gerrit.fd Code Review

acl-plugin: fix acl plugin test failing sporadically (VPP-898)

The "acl_plugin" tests has one of the tests sporadically fail with the following traceback:

r.reply.decode().rstrip('\x00') UnicodeDecodeError: 'ascii' codec can't decode byte
0xd8 in position 20666: ordinal not in range(128)

This occurs in the newly added "show acl-plugin table" debug CLI.
This CLI has only the numeric outputs, so the conclusion is that it is
the incorrect termination (trailing zero) that might be most probably
causing it. The other acl-plugins show commands also
lack the zero-termination termination, so fix all of them.
The particularity of this command vs. the other acl-plugin debug CLIs
is that the accumulator is freed and allocated multiple times,
this might explain the issue is not seen with them.

Change-Id: I87b5c0d6152fbebcae9c7d0ce97155c1ae6666db
Signed-off-by: Andrew Yourtchenko <ayourtch@gmail.com>
(cherry picked from commit be055bd719559fc79d8a4c06479497c4c0bfae93)

SNAT: fix failing test_session_limit_per_user (VPP-896)

Change-Id: Idf46a03803125babd9bb880363686359fbcca27d
Signed-off-by: Matus Fabian <matfabia@cisco.com>
(cherry picked from commit 860af5ad2b023f9c57d622a7a9d3bd0099e480b1)

Refactor API message handling code

This is preparation for new C API. Moving common stuff to separate
headers reduces dependency issues.

Change-Id: Ie7adb23398de72448e5eba6c1c1da4e1bc678725
Signed-off-by: Klement Sekera <ksekera@cisco.com>

top-level Makefile improvements

- auto-execute startup.vpp file if exists
- add DPDK_CONFIG=<string> to speficy custom config for autogenerated
startup.conf, e.g. DPDK_CONFIG="no-pci"
- add DISABLED_PLUGINS=<comma separated list> option

e.g.

make DISABLED_PLUGINS=dpdk,acl run

or
export DISABLED_PLUGINS=dpdk,acl
make run

Change-Id: Ib0891d27aeae16b69b67c4c3e893bb3dbde5e7e1
Signed-off-by: Damjan Marion <damarion@cisco.com>

VPP-893: handle multiple simultaneous event registrations

Change-Id: I8cd90820624987dbef848935e2de86fa66a86c17
Signed-off-by: Dave Barach <dave@barachs.net>

VPP debug image with worker threads hit assert on adding IP route with traffic (VPP-892)

When stacking DPOs the VLIB graph is also updated to add the edge between the nodes, if this edge does not yet exist. This addition should be done with the workers stopped.

Change-Id: I327e4d7d26f0b23eb280f17e4619ff2093ff7940
Signed-off-by: Neale Ranns <nranns@cisco.com>
(cherry picked from commit c02bd03ddf5eec9e9c79811360685f13e4ba8ee1)

memif: API message handler registration bug-fix

- removed memif details message from memif API

Change-Id: I21185e7678f375cc10639cdbc3ad2fd84bc95459
Signed-off-by: Jakub Grajciar <grajciar.jakub@gmail.com>

LLDP: properly parse lldp cmds from startup config

Change-Id: I0e6c86bd923fcf7cf16f948b9869a5927e6d3745
Signed-off-by: Klement Sekera <ksekera@cisco.com>

Fix SIGBUS on aarch64

A call to 'clib_smp_swap (&((dq)->interrupt_pending), 0)' was creating
a SIGBUS.
Instead of making dq->interrupt_pending aligned on 64bits, we reduce the size
from uword (u64) to u32, as the number of pending interrupts will never
go above max of u32.

Change-Id: Ifa5a6d3b7adee222329a671be01305cf50853b33
Signed-off-by: Christophe Fontaine <christophe.fontaine@enea.com>

switch vlib process model to tw_timer_template timer impl

Change-Id: I36bb47faea55a6fea7af7ee58d87d8f6dd28f93d
Signed-off-by: Dave Barach <dave@barachs.net>

L2-LEARN:fix l2fib entry seq num not updated on hit (VPP-888)

fixed instability in l2bd_multi_instnce test - sometimes failing with extra
packets captured

it appears l2-learn was not updating hit entries but rather a copy of them.

