When sending Inbound non IPSec traffic that matches an Inbound Security
Policy set to Protect, the code will check that the SPI of the packet
and the associated Security Association match.
That check should only be done for IPSec packets and results in SEGFAULT
when done on non IPSec packets.
Fixes: 906257e965b7 ("examples/ipsec-secgw: support IPv6")
Signed-off-by: Sergio Gonzalez Monroy <sergio.gonzalez.monroy@intel.com>
This patch improve generate_random_key() function by replacing rand()
function with reading from /dev/urandom.
CID 120136 : Calling risky function (DC.WEAK_CRYPTO)
dont_call: rand should not be used for security related applications, as
linear congruential algorithms are too easy to break
Coverity issue: 120136
Signed-off-by: Piotr Azarewicz <piotrx.t.azarewicz@intel.com>
Acked-by: Declan Doherty <declan.doherty@intel.com>
Zero packets can be returned by rte_eth_rx_burst() and
rte_distributor_returned_pkts() inside lcore_rx(), so
for zero packet scenario instead of proceeding to
next operations we should continue to the next iteration of the
loop to avoid unnecessary processing overhead which is causing
rx packets to be dropped and hence distributor failing to forward the
packets.
Fixes: 07db4a97 ("examples/distributor: new sample app")
Signed-off-by: Reshma Pattan <reshma.pattan@intel.com>
Acked-by: Pablo de Lara <pablo.de.lara.guarch@intel.com>
This commit adds Python script for generating diagram of the application
configuration file. This script requires graphviz package to be installed
on the machine. The input config file is translated to an output file in
DOT syntax, which is then used to create the image file using graphviz.
To run the script, following command is used;
./diagram-generator.py -f <input configuration file>
Some optional arguments are as follows:
-h, --help show this help message and exit
Signed-off-by: Jasvinder Singh <jasvinder.singh@intel.com>
Signed-off-by: Cristian Dumitrescu <cristian.dumitrescu@intel.com>
Acked-by: John McNamara <john.mcnamara@intel.com>
Macro CHANNEL_CMDS_MAX_CPUS stand for the maximum number of cores
controlled by virtual channels. This macro only be used in the example,
so remove it from library to example header file.
Signed-off-by: Marvin Liu <yong.liu@intel.com>
The example is calling rte_eal_wait_lcore without checking return value.
Now it is fixed by checking the value and print proper message.
Coverity issue: 37789, 37790
Fixes: cc7e8ae84faa ("examples/bond: add example application for link bonding mode 6")
Signed-off-by: Piotr Azarewicz <piotrx.t.azarewicz@intel.com>
Acked-by: Declan Doherty <declan.doherty@intel.com>
Coverity reported lots of out-of-bounds in function
vxlan_link, these issues should happen when index
port_id evaluates to 2, cause size of arrays is
2 in structure.
Fix this issue by modifying judgement condition, make
sure port_id is less than 2.
Coverity issue: 107121, 107122, 107123, 107124, 107125
Fixes: 4abe471ed6fc ("examples/tep_term: implement VXLAN processing")
Signed-off-by: Beilei Xing <beilei.xing@intel.com>
Update l3fwd example usage and documentation with missing options.
Signed-off-by: Beilei Xing <beilei.xing@intel.com>
Acked-by: John McNamara <john.mcnamara@intel.com>
crypto_statistics array was not big enough for storing
all the possible crypto device statistics, as its size was
RTE_MAX_ETHPORTS, but should be RTE_CRYPTO_MAX_DEVS, leading
this to a potential out-of-bounds issue.
Coverity issue: 120145
Fixes: 387259bd6c67 ("examples/l2fwd-crypto: add sample application")
Signed-off-by: Slawomir Mrozowicz <slawomirx.mrozowicz@intel.com>
Signed-off-by: Pablo de Lara <pablo.de.lara.guarch@intel.com>
Acked-by: Declan Doherty <declan.doherty@intel.com>
Crypto operations are enqueued in the crypto devices
when the crypto device buffers are full (MAX_PKT_BURST),
in order to be more efficient.
The problem is that operations might be stuck in those buffers,
if they never get full, and therefore, those operations
will never be performed.
Therefore, it is necessary to have a buffer flush mechanism,
similar to the one used for flush the TX buffers, so eventually,
all packets received are ciphered and sent out.
