Florin Coras [Thu, 8 Feb 2018 23:10:09 +0000 (15:10 -0800)]
session: support local sessions and deprecate redirects
Memfd backed shared memory segments can only be negotiated over sockets.
For such scenarios, the existing redirect mechanism that establishes
cut-through sessions does not work anymore as the two peer application
do not share such a socket.
This patch adds support for local sessions, as opposed to sessions
backed by a transport connection, in a way that is almost transparent to
the two applications by reusing the existing binary api messages.
Moreover, all segment allocations are now entirely done through the
segment manager valloc, so segment overlaps due to independent
allocations previously required for redirects are completely avoided.
The one notable characteristic of local sessions (cut-through from app
perspective) notification messages is that they carry pointers to two
event queues, one for each app peer, instead of one. For
transport-backed sessions one of the queues can be inferred but for
local session they cannot.
Change-Id: Ia443fb63e2d9d8e43490275062a708f039038175
Signed-off-by: Florin Coras <fcoras@cisco.com>
Neale Ranns [Wed, 14 Feb 2018 14:34:20 +0000 (06:34 -0800)]
VOM: build with plugins disabled
Change-Id: I1384d16deb3fa38b988dd2fc98f436124e381536
Signed-off-by: Neale Ranns <neale.ranns@cisco.com>
Mohsin Kazmi [Fri, 9 Feb 2018 13:34:20 +0000 (14:34 +0100)]
vppinfra: Remove empty file
Change-Id: I3908cc112b40d4bb52da18e7c3ac5ae0af455f87
Signed-off-by: Mohsin Kazmi <sykazmi@cisco.com>
Dave Wallace [Tue, 13 Feb 2018 21:14:06 +0000 (16:14 -0500)]
make-test: use api custom-dump to reduce log size.
- Reduce log size by using "api trace custom-dump" instead
of "api trace dump".
- Fix custom-dump output of cli_inband_t api message to include
cli command being executed.
New output:
DBGvpp# api trace custom-dump /tmp/test
vl_api_memclnt_delete_t:
index: 2
handle: 0x301d8e10
SCRIPT: memclnt_create name vpp_api_test
SCRIPT: sw_interface_dump all
SCRIPT: control_ping
SCRIPT: exec show run
Old output:
DBGvpp# api trace dump /tmp/test
---------- trace 0 -----------
vl_api_memclnt_delete_t:
index:
33554432
handle: 0x108e1d3000000000
---------- trace 1 -----------
vl_api_memclnt_create_t:
name: vpp_api_test
input_queue: 0x808e1d3000000000
context: 0
ctx_quota: 0
---------- trace 2 -----------
vl_api_sw_interface_dump_t:
_vl_msg_id: 61
client_index:
33554432
context: 0
name_filter_valid: 0
---------- trace 3 -----------
vl_api_control_ping_t:
_vl_msg_id: 712
client_index:
33554432
context: 0
---------- trace 4 -----------
vl_api_cli_inband_t:
_vl_msg_id: 715
client_index:
33554432
context: 0
length: 9
Change-Id: If740c861649a3a59b8cc7a777c23c3cf94b8ff87
Signed-off-by: Dave Wallace <dwallacelf@gmail.com>
Matthew Smith [Sat, 10 Feb 2018 03:04:08 +0000 (21:04 -0600)]
NAT44 out2in DHCP client next node
Call vnet_feature_next() for DHCP replies instead of using
default ip4-lookup. This allows DHCP replies to reach an
outside interface if it's configured as a DHCP client.
Change-Id: Icce1cd68b21256fcd6b1fad6792c06578b0e4e36
Signed-off-by: Matthew Smith <mgsmith@netgate.com>
Eyal Bari [Tue, 13 Feb 2018 13:17:17 +0000 (15:17 +0200)]
vxlan:remove interface recycle mechanism
vxlan interfaces no longer create tx nodes and are "cheap" to create and delete
Change-Id: I7628d8ce86ec88609ed08162c94f5bc95df0d9f4
Signed-off-by: Eyal Bari <ebari@cisco.com>
Matus Fabian [Thu, 8 Feb 2018 13:28:28 +0000 (05:28 -0800)]
NAT44: run NAT nodes after ACL (VPP-1160)
NAT input features run after acl-plugin-in-ip4-fa
NAT output features run after acl-plugin-out-ip4-fa
Change-Id: I1e4487a0d6fdb99a90b8db640d9ad0e0eb7347a5
Signed-off-by: Matus Fabian <matfabia@cisco.com>
Eyal Bari [Tue, 13 Feb 2018 09:50:58 +0000 (11:50 +0200)]
vnet:remove duplicate interface function macro
Change-Id: I0ee18df69d5fe833c746d0d1e14aac14338a6e42
Signed-off-by: Eyal Bari <ebari@cisco.com>
Klement Sekera [Tue, 13 Feb 2018 12:14:52 +0000 (13:14 +0100)]
BFD: make CLI consume only one line at a time
This makes it possible to add BFD commands to scripts executed via
`exec' CLI.
Change-Id: Id0ed6c09baee6f8ac9ff183d305a470f55a1f885
Signed-off-by: Klement Sekera <ksekera@cisco.com>
Mohsin Kazmi [Wed, 7 Feb 2018 19:20:36 +0000 (20:20 +0100)]
VOM: ACL: Add Object Model for acl ethertype
Change-Id: I2b572ebd4b7bb26381f127912a4cc0825c04fc34
Signed-off-by: Mohsin Kazmi <sykazmi@cisco.com>
Igor Mikhailov (imichail) [Mon, 12 Feb 2018 21:45:51 +0000 (13:45 -0800)]
Fix the order of RFC2685 fields in the output.
Also, output VSS info with names according to RFC6607 (3.5).
Change-Id: I27a383515aca1a74dced2363a0c407b2791e5f05
Signed-off-by: Igor Mikhailov (imichail) <imichail@cisco.com>
Matthew Smith [Sat, 10 Feb 2018 17:11:45 +0000 (11:11 -0600)]
Fix DHCP client crash with worker threads
Crash occurring With a worker thread configured and dhcp
client active on an interface. When a DHCP reply packet
is received, call to ethernet_get_main() from
dhcp_proxy_to_client_input() was causing a crash.