if the ager did not have a chance to run before the test was running the
learning cycle - entries were not updated with the packet's seq num - causing
packets to flood when hitting the stale seq_num in l2-fwd - hence the extra
packets

fixed handling of filter entries

revert workaround for instability in test

Change-Id: I16d918e6310a5bf40bad5b7335b2140c2867cb71
Signed-off-by: Eyal Bari <ebari@cisco.com>
(cherry picked from commit 25ff2ea3a31e422094f6d91eab46222a29a77c4b)

FLOWPROBE: Add flowstartns, flowendns and tcpcontrolbits

- fixed problem with tcp_flag
- changed flowtimestamp into NTP format
Change-Id: I4ef05d6c69c5c078a0c80d59c5ccb0c85b924ba6
Signed-off-by: Ole Troan <ot@cisco.com>

Update CSIT tests 170622 -> 170626

- update of CSIT operational branch to be used for VPP-patch test

Change-Id: I3e429f3884953908209e5f2d4e7a254dc7ccb720
Signed-off-by: Jan Gelety <jgelety@cisco.com>

VPP-889: MAP Stats API/CLI crashes when no domains.

Change-Id: Ib7824bfc08cb3c8f20258379e1a1f2c159c4f687
Signed-off-by: Ole Troan <ot@cisco.com>

VPP crash on creating vxlan gpe interface. VPP-875

Change-Id: I6b19634ecb03860a7624d9408e09b52e95f47aef
Signed-off-by: Hongjun Ni <hongjun.ni@intel.com>

Add Maintainers for Vxlan-gpe feature

Change-Id: I3f42e9bbd816a6e2192cc65eeb10a4681cf9e29a
Signed-off-by: Hongjun Ni <hongjun.ni@intel.com>

memif: If rx/tx_queues are unset, use default values

The standard behaviour for binary API is that zeroed arguments are
treated as if the default values were set. This way the configurator
does not need to know what default values are.
This, however, wasn't the case for rx_queues and tx_queues in
memif_create binary API message.

Change-Id: Ib588b472823f6bbb5ef12a798d68b0dda6dd2139
Signed-off-by: Milan Lenco <milan.lenco@pantheon.tech>

Rewrite vppctl in C

- removes python dependency
- removes vpp_api_test dependency
- communicates over unix socket
- properly detects terminal size and type
- responds on terminal resize

Change-Id: I46c0a49f9b5f9ef8a0a31faec4fc5d49aa3ee02e
Signed-off-by: Damjan Marion <damarion@cisco.com>

make: Fix parallel building with some container platforms (VPP-880)

With some Linux container platforms /proc/cpuinfo reads as an empty
file. (Aside: stat on /proc/cpuinfo always indicates a length of
zero bytes, regardless of its content).

This has the effect that the make '-j' parameter being passed the
unhelpful value of '0' both in build-root/Makefile and dpdk/Makefile.
Make complains with the error:

make: the '-j' option requires a positive integer argument

This patch checks for '0' and replaces it with '2' as a reasonable
number of jobs to run in parallel when the CPU count isn't known
(and assumed to be one). It also makes the value determination
consistent between VPP and DPDK (2*ncpu).

Change-Id: I78b89420114a825fab4d339e4f9291d486b7b9c8
Signed-off-by: Chris Luke <chrisy@flirble.org>

IP4/IP6 FIB: fix crash during interface delete

after deleting a sub interface with IP4/IP6 address vpp crash

Change-Id: Ie768ca845b9e2394f61e2a8e9722a80a788746e7
Signed-off-by: Pavel Kotucek <pkotucek@cisco.com>

Update master revision to 17.10

Change-Id: I0b74cad60be4edace5c3636922cfb9c26cfde9ff
Signed-off-by: Neale Ranns <nranns@cisco.com>

Update lisp map record default ttl to 24h

Change-Id: Ib8c72f8e08e89357b64f2f69ab70d60d3a7ec506
Signed-off-by: Florin Coras <fcoras@cisco.com>

Improve svm fifo and tcp tx path performance (VPP-846)

- multiarch on svm fifo
- avoid ip lookup on tx

Change-Id: Iab0d85204a710979417bca1d692cc47877131203
Signed-off-by: Florin Coras <fcoras@cisco.com>
Signed-off-by: Dave Barach <dbarach@cisco.com>

Export and Install GTP-U API file

Change-Id: I064d22277a0334c63f3d5072b1584b93e327b331
Signed-off-by: Hongjun Ni <hongjun.ni@intel.com>

acl-plugin: clean up the code enabling/disabling acl-plugin processing on interface

Multiple subsequent calls to vnet_feature_enable_disable() to enable the feature
cause the feature to be inserted into the processing graph multiple times in a row.
This might be argued to be a bug in that function, but enabling already enabled feature
is suboptimal anyway, so avoid that. The existing tests already catch this issue whenever
the ASSERT() part of this patch was added.