Fixes: 387259bd6c67 ("examples/l2fwd-crypto: add sample application")
Signed-off-by: Pablo de Lara <pablo.de.lara.guarch@intel.com>
When the specified cores and memory lie on different NUMA socket with
physical NIC, vhost fails to set up Rx queue, and exits without any
hints. This could leads to confusion of users.
This patch fixes it by adding some error messages when calling ether
APIs returns errors.
Suggested-by: Yulong Pei <yulong.pei@intel.com>
Signed-off-by: Jianfeng Tan <jianfeng.tan@intel.com>
Acked-by: Yuanhan Liu <yuanhan.liu@linux.intel.com>
The multi_process example do not need rte_hash.
But these examples cannot compile if rte_hash is not available:
- ipsec-secgw (was already protected - no change)
- ipv4_multicast
- l3fwd-power
- l3fwd-vf
- tep_termination
- ip_pipeline
The ip_pipeline example is not disabled because its dependencies
are handled with #ifdef. It may require a separate fix.
Signed-off-by: Thomas Monjalon <thomas.monjalon@6wind.com>
The ethtool app was allocating too little space for 64-bit
registers which resulted in memory corruption.
Removes hard-coded assumption that device registers
are always 32 bits wide. The rte_eth_dev_get_reg_length
and rte_eth_dev_get_reg_info callbacks did not
provide register size to the app in any way while is
needed to allocate correct number of bytes before
retrieving registers using rte_eth_dev_get_reg.
This commit changes rte_eth_dev_get_reg_info so that
it can be used to retrieve both the number of registers
and their width, and removes the now-redundant
rte_eth_dev_get_reg_length.
Signed-off-by: Zyta Szpak <zyta.szpak@semihalf.com>
Acked-by: Remy Horton <remy.horton@intel.com>
The mempool_count and mempool_free_count behaved contrary to what their
names suggested. The free_count function actually returned the number of
elements that were allocated from the pool, not the number unallocated as
the name implied.
Fix this by introducing two new functions to replace the old ones,
* rte_mempool_avail_count to replace rte_mempool_count
* rte_mempool_in_use_count to replace rte_mempool_free_count
In this patch, the new functions are added, and the old ones are marked
as deprecated. All apps and examples that use the old functions are
updated to use the new functions.
Fixes: af75078fece3 ("first public release")
Signed-off-by: Bruce Richardson <bruce.richardson@intel.com>
Some libraries were missing their dependency on eal, mbuf, mempool,
ring and kvargs.
It is revealed by the linker option "-z defs".
Signed-off-by: Thomas Monjalon <thomas.monjalon@6wind.com>
Add a new paramter (flags) to rte_vhost_driver_register(). DPDK
vhost-user acts as client mode when RTE_VHOST_USER_CLIENT flag
is set. The flags would also allow future extensions without
breaking the API (again).
The rest is straingfoward then: allocate a unix socket, and
bind/listen for server, connect for client.
This extension is for vhost-user only, therefore we simply quit
and report error when any flags are given for vhost-cuse.
Signed-off-by: Yuanhan Liu <yuanhan.liu@linux.intel.com>
With all the previous prepare works, we are just one step away from
the final ABI refactoring. That is, to change current API to let them
stick to vid instead of the old virtio_net dev.
Signed-off-by: Yuanhan Liu <yuanhan.liu@linux.intel.com>
Tested-by: Rich Lane <rich.lane@bigswitch.com>
Acked-by: Rich Lane <rich.lane@bigswitch.com>
This change could let us avoid the dependency of "virtio_net"
struct, to prepare for the ABI refactoring.
Signed-off-by: Yuanhan Liu <yuanhan.liu@linux.intel.com>
Tested-by: Rich Lane <rich.lane@bigswitch.com>
Acked-by: Rich Lane <rich.lane@bigswitch.com>
The new API rte_vhost_avail_entries() is actually a rename of
rte_vring_available_entries(), with the "vring" to "vhost" name
change to keep the consistency of other vhost exported APIs.
This change could let us avoid the dependency of "virtio_net"
struct, to prepare for the ABI refactoring.
Signed-off-by: Yuanhan Liu <yuanhan.liu@linux.intel.com>
Tested-by: Rich Lane <rich.lane@bigswitch.com>
Acked-by: Rich Lane <rich.lane@bigswitch.com>
I failed to figure out what does "fh" mean here for a long while.
The only guess I could have had is "file handle". So, you get the
point that it's not well named.