Replaced with a call to vnet_get_ethernet_main().
Once that was resolved, calling dhcp_client_acquire_address()
from a worker thread also caused a crash. Changed so the main
thread will do the address/route configuration.
Change-Id: Ib23984787102dea8cf6cfcde86188a751f15c1e1
Signed-off-by: Matthew Smith <mgsmith@netgate.com>
Marco Varlese [Mon, 12 Feb 2018 08:08:21 +0000 (09:08 +0100)]
SCTP: fix build errors on ubuntu bionic
Change-Id: I070771794be92fd9a6e800ca0022e52d592cd1a4
Signed-off-by: Marco Varlese <marco.varlese@suse.com>
Neale Ranns [Fri, 9 Feb 2018 14:05:16 +0000 (06:05 -0800)]
Improve MTU handling
- setting MTU on an interface updates the L3 max bytes too
- value cached in the adjacency is also updated
- MTU exceeded generates ICMP to sender
Change-Id: I343ec71d8e903b529594c4bd0543f04bc7f370b3
Signed-off-by: Neale Ranns <neale.ranns@cisco.com>
Eyal Bari [Thu, 8 Feb 2018 12:48:28 +0000 (14:48 +0200)]
dpdk:fix trace to follow feature arc
Change-Id: Icd2184dec16d30cdcc689ca37c834b5df2f0a1a3
Signed-off-by: Eyal Bari <ebari@cisco.com>
Marek Gradzki [Fri, 9 Feb 2018 12:39:22 +0000 (13:39 +0100)]
vppapigen: simplify JSON format for services
Use
"services": {
"foo_request": {
"reply": "foo_request_reply"
},
"foo_dump": {
"reply": "foo_details",
"stream": true
}
},
instead of:
"services": [
{
"foo_request": {
"reply": "foo_request_reply"
}
},
{
"foo_dump": {
"reply": "foo_details",
"stream": true
}
}
],
Change-Id: I1d8e6bb4d41541b7f7f63242935f2ed4467fc52b
Signed-off-by: Marek Gradzki <mgradzki@cisco.com>
Dave Wallace [Thu, 8 Feb 2018 02:00:42 +0000 (21:00 -0500)]
LD_PRELOAD: Refactor nomenclature (vcom -> ldp).
Change-Id: Id3891fe2873b631f8f69c1ca2905968130678561
Signed-off-by: Dave Wallace <dwallacelf@gmail.com>
Steve Shin [Fri, 9 Feb 2018 06:39:02 +0000 (22:39 -0800)]
acl-plugin: Stale classify table after deleting macip ACL
Classify table for output node should be cleaned up
after deleting macip ACL.
Change-Id: Ibbc46c8465bec02fe6fa6a8d33a1f06bcf28e9ad
Signed-off-by: Steve Shin <jonshin@cisco.com>
Neale Ranns [Mon, 5 Feb 2018 09:13:38 +0000 (01:13 -0800)]
GBP plugin
Group Base Policy (GBP) defines:
- endpoints: typically a VM or container that is connected to the
virtual switch/router (i.e. to VPP)
- endpoint-group: (EPG) a collection of endpoints
- policy: rules determining which traffic can pass between EPGs a.k.a
a 'contract'
Here, policy is implemented via an ACL.
EPG classification for transit packets is determined by:
- source EPG: from the packet's input interface
- destination EPG: from the packet's destination IP address.
Change-Id: I7b983844826b5fc3d49e21353ebda9df9b224e25
Signed-off-by: Neale Ranns <neale.ranns@cisco.com>
Chun Li [Wed, 7 Feb 2018 01:58:28 +0000 (09:58 +0800)]
ip4_forward: set pkt error in case potential memory corrupt
Change-Id: Ib9eb65d2ba166f5883a8ce8d37298c696113f2be
Signed-off-by: Chun Li <chunl2@cisco.com>
Chun Li [Tue, 6 Feb 2018 07:17:20 +0000 (15:17 +0800)]
memif: fix crash caused by zero pkt len in memif and clear dirty cache while interface reconnect.
Change-Id: Ifc7eb2494a22c334d8899422545fca1a4bba4d05
Signed-off-by: Chun Li <chunl2@cisco.com>
Andrew Yourtchenko [Thu, 8 Feb 2018 20:45:08 +0000 (21:45 +0100)]
classifier-based ACL: testcases for L2 ACLs + fix the enabling of outbound L2 ACL
There was no test coverage for the L2 ACL (other than indirect by
means of ACL plugin tests), so the enabling of the outbound ACL
got fumbled throughout the revisions of the refactoring.
Fix both issues - the error and the lack of test coverage for L2 ACL.
Change-Id: Ib7f42780ef84b4a4f70bd88d7319aeeda866cf06
Signed-off-by: Andrew Yourtchenko <ayourtch@gmail.com>
Gabriel Ganne [Thu, 8 Feb 2018 10:22:33 +0000 (11:22 +0100)]
Geneve - reduce unit-test run time
Reduce the number of tunnels created/destroyed to reduce the load of the tests
without changing the code covered.
These are functional tests, not performance tests.
This reduced the test time down to 10s from 4 minutes on my machine.
Change-Id: Ifcaddc0b0628a21392c5cb247196f56bc28a53a2
Signed-off-by: Gabriel Ganne <gabriel.ganne@enea.com>
Damjan Marion [Thu, 8 Feb 2018 18:49:22 +0000 (19:49 +0100)]
virtio: reset vnet header on tx
Change-Id: Ib04a8787038fb536470a04d99fdc165102edfb5a
Signed-off-by: Damjan Marion <damarion@cisco.com>
Haiyang Tan [Tue, 6 Feb 2018 16:16:48 +0000 (11:16 -0500)]
vhostuser: Fix vhostuser file descriptor leak
In the case that vhostuser server accepted more than one client connection,
'vui->clib_file_index' will be overwritten directly without release the possible
existed resource, so file descriptor leak occurs
Change-Id: I89d08133dae31a12a815df2631334dbf0aefeb1e
Signed-off-by: Haiyang Tan <haiyang.tan.dev@gmail.com>
Gabriel Ganne [Tue, 5 Dec 2017 16:33:37 +0000 (17:33 +0100)]
add CLIB_HAVE_VEC128 with NEON intrinsics (VPP-1127)
Enable CLIB_HAVE_VEC128 if both aarch64 and __ARM_NEON
ie. armv8 only, not armv7
Add more neon compare intrinsics wrappers.