Change-Id: Ia2c06f7dc87bbe05795c2c7b7d19ea06270ce150
Signed-off-by: Andrew Yourtchenko <ayourtch@gmail.com>

Update CSIT tests 170612 -> 170622

- update of CSIT operational branch to be used for VPP-patch test

Change-Id: I5645ebfaa32599797e4edf83b2281270ea4a8376
Signed-off-by: Jan Gelety <jgelety@cisco.com>

NAT64: documentation

added CLI command documentation
added NAT64 user documentation page

Change-Id: I3df400013800fe16351e02db7762ee3f92b195ff
Signed-off-by: Matus Fabian <matfabia@cisco.com>

VNET:explicitly pad l2_classify

Change-Id: I77412aa8c17b45b1533604e7bfe8fe052ed0f80a
Signed-off-by: Eyal Bari <ebari@cisco.com>

Introduce default rx mode for device drivers

If interface is down and queues are not configured then we are not able
to change rx-mode. This change introducess default mode which is stored
per interface and applied if driver wants.

Change-Id: I70149c21c1530eafc148d5e4aa03fbee53dec62f
Signed-off-by: Damjan Marion <damarion@cisco.com>

acl-plugin: the second and subsequent ACEs incorrect endianness when custom-dump and in VAT (VPP-885)

Add the missing function to convert the entire array of rules in the respective _endian functions,
rather than just the first rule.

Change-Id: Ic057f27ff7ec20150595efca1a48b74e5850f52b
Signed-off-by: Andrew Yourtchenko <ayourtch@gmail.com>

acl-plugin: CLI to clear all sessions

It is useful to have the CLI to clear the existing sessions.
There was a work-in-progress CLI but it did not work properly.
Fix it and split into a separate "clear acl-plugin sessions",
and add a unit test into the extended connection-oriented tests.

Change-Id: I55889165ebcee139841fdac88747390903a05394
Signed-off-by: Andrew Yourtchenko <ayourtch@gmail.com>

acl-plugin: use ethernet_buffer_header_size() to determine the size of the ethernet header

When extracting the 5-tuple, use the ethernet_buffer_header_size() so we can correctly
handle the case of subinterfaces, etc.

Change-Id: Ied73fde98d6b313e9eeab2aff4f22daa50a6cbbf
Signed-off-by: Andrew Yourtchenko <ayourtch@gmail.com>

acl-plugin: fix coverity issue 170476

Remove the unnecessary variable assignment which coverity detected.

Change-Id: I66ac20a8495400ac59192ddb72f16c95f6b4d03c
Signed-off-by: Andrew Yourtchenko <ayourtch@gmail.com>

acl-plugin: fix coverity issue 166801

A typo resulted in a value being overwritten and flagged as unused, fix the typo.

Change-Id: I512ba94321afb80d12c71ebbb0eec42d9fa6f299
Signed-off-by: Andrew Yourtchenko <ayourtch@gmail.com>

NAT64: custom prefix

Change-Id: If397b49861468eed29b964fa64b186f80eb0eceb
Signed-off-by: Matus Fabian <matfabia@cisco.com>

memif: minor changes in memif.h

Change-Id: Iff550fd65f6e559b9fdfbbd53ef92d287c18166c
Signed-off-by: Damjan Marion <damarion@cisco.com>

Add option to create clib_socket with group write permissions

Also allow group write as default for CLI socket connections.

Change-Id: I6af1f277f70581358cd9241bf0f5cb0752fe250f
Signed-off-by: Damjan Marion <damarion@cisco.com>

Add knob to specify effective group id (gid) for VPP process

Change-Id: Icf9bd4abda058fb380f1a25d5fe3917ffb38b1c4
Signed-off-by: Damjan Marion <damarion@cisco.com>

ARP: ignore non-connected routes and non-interface sources when determing if source is connected

Change-Id: I39fb0ec44cc322eaa12c0ff0700fc405d3982bfc
Signed-off-by: Neale Ranns <nranns@cisco.com>

acl-plugin: fix coverity error 171135

The code path which sets the sw_if_index aimed to restrict the output
did not set the flag to trigger that output.