I then figured it out that "fh" is derived from the fuse lib, and
my above guess is right. However, device_fh represents a virtio
net device ID. Therefore, here I rename it to vid (Virtio-net device
ID, or Vhost device ID; choose one you prefer) to make it easier for
understanding.
This name (vid) then will be considered to the only interface to
applications. That's another reason to do the rename: it's our
interface, make it more understandable.
Signed-off-by: Yuanhan Liu <yuanhan.liu@linux.intel.com>
Tested-by: Rich Lane <rich.lane@bigswitch.com>
Acked-by: Rich Lane <rich.lane@bigswitch.com>
Make a copy of virtio device id (device_fh) from the virtio_net struct,
so that we could have less dependency on the virtio_net struct.
Signed-off-by: Yuanhan Liu <yuanhan.liu@linux.intel.com>
Tested-by: Rich Lane <rich.lane@bigswitch.com>
Acked-by: Rich Lane <rich.lane@bigswitch.com>
device_fh repsents the device id for a specific virtio net device.
Firstly, "int" would be big enough: we don't need 64 bit. Secondly,
this could let us avoid the ugly "%" PRIu64 ".." stuff.
And since ctx.fh is derived from device_fh, declare it as int, too.
Signed-off-by: Yuanhan Liu <yuanhan.liu@linux.intel.com>
Tested-by: Rich Lane <rich.lane@bigswitch.com>
Acked-by: Rich Lane <rich.lane@bigswitch.com>
It does not make sense to ask the application to set/unset the flag
VIRTIO_DEV_RUNNING (that used internal only) at new_device()/
destroy_device() callback.
Instead, it should be set after new_device() succeeds and reset before
destroy_device() is invoked inside vhost lib. This patch fixes it.
Signed-off-by: Yuanhan Liu <yuanhan.liu@linux.intel.com>
Tested-by: Rich Lane <rich.lane@bigswitch.com>
Acked-by: Rich Lane <rich.lane@bigswitch.com>
There are two tailq lists, one for logging all vhost devices, another
one for logging vhost devices distributed on a specific core. However,
there is just one tailq entry, named "next", to chain the two list,
which is wrong and could result to a corrupted tailq list, that the
tailq list might always be non-empty: the entry is still there even
after you have invoked TAILQ_REMOVE several times.
Fix it by introducing two tailq entries, one for each list.
Fixes: 45657a5c6861 ("examples/vhost: use tailq to link vhost devices")
Signed-off-by: Yuanhan Liu <yuanhan.liu@linux.intel.com>
1. add KNI support to the IP Pipeline sample Application
2. some bug fix
3. update doc
4. add config file with two KNI interfaces connected using
a Linux kernel bridge
Signed-off-by: WeiJie Zhuang <zhuangwj@gmail.com>
Acked-by: Cristian Dumitrescu <cristian.dumitrescu@intel.com>
Fixes memory leaks detected by Coverity. These are due to ephemeral
memory allocations not being freed when errors occur.
Coverity issue: 127349
Fixes: e2aae1c1ced9 ("ethdev: remove name from extended statistic fetch")
Signed-off-by: Remy Horton <remy.horton@intel.com>
IPSec transport mode support.
Signed-off-by: Sergio Gonzalez Monroy <sergio.gonzalez.monroy@intel.com>
Acked-by: Pablo de Lara <pablo.de.lara.guarch@intel.com>
Support IPSec IPv6 allowing IPv4/IPv6 traffic in IPv4 or IPv6 tunnel.
We need separate Routing (LPM) and SP (ACL) tables for IPv4 and IPv6,
but a common SA table.
Signed-off-by: Sergio Gonzalez Monroy <sergio.gonzalez.monroy@intel.com>
Acked-by: Pablo de Lara <pablo.de.lara.guarch@intel.com>
Modify the default SP config variables names to be consistent with SA.
The resulting naming convention is that variables with suffixes _out/_in
are the default for ep0 and the reverse for ep1.
Signed-off-by: Sergio Gonzalez Monroy <sergio.gonzalez.monroy@intel.com>
Acked-by: Pablo de Lara <pablo.de.lara.guarch@intel.com>
The application only ASSERTS that an SA is not NULL (only when debugging
is enabled) without properly dealing with the case of not having an SA
for the processed packet.
Behavior should be such as if no SA is found, drop the packet.