I only add simple intrinsics wrappers. More complex ones can be added
later as they are needed, with performance tests on the corresponding
feature to back them up.
Remove wrongly added 128bits definitions defined on both armv7 and armv8
without concern for NEON instructions presence.
Notable correspondinf code activations:
* MHEAP_FLAG_SMALL_OBJECT_CACHE in mheap.c
* ip4 fib mtrie leaves access
* enable ixge plugin compilation for aarch64
(conf still disables it by default)
Change-Id: I99953823627bdff6f222d232c78aa7b655aaf77a
Signed-off-by: Gabriel Ganne <gabriel.ganne@enea.com>
Andrew Yourtchenko [Tue, 6 Feb 2018 16:42:32 +0000 (17:42 +0100)]
acl-plugin: add whitelisted ethertype mode (VPP-1163)
Currently, ACL plugin largely does not care about the
ethertypes other than 0x0800 (IPv4) and 0x86dd (IPv6),
the only exception being 0x0806 (ARP), which is
dealt with by the MACIP ACLs.
The other ethertypes in L2 mode are just let through.
This adds a new API message acl_interface_set_etype_whitelist,
which allows to flip the mode of a given interface
into "ethertype whitelist mode": the caller of this message
must supply the two lists (inbound and outbound) of the ethertypes
that are to be permitted, the rest of the ethertypes are
dropped.
The whitelisting for a given interface and direction takes
effect only when a policy ACL is also applied.
This operates on the same classifier node as the one used for
dispatching the policy ACL, thus, if one wishes for most of the
reasonable IPv4 deployments to continue to operate within
the whitelist mode, they must permit ARP ethertype (0x0806)
The empty list for a given direction resets the processing
to allow the unknown ethertypes. So, if one wants to just
permit the IPv4 and IPv6 and nothing else, one can add
their ethertypes to the whitelist.
Add the "show acl-plugin interface" corresponding outputs
about the whitelists, vat command, and unittests.
Change-Id: I4659978c801f36d554b6615e56e424b77876662c
Signed-off-by: Andrew Yourtchenko <ayourtch@gmail.com>
Marco Varlese [Wed, 7 Feb 2018 11:22:41 +0000 (12:22 +0100)]
SCTP: shutdown phase
This patch addresses some bugs discovered with the shutdown phase which
were causing the actual chunks not to leave the output_node.
While fixing the issue some minor refactoring was also performed to
align the internal functions to a 'common' design.
Change-Id: Ieac4f6e78cffad2e6982536f8e9f190a66f328f7
Signed-off-by: Marco Varlese <marco.varlese@suse.com>
Dave Wallace [Wed, 7 Feb 2018 23:14:02 +0000 (18:14 -0500)]
VCL: remove vrf from vppcom api.
Change-Id: I6d91c8051de786fb8781cd0750ea9c350036b306
Signed-off-by: Dave Wallace <dwallacelf@gmail.com>
Dave Barach [Wed, 7 Feb 2018 18:14:06 +0000 (13:14 -0500)]
Minimize bihash memory consumption
Reference-count the number of entries in each bucket. If the reference
count goes to zero, free the backing store.
Add long-term churn-testing to test_bihash_template.c, thanks to
Andrew Yourtchenko for the initial implementation.
Change-Id: I4fbd9229cacfaba8027a85cbf87b74afdead6e39
Signed-off-by: Dave Barach <dave@barachs.net>
Andrew Yourtchenko [Thu, 18 Jan 2018 07:07:05 +0000 (08:07 +0100)]
acl-plugin: VPP-1088: add support for egress filter in macip ACLs
This is the second patch, using the new functionality from the change 10002
in order to implement the egress filtering on the MACIP ACLs.
This adds an action "2" which means "add also egress filtering rules for this
MACIP ACL.
The reason for having the two choices is that the egress filtering really takes
care of a fairly corner case scenario, and I am not convinced that
always adding the performance cost of the egress lookup check is worth it.
Also, of course, not breaking the existing implementations is a nice plus,
too.
Change-Id: I3d7883ed45b1cdf98d7303771bcc75951dff38f0
Signed-off-by: Andrew Yourtchenko <ayourtch@gmail.com>
Andrew Yourtchenko [Mon, 5 Feb 2018 16:27:57 +0000 (17:27 +0100)]
acl-plugin: an elog-based tracing implementation for troubleshooting the conn cleaner threads interactions
This replaces some of the early-stage commented-out printf()s with
an elog-based debug collector.
It is aimed to be "better than nothing" initial implementation to be available
in the field. It will be refined/updated based on use. This initial code
is focused on the main/worker threads interactions, hence uses just
the worker tracks.
This code adds a developer debug CLI "set acl-plugin session table event-trace 1",
which allows to gather the events pertaining to connection cleaning.
The CLI is deliberately not part of the online help, as the express
declaration that the semantics/trace levels, etc. are subject to change
without notice.
Change-Id: I3536309f737b73e50639cd5780822dcde667fc2c
Signed-off-by: Andrew Yourtchenko <ayourtch@gmail.com>
Vijayabhaskar Katamreddy [Tue, 23 Jan 2018 21:39:40 +0000 (13:39 -0800)]
ip: move lookup inline functions to header file
Needed to allow other code paths to reuse them.
Change-Id: I9e469527c6b2e9a6fec7af5f17d8b400a2e85826
Signed-off-by: Vijayabhaskar Katamreddy <vkatamre@cisco.com>
Keith Burns (alagalah) [Wed, 7 Feb 2018 21:20:28 +0000 (13:20 -0800)]
Fix bug with glibc epoll fd
Change-Id: I0b8ebe2c47fdd1e23a91723a7b454a0c1c8b996e
Signed-off-by: Keith Burns (alagalah) <alagalah@gmail.com>
Keith Burns (alagalah) [Tue, 6 Feb 2018 15:14:41 +0000 (07:14 -0800)]
Update gitignore for cmake
Change-Id: Icd50432a60e194c0526a7d28b93e99ceb6f2013b
Signed-off-by: Keith Burns (alagalah) <alagalah@gmail.com>
Jon Loeliger [Thu, 1 Feb 2018 22:36:12 +0000 (16:36 -0600)]
VXLAN: Allow user to specify a custom vxlan tunnel instance id.