Change-Id: I0a1a3977fdddbce9a276960df43fed745d099ca0
Signed-off-by: Andrew Yourtchenko <ayourtch@gmail.com>

acl-plugin: vat: acl_interface_list_dump confusing/incorrect output in case n_input == 0

The logic to print the line " output " is wrong for the case of n_input == 0,
and the applied ACLs are printed as if they were applied on input.
One may still figure out the truth by looking at the n_input value above,
but it is confusing.

Change-Id: I7b4a4d548e569994678dd1e139eb829456548b88
Signed-off-by: Andrew Yourtchenko <ayourtch@gmail.com>

L2-VTR: add vtr tests

re-enable l2 fib flush tests
reorder l2bd multi instance tests - move flags test as last
enabling of uu-flood will now flood when entry is stale

Change-Id: I052663ec3eb4acee5f296fb7525dd535924e0003
Signed-off-by: Eyal Bari <ebari@cisco.com>

vlib: make runtime_data handling thread-local

Change-Id: Ic2f2dc234199a5f882846880cbacff20fc8d477b
Signed-off-by: Igor Mikhailov (imichail) <imichail@cisco.com>

Parenthesize the usage of the macro argument within vec_search() macro definition

Change-Id: I488d7c2b864c0e3661c8abf0363e4b97984d4974
Signed-off-by: Andrew Yourtchenko <ayourtch@gmail.com>

SNAT: unknow protocol hairpinning fix

Change-Id: I15813167e7c8529f229143de4a8f64f0fb530951
Signed-off-by: Matus Fabian <matfabia@cisco.com>

VPP-879 MAP: s/u32 is_add/u8 is_add in map.api

Change-Id: If35171005e409f77bed4cc16eccb66a85aae5dfb
Signed-off-by: Ole Troan <ot@cisco.com>

L2FWD:fix seq_num overwritten + validate l2fib entries when forwarding

l2_classify memeber table_index was overlaid over l2.l2fib_seq_num
which over written when table_index gets initialized in l2_input_classify

solved by overlaying both table_index and opaque_index as only one is used

seperated l2fib seq num from l2_input configs
for better handling of theoretical ABA issue where an entry for a deleted
interface is considered valid by the ager because a different interface with
same sw_if_index and seq_num was created before the ager got a chance to delete

Change-Id: I7b0eeded971627406f1c80834d7e02c0ebe62136
Signed-off-by: Eyal Bari <ebari@cisco.com>

NAT64: change not supported multi threading behaviour

Disable CLI/API commands instead of error message on startup.

Change-Id: I313ed6e2ea009f573afb5e08b0e85ed1f9091dc3
Signed-off-by: Matus Fabian <matfabia@cisco.com>

memif: add ip mode

In IP mode memif interface is L3 point-to-point interfaces and
we don't pass l2 header. There is no l2 header rewrite operation and
received packets are sent straight to ip4-input / ip6-input nodes.

Change-Id: I4177f3fce3004da7ecf14d235006ae053fcf3f09
Signed-off-by: Damjan Marion <damarion@cisco.com>

Overall tcp performance improvements (VPP-846)

- limit minimum rto per connection
- cleanup sack scoreboard
- switched svm fifo out-of-order data handling from absolute offsets to
relative offsets.
- improve cwnd handling when using sacks
- add cc event debug stats
- improved uri tcp test client/server: bugfixes and added half-duplex mode
- expanded builtin client/server
- updated uri socket client/server code to work in half-duplex
- ensure session node unsets fifo event for empty fifo
- fix session detach

Change-Id: Ia446972340e32a65e0694ee2844355167d0c170d
Signed-off-by: Florin Coras <fcoras@cisco.com>

SNAT: NAT packet with unknown L4 protocol if match 1:1 NAT

Change-Id: Ic81c6098d615fdb6a874e532921efd833fed872c
Signed-off-by: Matus Fabian <matfabia@cisco.com>

acl-plugin: bihash-based ACL lookup

Add a bihash-based ACL lookup mechanism and make it a new default.
This changes the time required to lookup a 5-tuple match
from O(total_N_entries) to O(total_N_mask_types), where
"mask type" is an overall mask on the 5-tuple required
to represent an ACE.

For testing/comparison there is a temporary debug CLI
"set acl-plugin use-hash-acl-matching {0|1}", which,
when set to 0, makes the plugin use the "old" linear lookup,
and when set to 1, makes it use the hash-based lookup.

Based on the discussions on vpp-dev mailing list,
prevent assigning the ACL index to an interface,
when the ACL with that index is not defined,
also prevent deleting an ACL if that ACL is applied.