Fixes: d299106e8e31 ("examples/ipsec-secgw: add IPsec sample application")
Signed-off-by: Sergio Gonzalez Monroy <sergio.gonzalez.monroy@intel.com>
Acked-by: Pablo de Lara <pablo.de.lara.guarch@intel.com>
Rework implementation moving from function pointers approach, where each
function implements very specific functionality, to a generic function
approach.
Signed-off-by: Sergio Gonzalez Monroy <sergio.gonzalez.monroy@intel.com>
Acked-by: Pablo de Lara <pablo.de.lara.guarch@intel.com>
Add support for building the application with DEBUG=1.
This option adds the compiler stack protection flag and enables extra
output in the application.
Also remove unnecessary VPATH setup.
Signed-off-by: Sergio Gonzalez Monroy <sergio.gonzalez.monroy@intel.com>
Acked-by: Pablo de Lara <pablo.de.lara.guarch@intel.com>
Building the application with -O3 and -fstack-protection (default in
Ubuntu) results in the following error:
*** stack smashing detected ***: ./build/ipsec-secgw terminated
The error is caused by storing an 8B value in a 4B variable.
Fixes: d299106e8e31 ("examples/ipsec-secgw: add IPsec sample application")
Signed-off-by: Sergio Gonzalez Monroy <sergio.gonzalez.monroy@intel.com>
Acked-by: Pablo de Lara <pablo.de.lara.guarch@intel.com>
Current code fails to correctly check padding sequence for inbound
packets.
Padding sequence starts on 1 but it checks for 0.
Fixes: d299106e8e31 ("examples/ipsec-secgw: add IPsec sample application")
Signed-off-by: Sergio Gonzalez Monroy <sergio.gonzalez.monroy@intel.com>
Acked-by: Pablo de Lara <pablo.de.lara.guarch@intel.com>
Added new SW PMD which makes use of the libsso_kasumi SW library,
which provides wireless algorithms KASUMI F8 and F9
in software.
This PMD supports cipher-only, hash-only and chained operations
("cipher then hash" and "hash then cipher") of the following
algorithms:
- RTE_CRYPTO_SYM_CIPHER_KASUMI_F8
- RTE_CRYPTO_SYM_AUTH_KASUMI_F9
Signed-off-by: Pablo de Lara <pablo.de.lara.guarch@intel.com>
Acked-by: Deepak Kumar Jain <deepak.k.jain@intel.com>
rte_thread_setname was a macro defined only for Linux.
The function rte_thread_setname() can now be used on FreeBSD
as well on Linux.
It is required to build librte_pdump.
The macro was 0 for old glibc. The function is now returning -1.
The related logs are decreased from error to debug level because
it is not an important failure, just a debug inconvenience.
Fixes: 278f945402c5 ("pdump: add new library for packet capture")
Signed-off-by: Thomas Monjalon <thomas.monjalon@6wind.com>
Acked-by: David Marchand <david.marchand@6wind.com>
Changes the l2fwd keepalive example to show how the new keepalive
enhancements can be used to relay core state to an external process.
Signed-off-by: Remy Horton <remy.horton@intel.com>
Adds and documents new callbacks that allow transitions to core
states other than dead to be reported to applications.
Signed-off-by: Remy Horton <remy.horton@intel.com>
When starting the ip_fragmentation or ip_reassembly example
on several sockets, it fails.
The name of the lpm6 table is the same on every socket,
resulting in a table creation failure (-EEXIST). The failure
appeared after:
commit f82f705b635d ("lpm: fix allocation of an existing object")
Indeed, before this commit the returned value when the existing
table, which was probably a bug in that case: one table for 2
sockets for lpm6, and one per socket for lpm.
Fixes: 74de12b7b63a ("examples/ip_fragmentation: overhaul")
Fixes: b84fb4cb88ff ("examples/ip_reassembly: overhaul")
Reported-by: Heng Ding <hengx.ding@intel.com>
Signed-off-by: Olivier Matz <olivier.matz@6wind.com>
This script parses the application configuration file and detects all the
pipelines specified therein, and then, it generates all the possible mappings
of those pipelines on the specified CPU core-list.
As a result, each of the possible pipeline-to-core mappings is saved as
separate output configuration file. For example- if input file is
edge_router_downstream.cfg with 3 pipeline (excluding pipeline 0) and
core-list is “1, 2”, following combinations will be generated-
Pipeline 1 Pipeline 2 Pipeline 3
Core = 1 Core = 1 Core = 2
Core = 1 Core = 2 Core = 1
Core = 2 Core = 1 Core = 1
Core = 2 Core = 2 Core = 1
Core = 2 Core = 1 Core = 2
Core = 1 Core = 2 Core = 2
Core = C1 Core = C1H Core = C2
Core = C1 Core = C2 Core = C1H
Core = C2 Core = C1 Core = C1H
This script will help users to analyse the performance of application by
evaluating all the generated configuration files with different
pipelines-to-core mappings and obtaining the application configuration file
with best performance.