If one is not selected by the user, the next available id
will be allocated, thus maintaining backward compatibility.
Change-Id: I4691ed0638b8072f9cfa9f20b9fe4f981e708800
Signed-off-by: Jon Loeliger <jdl@netgate.com>
Andrew Yourtchenko [Wed, 7 Feb 2018 15:21:48 +0000 (16:21 +0100)]
acl-plugin: multicore: send the interrupts to thread0 too
The thread0 in some configurations can handle the traffic.
Some of the previous fixes accomodated for that, but
the interrupt sending for connection clearing
was not adapted to that, resulting in a deadlock
during clearing of all connections...
Change-Id: I32b4c7bac09c91c22b796baab843bdaf41f7045c
Signed-off-by: Andrew Yourtchenko <ayourtch@gmail.com>
Nitin Saxena [Wed, 7 Feb 2018 11:32:00 +0000 (11:32 +0000)]
vhost: Added ARMV8 NEON version of function map_guest_mem()
(VPP-1085)
The NEON implementation searches particular address in
VHOST_MEMORY_MAX_NREGIONS regions. Searching two regions at a
time.
Change-Id: Icc3c6746bc98e3a1fa71424e51b64f62efbfdc74
Signed-off-by: Nitin Saxena <nitin.saxena@cavium.com>
Pierre Pfister [Wed, 7 Feb 2018 14:48:21 +0000 (15:48 +0100)]
af_packet: Fix lock position
In multi-worker cases, af-packet tx was subject to a pretty
serious race condition as the device lock was obtained
after some queue values were read from queue.
Result could go from packet loss to queue inconsistency, leading
to tx being stuck for 'some time'.
The fix is really simple. Finding the problem was not...
Change-Id: Ib18967b7459a8609428a56de934c577cea87b165
Signed-off-by: Pierre Pfister <ppfister@cisco.com>
Andrew Yourtchenko [Wed, 7 Feb 2018 10:37:02 +0000 (11:37 +0100)]
classifier-based ACL: refactor + add output ACL
For implementation of MACIP ACLs enhancement (VPP-1088), an outbound
classifier-based ACL would be needed. There was an existing incomplete
code for outbound ACLs, it looked almost exact copy of input ACLs, minus
the various enhancements, trying to sync that code seemed error-prone
and cumbersome to maintain in the longer run.
This change refactors the input+output ACLs processing into a unified
routine (thus any changes will have effect on both), and also adds
the API to set the output interface ACL, with the same format
and semantics as the existing input one (except working on output
ACL of course).
WARNING: IP outbound ACL in L3 mode clobbers the ip.* fields
in the vnet_buffer_opaque_t, since the code is using l2_classify.*
The net_buffer (p0)->ip.save_rewrite_length is rescued into
l2_classify.pad.l2_len, and used to rewind the header in case of
drop, so that ipX_drop prints something sensible.
Change-Id: I62f814f1e3650e504474a3a5359edb8a0a8836ed
Signed-off-by: Andrew Yourtchenko <ayourtch@gmail.com>
Damjan Marion [Thu, 1 Feb 2018 14:30:13 +0000 (15:30 +0100)]
Refactor vlib_buffer flags
Change-Id: I853386aebfe488ebb10328435b81b6e3403c5dd0
Signed-off-by: Damjan Marion <damarion@cisco.com>
Marco Varlese [Tue, 6 Feb 2018 16:31:06 +0000 (17:31 +0100)]
SCTP: address coverity-scan warnings
Change-Id: Iba7c398a398e24b96eb536bbcefa841bd153a205
Signed-off-by: Marco Varlese <marco.varlese@suse.com>
Chun Li [Wed, 7 Feb 2018 01:51:35 +0000 (09:51 +0800)]
libmemif: cleanup queue info while memif connecting
Change-Id: I4265fd0606f87f80f43f7f59ced1c3a73de82776
Signed-off-by: Chun Li <chunl2@cisco.com>
Damjan Marion [Tue, 6 Feb 2018 18:29:35 +0000 (19:29 +0100)]
Fix clang -Wvarargs compile errors
error: passing an object that undergoes default argument promotion to
'va_start' has undefined behavior [-Werror,-Wvarargs]
Change-Id: Id342beea916ec73e29e399087532caecfa19055f
Signed-off-by: Damjan Marion <damarion@cisco.com>
Damjan Marion [Tue, 6 Feb 2018 18:01:28 +0000 (19:01 +0100)]
Fix clang implicit conversion errors
Change-Id: I1771a1cca2a4bc394677b2a18f14c47f0633fa77
Signed-off-by: Damjan Marion <damarion@cisco.com>
Damjan Marion [Fri, 19 Jan 2018 19:56:12 +0000 (20:56 +0100)]
vlib: epoll on worker threads
This patch teaches worer threads to sleep and to be waken up by
kernel if there is activity on file desctiptors assigned to that thread.
It also adds counters to epoll file descriptors and new
debug cli 'show unix file'.
Change-Id: Iaf67869f4aa88ff5b0a08982e1c08474013107c4
Signed-off-by: Damjan Marion <damarion@cisco.com>
Marco Varlese [Tue, 6 Feb 2018 12:48:30 +0000 (13:48 +0100)]
SCTP: handling of heartbeating and max-retransmits
This patch address the need to send/receive heartbeats between peers.
At the same time, the number of unacked heartbeats is tracked and when
the peer requests to send DATA to the remote-peer the value of unacked
heartbeats needs to be checked against the maximum value allowed for
retransmissions. If the unacked heartbeats value is higher then the
remote-peer is considered unreachable and the connetion needs to be
shutdown.
Change-Id: I2b1a21c26775e734dbe82486f40982ed5702dc63
Signed-off-by: Marco Varlese <marco.varlese@suse.com>
Klement Sekera [Tue, 6 Feb 2018 12:26:14 +0000 (13:26 +0100)]
make test: don't test/set parameters in docker
Do not set UDS related system parameters if DOCKER_TEST is set to "True"
as docker environment doesn't contain the necessary /proc/... entries.