Also, for the easier debugging of the state, there are
new debug CLI commands to see the ACL plugin state at
several layers:

"show acl-plugin acl [index N]" - show a high-level
ACL representation, used for the linear lookup and
as a base for building the hashtable-based lookup.
Also shows if a given ACL is applied somewhere.

"show acl-plugin interface [sw_if_index N]" - show
which interfaces have which ACL(s) applied.

"show acl-plugin tables" - a lower-level debug command
used to see the state of all of the related data structures
at once. There are specifiers possible, which make
for a more focused and maybe augmented output:

"show acl-plugin tables acl [index N]"
show the "bitmask-ready" representations of the ACLs,
we well as the mask types and their associated indices.

"show acl-plutin tables mask"
show the derived mask types and their indices only.

"show acl-plugin tables applied [sw_if_index N]"
show the table of all of the ACEs applied for a given
sw_if_index or all interfaces.

"show acl-plugin tables hash [verbose N]"
show the 48x8 bihash used for the ACL lookup.

Change-Id: I89fff051424cb44bcb189e3cee04c1b8f76efc28
Signed-off-by: Andrew Yourtchenko <ayourtch@gmail.com>

NAT64: Hairpinning (VPP-699)

Change-Id: I83a6c277fa211ac2c2ca2d603650c992886af0a7
Signed-off-by: Matus Fabian <matfabia@cisco.com>

Fix map-notify processing with multiple workers

Change-Id: Id160346ebf533ee5f55bd735803624a75ed997b9
Signed-off-by: Florin Coras <fcoras@cisco.com>

memif: show memif CLI enhancement

Add optional keywords to show memif to allow display a particular
interface and option to display the descriptor tables. The new syntax for
the show memif command is now
show memif [<interface>] [descriptors]

Change-Id: I20696bbea1142bdc152b6e351c6ece24b1cf5500
Signed-off-by: Steven <sluong@cisco.com>

memif: jumbo frames support

Current memif interface supports frame size up to 2048. This patch is to
enhance memif to support jumbo frames.

On tx (writing buffers to the ring), keep reading the next buffer in vlib
when the flag VLIB_BUFFER_NEXT_PRESENT and merge it to the same ring entry.
Use descriptor chaining if the buffer is not big enough.

On rx (reading buffers from the ring), if the packet is greater than 2048,
create multiple vlib buffers, chained with the VLIB_BUFFER_NEXT_PRESENT.

Testing:
Because the ping command provided by VPP does not support jumbo frames,
I have to use linux ping. Here is the set up that I use for testing.

VM1 --- vhost ---- VPP1 --- memif --- VPP2 --- vhost --- VM2

Create vhost-user interfaces between VM1 and VPP1 and between VPP2 and VM2

VM configuration:
Set the interface mtu on the VM, e.g 9216 to support jumbo frames.
create static route and static arp on VM1 to VM2 and vice versa.
Use iperf3 or ping -s 8000 from VM1 to VM2 or vice versa.

Sample run
sluong@ubuntu:~$ ping 131.1.1.1 -c1 -s 8000
ping 131.1.1.1 -c1 -s 8000
PING 131.1.1.1 (131.1.1.1) 8000(8028) bytes of data.
8008 bytes from 131.1.1.1: icmp_seq=1 ttl=62 time=0.835 ms

--- 131.1.1.1 ping statistics ---
1 packets transmitted, 1 received, 0% packet loss, time 0ms
rtt min/avg/max/mdev = 0.835/0.835/0.835/0.000 ms
sluong@ubuntu:~$

DBGvpp# sh interface memif0
              Name               Idx       State          Counter          Count
memif0                            1         up       rx packets                     1
                                                     rx bytes                    8042
                                                     tx packets                     1
                                                     tx bytes                    8042
                                                     ip4                            1
DBGvpp#

Change-Id: I469bece3d45a790dceaee1d6a8e976bd018feee2
Signed-off-by: Steven <sluong@cisco.com>

LISP-GPE: add test CLI for NSH

Change-Id: I9999474c1a4b744f5d5880ee99a0293c576f2819
Signed-off-by: Filip Tehlar <ftehlar@cisco.com>

Add missing barrier sync to rx placement infra code

Change-Id: I25ccf8260dbe7e1550aee3904a688fc135ce1f03
Signed-off-by: Damjan Marion <damarion@cisco.com>

Fix vni/dp_table endianness for gpe iface addition (VPP-882)

