Re: [vpp-dev] Request: please add "real" pcap ability #vpp

[Jerome Tollet via Lists.Fd.Io]

Thanks for the update. Feel free to contribute to the documentation or wiki on 
that point 😉
Jerome

De :  au nom de Brian Dickson 

Date : dimanche 25 novembre 2018 à 19:36
À : Jerome Tollet 
Cc : "vpp-dev@lists.fd.io" 
Objet : Re: [vpp-dev] Request: please add "real" pcap ability #vpp

Hi, Jerome (and everyone),

Thanks for this!

Using packet-capture + span, did indeed accomplish what I was looking for.

One useful data point: I was able to capture about 10 seconds of line-rate 10G 
into a pcap file, and it looks like I didn't lose any packets, on a VPP host 
that was not forwarding packets.

Thanks again,
Brian

On Fri, Nov 23, 2018 at 9:06 AM Jerome Tollet (jtollet) 
mailto:jtol...@cisco.com>> wrote:
Hi Brian,
I tried what I told you and I confirm that worked fine on my setup.

create packet-generator interface pg0
packet-generator capture pg0 pcap /tmp/mycap.pcap
set interface span SOURCE_INTF destination pg0
set interface state pg0 up

Jerome
De : mailto:vpp-dev@lists.fd.io>> au nom de Brian Dickson 
mailto:brian.peter.dick...@gmail.com>>
Date : vendredi 23 novembre 2018 à 08:03
À : "d...@barachs.net" 
mailto:d...@barachs.net>>
Cc : "vpp-dev@lists.fd.io" 
mailto:vpp-dev@lists.fd.io>>
Objet : Re: [vpp-dev] Request: please add "real" pcap ability #vpp


On Thu, Nov 22, 2018 at 5:30 AM mailto:d...@barachs.net>> 
wrote:
Laying aside comments about folks who aren’t regular community contributors 
introducing themselves in random ways, here are a few thoughts:

We have a plan to unify pcap tracepoints when Damjan finishes reworking the 
ethernet input node.

That is very welcome news.

Is there a rough timeline for Damjan's reworking, and the unification? I just 
want to factor that into my own plans, if possible.


No matter what, pcap capture involves a bunch of data copying. The forwarding 
rate will clearly suffer. Full stop.

Yes, I fully understand that. There's no such thing as a free lunch.

In the environment in question, there's VPP hosts (doing BGP with the netlink 
and router sandbox plugins to get the routing table into VPP), and adjacent to 
them (physically upstream/downstream) we are using passive optical splitters.

Those optical splitters feed copies of traffic to capture hosts, specifically 
dedicated to packet capture and/or other integrated analysis code to be 
developed.

Our packet capture would only be using VPP without any packet forwarding, i.e. 
as a convenient way of integrating kernel offload with packet capture, and 
possibly chained with other added custom nodes.

(DPDK by itself is not really friendly for doing any kind of from-scratch 
integration, and I haven't found many/any other currently maintained open 
source packages/frameworks that offer pcap. E.g. netmap-libpcap seems 
abandoned.)

Having the ability to add other nodes in the graph, that do other stuff, 
possibly with zero copy, is another major reason we're looking at VPP.

So, pcap is the starting point, and future work might keep the pcap capability 
(assuming the ability to control whether capture is done, and the ability to 
specify pcap filter rules), and add other custom functionality.

To give you an idea, this is not consumer-grade stuff we are using; 12 or 24 
core Intel boxes (with HT, appears as 24 or 48 cores), and 128GB or 256GB of 
memory, just for packet capture, onto RAIDed SSDs.

Thanks for the info, and I'll definitely look at that extras/wireshark thing.

Brian


In master/latest, I’ve added pcap tracing – and a wireshark dissector – to the 
graph dispatch engine. See .../extras/wireshark/readme.md for more detail. The 
wireshark dissector isn’t finished by any means, nor do we have a blessed encap 
type number from tcpdump-workers, nor is the work upstreamed into wireshark.