Change-Id: Id85e4512c7bba6b3feb6e6fd1fbe1e05aa10a341
Signed-off-by: Klement Sekera <ksekera@cisco.com>
Neale Ranns [Wed, 31 Jan 2018 19:35:41 +0000 (11:35 -0800)]
BIER: fix support for longer bit-string lengths
Change-Id: I2421197b76be58099e5f8ed5554410adff202109
Signed-off-by: Neale Ranns <neale.ranns@cisco.com>
Dave Wallace [Tue, 6 Feb 2018 01:03:01 +0000 (20:03 -0500)]
VCL: Fix type in trace output.
Change-Id: I7834e676c23a697a12a6e06111c68450ba787fc9
Signed-off-by: Dave Wallace <dwallacelf@gmail.com>
Marco Varlese [Tue, 6 Feb 2018 08:01:39 +0000 (09:01 +0100)]
SCTP: missing spinlock init when multiple threads
When the number of threads results being more than 1, the spinlock
structure requires to be initialized otherwise subsequent calls to
the "lock" API (clib_spinlock_lock_if_init) would result in a void
operation.
Change-Id: Ia268c4687252e41962bb3f1217f0a849d8c40385
Signed-off-by: Marco Varlese <marco.varlese@suse.com>
Steve Shin [Tue, 6 Feb 2018 00:44:19 +0000 (16:44 -0800)]
Reflexive ACL support on ICMP
Normally session keys are generated by mirroring the packets sent.
ICMP message type should be used and inverted for the stateful ACL.
Supported ICMP messages with this patch:
- ICMPv4: Echo/Timestamp/Information/Address Mask requests
- ICMPv6: Echo request/Node Information Queury
The invmap & valid_new tables can be modified to make any other
ICMP messages to be reflexive ACL.
Change-Id: Ia47b08b79fe0a5b1f7a995af78de3763d275dbd9
Signed-off-by: Steve Shin <jonshin@cisco.com>
Igor Mikhailov (imichail) [Mon, 5 Feb 2018 20:09:36 +0000 (12:09 -0800)]
Provide page-aligned length to ftruncate.
For some files such as hugepages files, ftruncate() fails with the error
"Invalid argument" if the 'length' parameter is not on a page boundary.
Change-Id: I42a9cde98707da15e3c5d1653046e2277fc7a424
Signed-off-by: Igor Mikhailov (imichail) <imichail@cisco.com>
Florin Coras [Wed, 31 Jan 2018 14:52:17 +0000 (06:52 -0800)]
session: segment manager refactor
- use valloc as a 'central' segment baseva manager
- use per segment manager segment pools and use rwlocks to guard them
- add session test that exercises segment creation
- embed segment manager properties into application since they're shared
- fix rw locks
Change-Id: I761164c147275d9e8a926f1eda395e090d231f9a
Signed-off-by: Florin Coras <fcoras@cisco.com>
Matus Fabian [Mon, 5 Feb 2018 10:57:47 +0000 (02:57 -0800)]
NAT64: Run nat64-expire-worker-walk only when NAT64 is configured (VPP-1162)
Change-Id: Ic5e8d74bf5ac84cce5661de44778c89541c67636
Signed-off-by: Matus Fabian <matfabia@cisco.com>
Dave Barach [Mon, 5 Feb 2018 14:45:43 +0000 (09:45 -0500)]
Fix ip4/6_reass_main.ip4/6_reass_expire_node_idx used before set
Add an ASSERT to vlib_process_signal_event_helper to catch future
instances of passing node_index = 0 to vlib_process_signal_event().
Change-Id: Iec896fc7c3917feb2fd3198cea42851ba88e64e5
Signed-off-by: Dave Barach <dave@barachs.net>
Marco Varlese [Fri, 2 Feb 2018 16:17:51 +0000 (17:17 +0100)]
SCTP: calculate RTO / RTT and RTTVAR as per RFC
This patch addresses the need to calculate the RTO / RTT and RTTVAR
according to the rules depicted by the RFC4960 at section 6.3.1
Change-Id: I1d346f3c67610070b3f602f32c7738d58b99ffed
Signed-off-by: Marco Varlese <marco.varlese@suse.com>
Haiyang Tan [Sat, 20 Jan 2018 09:48:53 +0000 (04:48 -0500)]
vhost_user: code cleanup
1. Replace the magic number '-1' with MAP_FAILED
2. On x86 platform, QEMU uses vhostuser required the memory back-end is file based,
the file could be tmpfs(4K page size) or hugetlbfs(2M or 1G page size)
Change-Id: If1818cb6833728d641f68e4d4a3bc645e70f2ee6
Signed-off-by: Haiyang Tan <haiyang.tan.dev@gmail.com>
Klement Sekera [Fri, 2 Feb 2018 15:17:55 +0000 (16:17 +0100)]
IP reassembly: workaround coverity warnings
Change-Id: Ide577f036d9d8dcedd99cdb4666a0eaf8a19b92e
Signed-off-by: Klement Sekera <ksekera@cisco.com>
Keith Burns (alagalah) [Fri, 2 Feb 2018 16:21:56 +0000 (08:21 -0800)]
Clean up for vcl.am, making vppcom.h C++ aware
Change-Id: I2548ebd37e16bed50b5c8046b728415a341413e3
Signed-off-by: Keith Burns (alagalah) <alagalah@gmail.com>
Florin Coras [Tue, 30 Jan 2018 11:21:32 +0000 (03:21 -0800)]
lisp-cp: fix handling of ndp without source link addr VPP-1159
Change-Id: Idddb60bbc7fcc701d39212f6422a6b2f6dc75221
Signed-off-by: Florin Coras <fcoras@cisco.com>
(cherry picked from commit
cba3675fabe618194bf80a9de0e9c53b89a541ca)
Klement Sekera [Fri, 2 Feb 2018 10:27:53 +0000 (11:27 +0100)]
make test: use random seed
This fixes a constant setting of random seed forgotten from testing.