To run the script, issue the following command;
./pipeline-to-core-mapping.py -i <input_configuration_file> -pc "s<socket-id>c<core-id>"
Some optional arguments are as follows:
-h, --help show this help message and exit
-ht {ON,OFF}, --hyper-thread {ON,OFF}
enable/disable hyper threading. default is ON
-nO, --no-output-file
disable output config file generation. Output file
generation is enabled by default
Signed-off-by: Guruprasad Mukundarao <guruprasadx.rao@intel.com>
Acked-by: Cristian Dumitrescu <cristian.dumitrescu@intel.com>
In ip_pipeline app, the structure app_thread_data needs to be aligned to
the cache line boundary as threads on different cpu cores are accessing
fields of the app->thread_data and having this structure not aligned on
cacheline boundary leads to false cacheline sharing.
Fixes: 7f64b9c004aa ("examples/ip_pipeline: rework config file syntax")
Signed-off-by: Jasvinder Singh <jasvinder.singh@intel.com>
Acked-by: Cristian Dumitrescu <cristian.dumitrescu@intel.com>
Return value of function app_pipeline_type_find is not checking before
dereference. Fix this problem by adding checking condition.
Coverity issue: 127196
Fixes: b4aee0fb9c6d ("examples/ip_pipeline: reconfigure thread binding dynamically")
Signed-off-by: Marcin Kerlin <marcinx.kerlin@intel.com>
Acked-by: Cristian Dumitrescu <cristian.dumitrescu@intel.com>
qw app at its init stage reserve 2*sizeof(int) memory space for quota
and low_watermark shared variables, but both apps (qw and qwctl) assign
wrong address for low_watermark pointer (out of reserved memzone space)
due to wrong pointer arithmetic.
CID 30709 : Extra sizeof expression (SIZEOF_MISMATCH)
suspicious_pointer_arithmetic: Adding 4UL /* sizeof (int) */ to pointer
(unsigned int *)(*qw_memzone).addr of type unsigned int * is suspicious
because adding an integral value to this pointer automatically scales
that value by the size, 4 bytes, of the pointed-to type, unsigned int.
Most likely, sizeof (int) is extraneous and should be replaced with 1.
Coverity issue: 30709
Fixes: 1d6c3ee3321a ("examples/quota_watermark: initial import")
Signed-off-by: Piotr Azarewicz <piotrx.t.azarewicz@intel.com>
After extending IPv4 next hop in lpm library, size of dst_port array was
changed from 16 to 32 bits in l3fwd-thread example, without modification
of the rest of path written for 16 bit value.
This patch uses similar approach for fix, like in commit 8353a36a9b4b
("examples/l3fwd: fix size of destination port ids"), restoring 16 bit size
for destination port ids and doing necessary conversion from 32 to 16 bit
after lpm_lookupx4.
Fixes: dc81ebbacaeb ("lpm: extend IPv4 next hop field")
Signed-off-by: Tomasz Kulasek <tomaszx.kulasek@intel.com>
This fixes wrong logic in get_dst_port() on lpm path causing unpredictable
return value when ipv4/ipv6 lookup success (return with no value).
Fixes: dc81ebbacaeb ("lpm: extend IPv4 next hop field")
Signed-off-by: Tomasz Kulasek <tomaszx.kulasek@intel.com>
If no SSE nor NEON are available the l3fwd should complain loudly
to quickly find out the reason.
Signed-off-by: Jan Viktorin <viktorin@rehivetech.com>
l3fwd sets the mempool cache size to 256, selected the same value for l2fwd
Signed-off-by: Jerin Jacob <jerin.jacob@caviumnetworks.com>
Acked-by: Pablo de Lara <pablo.de.lara.guarch@intel.com>
Acked-by: Reshma Pattan <reshma.pattan@intel.com>
Signed-off-by: Jerin Jacob <jerin.jacob@caviumnetworks.com>
Acked-by: Pablo de Lara <pablo.de.lara.guarch@intel.com>
Acked-by: Reshma Pattan <reshma.pattan@intel.com>