Erreur ! Nom du fichier non spécifié.



From: vpp-dev@lists.fd.io 
mailto:vpp-dev@lists.fd.io>> On Behalf Of 
brian.peter.dick...@gmail.com
Sent: Wednesday, November 21, 2018 6:59 PM
To: vpp-dev@lists.fd.io
Subject: [vpp-dev] Request: please add "real" pcap ability #vpp

Hi, dev folks,

Apologies for my first message being kind of demanding.

However, I think this is a reasonable request.

What I am interested in, and I think this is likely to be a fairly universal 
desire, is the ability to properly integrate some kind of pcap packet capture 
to the full VPP graph.

The current available mechanisms (pcap drop trace and pcap tx trace) do not 
apply to packets that are only "handled" by the host in question, i.e. neither 
originate or terminate on the local host.

In particular, I'm interested in something that can run on a bare metal host 
and, presuming sufficient resources can be given to it (cores, memory, etc), do 
packet capture at line rate.

Thus, any restriction ("run it on a VM") is not adequate.

Given that there is already stuff for handling the pcap file already (i

Re: [vpp-dev] fails to startup vpp on master branch.

[Zhiyong Yang]

Hi Damjan,

I’m aware that this issue has been fixed not long ago by the 
following patch.
You can ignore my previous email now.

commit 1e1c0f55dba1adc2ddf78fa39e390f88962f3f7b
Author: Paul Vinciguerra 
mailto:pvi...@vinciconsulting.com>>
Date:   Sat Nov 24 21:19:38 2018 -0800

make test: Fix too wide subprocess exceptions

When a command fails, CalledProcessError is raised. testing with except: 
masks other failures.

Change-Id: I7e3a6739411cb6a4c13e96dd123aff9159213fea
Signed-off-by: Paul Vinciguerra 
mailto:pvi...@vinciconsulting.com>>

This patch includes this change.

@@ -290,7 +290,7 @@ pmalloc_map_pages (clib_pmalloc_main_t * pm, 
clib_pmalloc_arena_t * a,
   return 0;
 }

-  mmap_flags = MAP_FIXED;
+  mmap_flags = MAP_FIXED | MAP_ANONYMOUS;


Thanks
Zhiyong
From: vpp-dev@lists.fd.io [mailto:vpp-dev@lists.fd.io] On Behalf Of Zhiyong Yang
Sent: Monday, November 26, 2018 3:37 PM
To: Yang, Zhiyong ; Damjan Marion 
Cc: vpp-dev@lists.fd.io
Subject: Re: [vpp-dev] fails to startup vpp on master branch.

Hi Damjan,

This issue is caused by this patch.

54e8e39a5284917efab8fd6d7d92e589d4a911a4 is the first bad commit
commit 54e8e39a5284917efab8fd6d7d92e589d4a911a4
Author: Damjan Marion mailto:damar...@cisco.com>>
Date:   Wed Nov 7 17:55:26 2018 +0100

pmalloc: fix shared mappings

Change-Id: I6782544d5ee0a66b1a027874b23574416093ca92
Signed-off-by: Damjan Marion damar...@cisco.com


diff --git a/src/vppinfra/pmalloc.c b/src/vppinfra/pmalloc.c
index a881a65..46ccd7f 100644
--- a/src/vppinfra/pmalloc.c
+++ b/src/vppinfra/pmalloc.c
@@ -290,7 +290,7 @@ pmalloc_map_pages (clib_pmalloc_main_t * pm, 
clib_pmalloc_arena_t * a,
   return 0;
 }

-  mmap_flags = MAP_FIXED | MAP_ANONYMOUS;
+  mmap_flags = MAP_FIXED;

   if ((pm->flags & CLIB_PMALLOC_F_NO_PAGEMAP) == 0)
 mmap_flags |= MAP_LOCKED;
@@ -307,10 +307,12 @@ pmalloc_map_pages (clib_pmalloc_main_t * pm, 
clib_pmalloc_arena_t * a,
pm->error = clib_mem_create_fd ((char *) a->name, &a->fd);
   if (a->fd == -1)
goto error;
+  if ((ftruncate (a->fd, size)) == -1)
+   goto error;
 }
   else
 {
-  mmap_flags |= MAP_PRIVATE;
+  mmap_flags |= MAP_PRIVATE | MAP_ANONYMOUS;
   a->fd = -1;
 }

I try to restore the first line changed. It works well on CentOS.