Change-Id: Ie3c4db8bb2b4b73ba33de1ffc02cb563391fd31c
Signed-off-by: Klement Sekera <ksekera@cisco.com>
Neale Ranns [Thu, 25 Jan 2018 15:28:19 +0000 (07:28 -0800)]
VOM: route-domain find() fix
Change-Id: I5b7117f3568e3ba979baa15521b2cfc180abb682
Signed-off-by: Neale Ranns <neale.ranns@cisco.com>
Florin Coras [Mon, 29 Jan 2018 13:11:24 +0000 (05:11 -0800)]
vlmemory/svm: fix client detach from svm region
Clients cannot know at svm region detach time if the shm backing files
have been recreated (e.g., if vpp restarts) and therefore should not try
to unlink them. Otherwise, terminating clients attached to previous
instantiations of a re-allocated region end up making the new instance
un-mappable by removing its backing file.
Change-Id: Idcd0cab776e63fd75b821bc9f0fac58217b9ccbe
Signed-off-by: Florin Coras <fcoras@cisco.com>
Dave Wallace [Thu, 25 Jan 2018 19:27:54 +0000 (14:27 -0500)]
Add link to 18.01 test framework documentation.
Change-Id: I030602391ea3b612ac9a6780399cc30b427cc3a5
Signed-off-by: Dave Wallace <dwallacelf@gmail.com>
(cherry picked from commit
92b15bcea4c6c5e62415a8207463eb9a897630c6)
Dave Wallace [Wed, 24 Jan 2018 14:37:59 +0000 (09:37 -0500)]
Update 18.01 Release Notes
Change-Id: Id2f13c59c6f4e7bc79f6e77d6dab752bf6dfb06a
Signed-off-by: Dave Wallace <dwallacelf@gmail.com>
(cherry picked from commit
a1a382bb2bc2fbf6bf947a24a263fefbe32497e7)
Neale Ranns [Thu, 11 Jan 2018 17:02:01 +0000 (09:02 -0800)]
vlib_buffer_clone: allow client to request the maximum number of clones; 256
Change-Id: Id96dc5d86719546268b50a9999a06387d2d9075c
Signed-off-by: Neale Ranns <neale.ranns@cisco.com>
Hongjun Ni [Tue, 23 Jan 2018 11:17:23 +0000 (19:17 +0800)]
Add L3DSR feature in LB plugin
L3DSR is used to overcome Layer 2 limitations
of Direct Server Return Load Balancing.
It maps VIP to DSCP bits, and reuse TOS bits to transfer it
to server, and then server will get VIP from DSCP-to-VIP mapping.
Please refer to https://www.nanog.org/meetings/nanog51/presentations/Monday/NANOG51.Talk45.nanog51-Schaumann.pdf
Change-Id: I403ffeadfb04ed0265086eb2dc41f2e17f8f34cb
Signed-off-by: Hongjun Ni <hongjun.ni@intel.com>
Marco Varlese [Wed, 31 Jan 2018 10:00:01 +0000 (11:00 +0100)]
Out-of-order data chunks handling and more
This patch addresses the need to handle out-of-order data chunks
received by a peer. To do that effectively, we had to add the handling
of data chunks flags (E/B/U bit) to understand whether the stream is
fragmenting user-message data and in that case if a fragment is the
FIRST/MIDDLE/LAST one of a transmission.
The same patch also addresses the security requirement to have a HMAC
calculated and incorporated in the INIT_ACK and COOKIE_ECHO chunks. The
algorithm used is the HMAC-SHA1.
Change-Id: Ib6a9a80492e2aafe5c8480d6e02da895efe9f90b
Signed-off-by: Marco Varlese <marco.varlese@suse.com>
Klement Sekera [Wed, 20 Sep 2017 06:26:30 +0000 (08:26 +0200)]
IPv4/6 reassembly
Change-Id: Ic5dcadd13c88b8a5e7896dab82404509c081614a
Signed-off-by: Klement Sekera <ksekera@cisco.com>
Jon Loeliger [Thu, 1 Feb 2018 18:10:40 +0000 (12:10 -0600)]
vxlan: Lookup FIB in either IPv4 or IPv6 families.
Prior to this commit, the VXLAN "create" API assumed
the vrf_id belonged to only the IPv4 FIB tables space.
With this commit, the FIB table is found in either the
IPv4 or IPv6 table as determined by the is_ipv6 flag.
This follows the same pattern that was already being
done in the CLI code for the VXLAN "create" command.
Change-Id: I35d5e37db24efa858e4696dc2c004fa64bb4a4a8
Signed-off-by: Jon Loeliger <jdl@netgate.com>
Jon Loeliger [Thu, 1 Feb 2018 17:19:29 +0000 (11:19 -0600)]
FIB: Consolidate several copies of fib_ip_proto() into one.
Rather than having multiple copies of the same function
scattered around, promote the function into the FIB
PROTOCOL definitions in fib_types.h.
Change-Id: I11c4d85931167d3a5f3dc1278afecc8845b23cd7
Signed-off-by: Jon Loeliger <jdl@netgate.com>
Steven [Thu, 1 Feb 2018 17:17:17 +0000 (09:17 -0800)]
tcp: tcp_output.c failed to compile when VLIB_BUFFER_TRACE_TRAJECTORY is enabled
Fixed a typo in tcp_push_header(). The typo only kicks in when the macro
VLIB_BUFFER_TRACE_TRAJECTORY is enabled.
Change-Id: I62832a4932ec5b14e3063d5eac113780851aae59
Signed-off-by: Steven <sluong@cisco.com>
Eyal Bari [Sun, 28 Jan 2018 07:11:50 +0000 (09:11 +0200)]
dpdk:fix typo in prefetch sequence
Change-Id: I7110436626352d45ffe0ca71fb88dea2c77ab639
Signed-off-by: Eyal Bari <ebari@cisco.com>
Pierre Pfister [Fri, 12 Jan 2018 08:41:16 +0000 (09:41 +0100)]
Add flowhash hash table to vppinfra
This hash table intends to provide an alternative to the widely
used bihash table in places where either:
- Hash entry timeout is required
- The hash table data does not fit in CPU cache
Although the bihash table is very fast, each lookup requires
accessing two cache lines in a serialized fashion. It works fine
when the hash table is in cache, but hits a wall when it does not.
The 'flowhash' table uses a simplified design (at the cost of a
less good bucket auto-scaling) where each access only requires
a single memory lookup (in the absence of collision). The hash
table also uses a reduced number of registers.