Change-Id: I2b78dad740b67fc05b0e2cf9c180809bc0962cd5
Signed-off-by: Florin Coras <fcoras@cisco.com>

Fix gpe_native_fwd_rpaths_get (VPP-883)

Change-Id: Iab2aa5fd92b9e95049f55fce4177e236a482723c
Signed-off-by: Florin Coras <fcoras@cisco.com>

Add maintainer for GTPU Plugin

Change-Id: Ic8cecdee7ae74a6b816e0a02985c456fd3ec8d8f
Signed-off-by: Hongjun Ni <hongjun.ni@intel.com>

Add VAT handlers for LISP-GPE API

Change-Id: Id1139533c41cabef48394b5d79750608e0b74179
Signed-off-by: Filip Tehlar <ftehlar@cisco.com>

acl-plugin: store sessions in a single hash table instead of a per-interface

A bihash-per-interface is convenient, but turns out tricky difficult from
the maintenance standpoint with the large number of interfaces.
This patch makes the sessions reside in a single hash table for all the interfaces,
adding the lower 16 bit of sw_if_index as part of the key into the previously
unused space.

There is a tradeoff, that a session with an identical 5-tuple and the same
sw_if_index modulo 65536 will match on either of the interfaces.
The probability of that is deemed sufficiently small to not worry about it.
In case it still happens before the heat death of the universe,
there is a clib_warning and the colliding packet will be dropped,
at which point we will need to bump the hash key size by another u64,
but rather not pay the cost of doing that right now.

Change-Id: I2747839cfcceda73e597cbcafbe1e377fb8f1889
Signed-off-by: Andrew Yourtchenko <ayourtch@gmail.com>

Fix session api connect sock handler.

Change-Id: I034efb9fc3ebb846c0aef07b18c1f110b8cbf3e3
Signed-off-by: Dave Wallace <dwallacelf@gmail.com>

acl-plugin: shrink the L2 classifier tables used for traffic redirect

The previous iteration of the code used the L2 classifier tables for session storage,
as a result, the table allocations were pretty big. The new ACL plugin
datapath uses the tables just as a redirection mechanism, without adding any
entries. Thus, the tables can be much smaller.

Change-Id: Ieec4a5abf0abda6e513ab4e675f912f14d47e671
Signed-off-by: Andrew Yourtchenko <ayourtch@gmail.com>

VPP-874: fix coverity warnings in tw_timer_template.c

Best guess, tested carefully, should do no harm. Clang doesn't
complain either way; it's not certain that this patch will make the
coverity warnings in tw_timer_template.c disappear.

Change-Id: I75aa0cfd8970751e823a1165df2a755e947c4cf9
Signed-off-by: Dave Barach <dave@barachs.net>

ETH:fix l2_len/vlan count mismatch for > 2 tags

l2_len was not updated for the third tag
as the ethernet node retracts by the vlan count after parse_header (using
ethernet_buffer_header_size) it ends up pointing before the ethernet header

+ some minor cleanups

Change-Id: I4ccaedd33928912e5d837376f146503b27071741
Signed-off-by: Eyal Bari <ebari@cisco.com>

Flowprobe - tests speed-up

Updated test to reduce tests runtime.

Change-Id: I7904628fc19d349d6c26502e49d4c990cb8816ff
Signed-off-by: Pavel Kotucek <pkotucek@cisco.com>

FIB walk process - wake-up rate unnecessarily high

Change-Id: I7dedf283c83c7f0e0b7642f095b68bc0b40898cf
Signed-off-by: Neale Ranns <nranns@cisco.com>

SNAT: fix 1:1 NAT without port hairpinning TCP checksum update

Change-Id: I5077fcf3671a6116b475f87e43120efc10ecaa08
Signed-off-by: Matus Fabian <matfabia@cisco.com>

memif: fix crash during interface delete

Change-Id: Ide6d26d6fcc81be6f26ac0abe2cd0d6a0838cfe6
Signed-off-by: Damjan Marion <damarion@cisco.com>

L2FIB:fix crash in show with deleted subif entries

after deleting a sub interface it's l2fib entries are left with a dangling
sw_if_index (while waiting for the ager to delete them).
changed "show l2fib" to reflect that state with "Deleted" as the interface name.

added sleep in test_l2_fib as a workaround for packets still passing after flush
will investigate...

