce0cec89b9f710f69393
Signed-off-by: Florin Coras <[email protected]>
Dave Barach [Tue, 26 Sep 2017 14:54:34 +0000 (10:54 -0400)]
 
Add thread-safe event signaller, use RPC where required
Update ping code to use the new function
Change-Id: Ieb753b23f8402cbe5667c22747896784c8ece937
Signed-off-by: Florin Coras <[email protected]>
Signed-off-by: Dave Barach <[email protected]>
Klement Sekera [Tue, 26 Sep 2017 00:39:40 +0000 (02:39 +0200)]
 
checkstyle: ignore old clang-format (centos)
Change-Id: Iecf35bd9fd760856e32eb1c0c9542ffbed472379
Signed-off-by: Klement Sekera <[email protected]>
Klement Sekera [Tue, 26 Sep 2017 07:21:24 +0000 (09:21 +0200)]
 
make test: don't recompile ext if not needed
Skip recompilation of test binaries from test/ext if these are
up-to-date. This speeds up repeated test runs.
Change-Id: I96dbfafc372398e3d858d8419219ef35c47bd0f3
Signed-off-by: Klement Sekera <[email protected]>
Matej Perina [Mon, 25 Sep 2017 08:54:47 +0000 (10:54 +0200)]
 
jvpp: lowering verbosity level for jvpp tests
Change-Id: Ie38dad209cce6d546379b4a5e449b34fbcadf171
Signed-off-by: Matej Perina <[email protected]>
Matus Fabian [Tue, 26 Sep 2017 08:23:01 +0000 (01:23 -0700)]
 
NAT: remove worker_by_in lookup hash table (VPP-992)
Change-Id: I3873d3e411bf93cac82e73a0b8e3b22563aaf217
Signed-off-by: Matus Fabian <[email protected]>
Andrew Yourtchenko [Thu, 14 Sep 2017 16:26:36 +0000 (18:26 +0200)]
 
acl-plugin: test: move the API calls to vpp_papi_provider.py
Change-Id: I1d3818027b8a1fcb1ec12016e3476b5c22a2d5a5
Signed-off-by: Andrew Yourtchenko <[email protected]>
Aequitas [Sat, 23 Sep 2017 04:58:49 +0000 (12:58 +0800)]
 
Memory overwritten when using unformat %u (VPP-987)
Change-Id: I7d8f807fb502d61688aa1dee25fa4edcbeb32f41
Signed-off-by: Aequitas <[email protected]>
Dave Wallace [Mon, 25 Sep 2017 19:00:36 +0000 (15:00 -0400)]
 
Fix Ubuntu java dependency regression.
- introduced by 
e6f3b467 "Fix for ssl dependency on debian 9"
Change-Id: If41e517b2a55d2028ade6671f407831cfcf205c4
Signed-off-by: Dave Wallace <[email protected]>
Dave Wallace [Mon, 25 Sep 2017 20:12:16 +0000 (16:12 -0400)]
 
Vagrant fails if Vagrantfile is a symlink on Windows 10.
- Revert Vagrantfile symlink to the default
- Update README and env.sh
Change-Id: Ib1a557b897e0217b162c31118a4c265769dd1760
Signed-off-by: Dave Wallace <[email protected]>
Dave Wallace [Mon, 25 Sep 2017 19:37:56 +0000 (15:37 -0400)]
 
Refactor multi-host socket_test.sh for bare-metal.
Change-Id: I4fcde6652e0c66315a453250c6e02cd32176833d
Signed-off-by: Dave Wallace <[email protected]>
Florin Coras [Sun, 24 Sep 2017 23:43:08 +0000 (19:43 -0400)]
 
tcp: do not sample rtt for retransmitted segments
Change-Id: I365c31607332a944ef498369881332b515894ed7
Signed-off-by: Florin Coras <[email protected]>
Andrew Yourtchenko [Mon, 25 Sep 2017 16:37:28 +0000 (18:37 +0200)]
 
acl-plugin: use vec_elt_at_index rather than pool_elt_at_index to access vector elements
bb7f0f644 aimed to fix the coverity issue has incorrectly replaced the previous [] access
with pool_elt_at_index(), for an element of a vector, with predictably interesting result.
VPP-991 has uncovered the issue.
Change-Id: Ifd3fb70332d3fdd1c4ff8570372f394913f7b6c8
Signed-off-by: Andrew Yourtchenko <[email protected]>
Jerome Tollet [Tue, 19 Sep 2017 19:30:48 +0000 (20:30 +0100)]
 
Fix usage string for vat
Change-Id: Idad65cbb3765500a66f1097126076a2c5fdb4f1b
Signed-off-by: Jerome Tollet <[email protected]>
John Lo [Sat, 23 Sep 2017 12:59:58 +0000 (08:59 -0400)]
 
Fix sending GARP/NA on Bonded Interface Active/Backup Link Up/Down
For bonded interface in Active/Backup mode (mode 1), we need to
send a GARP/NA packet, if IP address is present, on slave link
state change to up or down to help with route convergence. The
callback from DPDK happens in a separate thread so we need to make
sure RPC call is used to signal the send_garp_na process in the
main thread. Also need to fix DPDK polling so the slave links are
not polled.
Change-Id: If5fd8ea2d28c54dd28726ac403ad366386ce9651
Signed-off-by: John Lo <[email protected]>