In practice, a VPP node implementing a stateful feature would
typically:
- prefetch buffer metadata (in-cache)
- prefetch packet header (in-cache)
- compute hash & prefetch hash bucket (possibly in RAM)
- read/write key and value from bucket
Using this hash table, it is possible to pipeline accesses in a way
that does not exhaust CPU's line field buffers, even when the
requested value is located in RAM (i.e. not in cache).
Measurements showed it was possible to scale to tens of millions
of flows (with a full 5-tuple matching and 32B value, i.e. 1
cache line per flow) with no performance degradation when
the hash table grows to the point it doesn't fit in cache anymore.
I have used this table in a couple of non-open-sourced projects,
but think it might be useful to lb, nat, and possibly other VPP
subsystems.
More information in the .h file.
Change-Id: I2b13dde0eabd868b75da1cedbfca0bf74d705102
Signed-off-by: Pierre Pfister <ppfister@cisco.com>
Francois Clad [Wed, 31 Jan 2018 13:46:45 +0000 (14:46 +0100)]
srv6-ad: fixing coverity issues
Change-Id: Ica6d8dd773bb3b478f1c7e40d59dfbdd4b588b85
Signed-off-by: Francois Clad <fclad@cisco.com>
Francois Clad [Wed, 31 Jan 2018 15:45:25 +0000 (16:45 +0100)]
srv6-as: fixing coverity issues
Change-Id: I911e09aadd3df1123634fd97098920f107f9a2fc
Signed-off-by: Francois Clad <fclad@cisco.com>
Damjan Marion [Wed, 31 Jan 2018 19:03:18 +0000 (20:03 +0100)]
Fix VNET_BUFFER_F_SPAN_CLONE flag
Change-Id: I670e41bcfc61a45555431603c937f8dad4d165e9
Signed-off-by: Damjan Marion <damarion@cisco.com>
Jon Loeliger [Wed, 31 Jan 2018 15:45:11 +0000 (09:45 -0600)]
RPMS: Also install C.py, JSON.py for vppapipgen.
When building plugins outside of the VPP tree, the vppapigen
tool requires the use of the C.py / JSON.py code. To that end,
install it in /usr/share/vpp as referenced.
Change-Id: I457d58e7bde7140c7811fa0a93b4f44d1310784a
Signed-off-by: Jon Loeliger <jdl@netgate.com>
Steven [Tue, 30 Jan 2018 04:09:09 +0000 (20:09 -0800)]
vlib: allocating buffers on thread-x and freeing them on thread-y causes
a crash on debug image (VPP-1151)
In debug image, there is extra code to validate the buffer when it is
freed. It uses the hash table to lookup the buffer index with spinlock
to prevent contention. However, there is one spinlock for each worker
thread. So allocating the buffer on thread-x and freeing the same buffer
on thread-y causes the validation to fail on thread-y. The fix is to
have only one spinlock, stored in vlib_global_main.
Change-Id: Ic383846cefe84a3e262255afcf82276742f0f62e
Signed-off-by: Steven <sluong@cisco.com>
(cherry picked from commit
a7effa1b072463f12305a474f082aeaffb7ada4b)
Neale Ranns [Tue, 30 Jan 2018 17:02:20 +0000 (09:02 -0800)]
Improved tracing for the IP[46] not-enabled case.
now we get
00:00:03:665501: pg-input
...
00:00:03:665681: ethernet-input
...
00:00:03:665691: ip6-input
UDP: 2001::1 -> ffef::1
tos 0x00, flow label 0x0, hop limit 64, payload length 108
UDP: 1234 -> 1234
length 108, checksum 0x7b25
00:00:03:665695: ip6-not-enabled
UDP: 2001::1 -> ffef::1
tos 0x00, flow label 0x0, hop limit 64, payload length 108
UDP: 1234 -> 1234
length 108, checksum 0x7b25
00:00:03:665706: error-drop
ethernet-input: no error
Same goes for IPv4
Change-Id: Ia360df39b43281d3a0aa1b686f04b73cfa37c546
Signed-off-by: Neale Ranns <nranns@cisco.com>
Matus Fabian [Mon, 22 Jan 2018 11:41:53 +0000 (03:41 -0800)]
NAT66 1:1 mapping (VPP-1108)
Support the 1:1 translation of source address for IPv6
Change-Id: I934d18e5ec508bf7422d796ee5f172b79c048011
Signed-off-by: Matus Fabian <matfabia@cisco.com>
Matus Fabian [Tue, 30 Jan 2018 11:04:17 +0000 (03:04 -0800)]
NAT44: in2out output feature skip translation for already translated packets (VPP-1156)
Change-Id: I5395245c9e49f741a949ada1f725c34f9379c249
Signed-off-by: Matus Fabian <matfabia@cisco.com>
Matus Fabian [Wed, 31 Jan 2018 13:50:21 +0000 (05:50 -0800)]
NAT44: Delete dynamic sessions matching new 1:1NAT (VPP-1158)
Change-Id: Ib99b597502b8335e57ecfa122b12e2e5aa45ee1a
Signed-off-by: Matus Fabian <matfabia@cisco.com>
Matus Fabian [Wed, 31 Jan 2018 09:13:23 +0000 (01:13 -0800)]
NAT44: nat44_static_mapping_details protocol=0 if addr_only=0 (VPP-1158)
Change-Id: I1e3cfc751e7657464fc850dc56ddf763df45f62e
Signed-off-by: Matus Fabian <matfabia@cisco.com>
Marco Varlese [Fri, 26 Jan 2018 15:50:01 +0000 (16:50 +0100)]
Prep-work patch for congestion-control
This patch addresses the missing field in various data-structures to
track valuable information to implement the congestion-control
algorithms and manage sub-connections states.
It adds the possibility to queue up to 2 SACKs chunks when the connection
is not gapping.
At the same time, it pushes some variable/field renaming for better
readibility.
Change-Id: Idcc53512983456779600a75e78e21af078e46602
Signed-off-by: Marco Varlese <marco.varlese@suse.de>
Dave Barach [Tue, 30 Jan 2018 19:12:31 +0000 (14:12 -0500)]
Compile valloc.c, install header file, etc.