Change-Id: Id998d7d3c6a073ef5005c5f3009e1cfb7febf7db
Signed-off-by: Eyal Bari <ebari@cisco.com>

three-level timer wheel implementation w/ overflow vector

prep work for s/timing_wheel/tw_timer/ in the vlib process model

Change-Id: I763f4968a8fce1764a3778b12def0afbd30086b1
Signed-off-by: Dave Barach <dave@barachs.net>

memif: complete refactor of socket handling code

Change-Id: I4d41def83a23f13701f1ddcea722d481e4c85cbc
Signed-off-by: Damjan Marion <damarion@cisco.com>

Fix build breakge post 6956

Change-Id: I0ab0e3e40b00ed5c2a34f5c23d04b596c1e9aa5f
Signed-off-by: Neale Ranns <nranns@cisco.com>

NAT64: bug fix

ICMP to ICMPv6 error message inner UDP packet translation
delete ST entries when deleting static BIB entry

Change-Id: I2a28631ac040e20827a692331506cd8254f70916
Signed-off-by: Matus Fabian <matfabia@cisco.com>

Update CSIT tests 170605 -> 170612

- update of CSIT operational branch to be used for VPP-patch test

Change-Id: I0e19f085153ca00ddb46e016cff742b42eca15a0
Signed-off-by: Jan Gelety <jgelety@cisco.com>

Remove calls to crc_u32 and add clib_crc32c for armv8+crc

crc_u32 was not defined for non x86_64 with SSE4.2 processors.

Calls to "crc_u32" are removed and replaced by either a call to
clib_crc32c or a call to clib_xxhash, as the result is not used
as a check value but as a hash.

Change-Id: I3af4d68e2e5ebd0c9b0a6090f848d043cb0f20a2
Signed-off-by: Christophe Fontaine <christophe.fontaine@enea.com>

NAT64: coverity fix

Change-Id: I08544b2f06f993c8a6435901232a0616d0548b94
Signed-off-by: Matus Fabian <matfabia@cisco.com>

Fix coverity issue

Change-Id: Ib62ee0eacd6c91dc4cd95835efe901079754ef42
Signed-off-by: Filip Tehlar <ftehlar@cisco.com>

MPLS: cannot delete a path from the CLI

Change-Id: I7f85870ef99405727312a5de6839c8875c9fa1c5
Signed-off-by: Neale Ranns <nranns@cisco.com>

Fix gpe coverity issue (VPP-874)

Change-Id: I70fb60619a0a02d891276ea6c7ac277ba2b26fa3
Signed-off-by: Florin Coras <fcoras@cisco.com>

Implement sack based tcp loss recovery (RFC 6675)

- refactor existing congestion control code (RFC 6582/5681). Handling of ack
  feedback now consists of: ack parsing, cc event detection, event handling,
  congestion control update
- extend sack scoreboard to support sack based retransmissions
- basic implementation of Eifel detection algorithm (RFC 3522) for
  detecting spurious retransmissions
- actually initialize the per-thread frame freelist hash tables
- increase worker stack size to 2mb
- fix session queue node out-of-buffer handling
  - ensure that the local buffer cache vec_len matches reality
  - avoid 2x spurious event requeues when short of buffers
  - count out-of-buffer events
- make the builtin server thread-safe
- fix bihash template threading issue: need to paint -1 across uninitialized
  working_copy_length vector elements (via rebase from master)

Change-Id: I646cb9f1add9a67d08f4a87badbcb117980ebfc4
Signed-off-by: Florin Coras <fcoras@cisco.com>
Signed-off-by: Dave Barach <dbarach@cisco.com>

Sample plugin: Add sample plugin documentation

Added some user documentation to sample plugin.

Change-Id: I518910f80499307e8fcac8dcef7baaeab5ea8e35
Signed-off-by: Ray Kinsella <ray.kinsella@intel.com>

acl-plugin: wrap a verbose debug message in the appropriate conditional

Change-Id: Ibd57cb617642e42d4c4d64f186479702b8a81900
Signed-off-by: Andrew Yourtchenko <ayourtch@gmail.com>

dpdk: fix ipsec coverity warning

CID 170475

Change-Id: I9748dd56bdcb62e68d8f672e5b1619a3be400b8f
Signed-off-by: Sergio Gonzalez Monroy <sergio.gonzalez.monroy@intel.com>

NAT64: ICMP error support

Added ICMP error messages translation.
Added check for multi thread (not supported yet, so init failed).
Added API definition for custom NAT64 refix.