Change-Id: Ibc252d9ed595be955790ec1c97d8730e43ad89b2
Signed-off-by: Dave Barach <dave@barachs.net>
Billy McFall [Mon, 15 Jan 2018 22:54:52 +0000 (17:54 -0500)]
VPP-899: Run VPP under SELinux
Add an SELinux profile such that VPP can run under SELinux on RPM based
platforms. The SELinux Policy is currently only implemented for RPM
packages, specifically, Fedora, CentOS and RHEL. Doxygen User
Documentation has been included (selinux_doc.md). Once some discussion
on file locations has completed (see vpp-devlist), updates to the Debug
CLI documentation will also need to be updated.
Additional changes:
Patch Set 2:
- Rework selinux_doc.md such that each line is only 80 characters
instead of each sentence on a line. Made additonal minor chnages
to the text.
- Update vHost Debug CLI documentation to reflex new socket location.
Cleaned up some text from when I originally wrote it, to better
reflex proper use.
- Update exec Debug CLI documentation to be more inline with suggested
helptext, added text regarding recommended script file location.
- For Debian builds, create the /var/log/vpp/ directory. I don't use
Debian very much, so please pay extra attention to
build-data/platforms.mk and build-root/deb/debian/.gitignore.
- Per discussion on VPP call, changed the default log location to
/var/log/vpp/vpp.log.
- Changed the socket location for vHost in AutoConfig to
/var/run/vpp/.
Patch Set 3:
- Update selinux_doc.md based on comments.
Change-Id: I400520dc33f1ca51012d09ef8fe5a7b7b96c631e
Signed-off-by: Billy McFall <bmcfall@redhat.com>
Brian Brooks [Tue, 9 Jan 2018 22:39:07 +0000 (16:39 -0600)]
Arm system counter cleanup
Add some description and cleanup code that uses Arm system counter.
Change-Id: Ie1fe00e3e4b5d98867617b7b0184ac526e333c53
Signed-off-by: Brian Brooks <brian.brooks@arm.com>
Matus Fabian [Mon, 29 Jan 2018 10:46:25 +0000 (02:46 -0800)]
NAT: add missing CLI and API documentation (VPP-1142)
Change-Id: I4e93595665b8d0e373c4df27311c27a51222961c
Signed-off-by: Matus Fabian <matfabia@cisco.com>
Matus Fabian [Fri, 26 Jan 2018 13:07:23 +0000 (05:07 -0800)]
NAT: replace format_vnet_sw_interface_name with format_vnet_sw_if_index_name (VPP-1149)
Avoid crash when interface was deleted.
Change-Id: I2ac3031c13ca5ad3360495e1c4cb90b0002be5ff
Signed-off-by: Matus Fabian <matfabia@cisco.com>
Neale Ranns [Mon, 29 Jan 2018 18:43:33 +0000 (10:43 -0800)]
Allow the provider of a midchain adjacency to pass context data that is returned in the fixup function
Change-Id: I458e6e03b03e27775df33a2fd302743126d6ac44
Signed-off-by: Neale Ranns <nranns@cisco.com>
Florin Coras [Mon, 29 Jan 2018 16:55:25 +0000 (08:55 -0800)]
vcl: fix VPPCOM_ATTR_GET_LIBC_EPFD elog
Change-Id: Idc3e8f4ee69d8871534a94d4f485e695fac81756
Signed-off-by: Florin Coras <fcoras@cisco.com>
Vijayabhaskar Katamreddy [Thu, 25 Jan 2018 23:12:11 +0000 (15:12 -0800)]
DRAFT ip4/6_frag to support DPO Style based Next Node
Change-Id: I1df3d23c1c5668b83d52b41f51c0e3f24183af9e
Signed-off-by: Vijayabhaskar Katamreddy <vkatamre@cisco.com>
Jon Loeliger [Tue, 16 Jan 2018 22:37:16 +0000 (16:37 -0600)]
memif: Add new API calls to manage memif socket names.
New API calls and corresponding CLI commands allow the user
to manage the socket filenames for memif connections using:
vppctl# create memif id <u32> filename <socket-filename>
vppctl# delete memif id <u32>
and then referencing it later in a memif interface:
vppctl# create memif <u32> socket-id <id> mode <mode> <master|slave> ...
Corresponding VAT cli entries have also been added.
The default memif socket file at id 0 are still always present.
The existing memif create/delete CLI commands have been slightly
altered into the new syntax:
vppctl# create interface memif ...
vppctl# delete interface memif ...
Change-Id: If2bdc7eac3d81e1d9011a5869747e52fc5e11639
Signed-off-by: Jon Loeliger <jdl@netgate.com>
Signed-off-by: Damjan Marion <damarion@cisco.com>
Francois Clad [Wed, 17 Jan 2018 11:18:41 +0000 (12:18 +0100)]
SRv6 dynamic proxy plugin
Change-Id: Ie460005510b8a70d00de31b6651e762cc3a63229
Signed-off-by: Francois Clad <fclad@cisco.com>
Neale Ranns [Thu, 25 Jan 2018 15:48:12 +0000 (07:48 -0800)]
Remove last vestigies of auto-ip-table create
Change-Id: If0f8472c0de5e324b24c9c672c0f8b57cc9f49a8
Signed-off-by: Neale Ranns <neale.ranns@cisco.com>
Florin Coras [Wed, 24 Jan 2018 18:49:23 +0000 (10:49 -0800)]
session: use clib rwlocks instead of custom implementation
Change-Id: I68933d709ce9cc686ba06466e136434b663920ef
Signed-off-by: Florin Coras <fcoras@cisco.com>
Dave Barach [Thu, 25 Jan 2018 00:20:55 +0000 (19:20 -0500)]
First-fit virtual space allocator
Change-Id: I75e6c7d1a6ff1fcebc81ec10bd86b79f2bf3dc22
Signed-off-by: Dave Barach <dave@barachs.net>
Florin Coras [Fri, 26 Jan 2018 09:27:01 +0000 (01:27 -0800)]
Fix session/tcp coverity warnings
Change-Id: I5c404eacb4a6c1e16485a6656168d9171ff49a8b
Signed-off-by: Florin Coras <fcoras@cisco.com>
Code Review / vpp.git / log