Change-Id: Ice2f04631af63e594aecc09087a1cf59f3b676fb
Signed-off-by: Matus Fabian <matfabia@cisco.com>

LISP: add NSH support

Change-Id: I971c110ed126f1a24a963f9d3b88cf8f8c308816
Signed-off-by: Filip Tehlar <ftehlar@cisco.com>

acl-plugin: remove clib_warnings on plugin init

Change-Id: Ic3c9a914a588824b8abd6668961f731432083c4f
Signed-off-by: Andrew Yourtchenko <ayourtch@gmail.com>

Add gpe native-forward static route support

Change-Id: I744e7d64d94dbb302f2c1246663480f720672ee2
Signed-off-by: Florin Coras <fcoras@cisco.com>

P2P Ethernet - API

API for P2P Ethernet feature

Change-Id: Id0280f42b9ce2428262e79c4dc309595037cd10e
Signed-off-by: Pavel Kotucek <pkotucek@cisco.com>

NAT64: Add NAT64 support for snat plugin (VPP-699)

Basic NAT64 feature (no hairpinning, no multi-thread).

Change-Id: I392fccbce93e70c117f4a9a7ec7cf08d6c537f2d
Signed-off-by: Matus Fabian <matfabia@cisco.com>

Small update to session API

Change-Id: I6a566d1dc9531b790bdcb00edc73516f86daeb72
Signed-off-by: Florin Coras <fcoras@cisco.com>

make test: improve debugability

Introduce faulthandler to print stack trace to stderr on python crash.
Don't disable automatic garbage collection to decrease the chances of
running out of memory.

Change-Id: I6927a5f6ea9569735d084d4ed3d258950a400d74
Signed-off-by: Klement Sekera <ksekera@cisco.com>

VPP-874: fix coverity warning in vnet_classify.c

Change-Id: Icffd2862eadbe9ddfb3ee34f3cb19c9324b3d9b4
Signed-off-by: Dave Barach <dave@barachs.net>

acl-plugin: add a plugin-specific control-ping message api and make the test code use it

This fixes the undesirable pause in the dump commands in case there is nothing to dump.

Change-Id: I0554556c9e442038aa2a1ed8c88234f21f7fe9b9
Signed-off-by: Andrew Yourtchenko <ayourtch@gmail.com>

acl-plugin: make the ACL plugin multicore-capable

Add the logic to be able to use stateful ACLs in a multithreaded setup.

Change-Id: I3b0cfa6ca4ea8f46f61648611c3e97b00c3376b6
Signed-off-by: Andrew Yourtchenko <ayourtch@gmail.com>

VPP-873: fix vector expansion bug in dispatch_pending_node

The main interior graph-node dispatch loop had a longstanding dangling
vector element reference:

for (i = 0; i < _vec_len (nm->pending_frames); i++)
   cpu_time_now = dispatch_pending_node (vm, nm->pending_frames + i,
                               cpu_time_now);

Passing a pointer to a vector element (nm->pending_frames + i) has
considerable comedic potential if there's any chance that the vector
could expand.

dispatch_pending_node() calls dispatch_node(), and indirectly any
interior graph node dispatch function. If that node happens to expand
nm->pending_frames by filling in a new frame, nm->pending_frames can
expand.

After calling the node dispatch function, dispatch_node() does the
following:

  nf = vec_elt_at_index (nm->next_frames, p->next_frame_index);

If nm->pending_frames expands during dispatch function execution, p is
a dangling reference to freed memory.

By luck, the TCP stack managed to allocate a fresh frame which
included "old-p," which caused p->next_frame_index to be filled with
the new-frame poison pattern 0xfefefefe.

This has been broken from day 1, summer 2007, first use of the
third-generation vector processing library.

Change-Id: Ideb6363bb060c4e8bf9b901882c318bd83853121
Signed-off-by: Dave Barach <dave@barachs.net>

VPP-872 and End.T function for SRv6

Fixes VPP-872 and adds support for End.T

Change-Id: I3c32cb6e412f37babe1abd293c0b6b49367fc2a9
Signed-off-by: Pablo Camarillo <pcamaril@cisco.com>

acl-plugin: fix coverity error in acl_test.c

Attempting to supply within a VAT CLI to add the ACLs a rule count
override with no rules to add would result in null pointer dereference
as we attempt to copy those rules to the message.
Add the check to avoid copy if the source pointer is null
(i.e. if there are no rules to copy from).
This commit fixes coverity errors 166797 and 166792.

Change-Id: Icabe060d961ba07dc41f63b8e17fca12ff82aa29
Signed-off-by: Andrew Yourtchenko <ayourtch@gmail.com>