Thanks
Zhiyong

From: vpp-dev@lists.fd.io [mailto:vpp-dev@lists.fd.io] On Behalf Of Zhiyong Yang
Sent: Monday, November 19, 2018 6:11 PM
To: Damjan Marion 
Cc: vpp-dev@lists.fd.io
Subject: Re: [vpp-dev] fails to startup vpp on master branch.

BOOT_IMAGE=/vmlinuz-3.10.0-862.14.4.el7.x86_64 root=/dev/mapper/centos-root ro 
crashkernel=auto rd.lvm.lv=centos/root rd.lvm.lv=centos/swap rhgb quiet 
default_hugepagesz=1G hugepagesz=1G hugepages=8 intel_iommu=on iommu=pt 
isolcpus=1-20 LANG=en_US.UTF-8 nohz_full=1-20 rcu_nocbs=1-20

From: Damjan Marion [mailto:dmar...@me.com]
Sent: Monday, November 19, 2018 5:59 PM
To: Yang, Zhiyong mailto:zhiyong.y...@intel.com>>
Cc: vpp-dev@lists.fd.io
Subject: Re: [vpp-dev] fails to startup vpp on master branch.

kernel parameters?

--
Damjan

On 19 Nov 2018, at 10:57, Yang, Zhiyong 
mailto:zhiyong.y...@intel.com>> wrote:

Damjan,

I’m working on CentOS 7.5 and on the latest master for VPP.
Uname –r
3.10.0-862.14.4.el7.x86_64

[root@localhost vpp]# cat /etc/redhat-release
CentOS Linux release 7.5.1804 (Core)

Thanks
Zhiyong
From: vpp-dev@lists.fd.io 
[mailto:vpp-dev@lists.fd.io] On Behalf Of Damjan Marion via Lists.Fd.Io
Sent: Monday, November 19, 2018 5:42 PM
To: Yang, Zhiyong mailto:zhiyong.y...@intel.com>>
Cc: vpp-dev@lists.fd.io
Subject: Re: [vpp-dev] fails to startup vpp on master branch.



Your kernel is refusing to do mmap().
We need a bit more info, kernel version, kernel parameters,

Are you on the latest master?

--
Damjan

On 19 Nov 2018, at 10:25, Zhiyong Yang 
mailto:zhiyong.y...@intel.com>> wrote:

Hi VPP dev guys,

Does Anybody see the failures about vpp on master branch as 
following?  The failures must be reproduced on my 3 servers/boxes.  How can I 
fix it ?

vlib_physmem_shared_map_create: pmalloc_map_pages: failed to mmap 1 pages at 
0x7fd94000 fd 25 numa 0 flags 0x42011: Invalid argument

dpdk_buffer_pool_create: failed to allocate mempool on socket 0

Thanks
Zhiyong


-=-=-=-=-=-=-=-=-=-=-=-
Links: You receive all messages sent to this group.

View/Reply Online (#11303): https://lists.fd.io/g/vpp-dev/message/11303
Mute This Topic: https://lists.fd.io/mt/28239923/675642
Group Owner: vpp-dev+ow...@lists.fd.io
Unsubscribe: https://lists.fd.io/g/vpp-dev/unsub  
[dmar...@me.com]
-=-=-=-=-=-=-=-=-=-=-=-

-=-=-=-=-=-=-=-=-=-=-=-
Links: You receive all messages sent to this group.

View/Reply Online (#11403): https://lists.fd.io/g/vpp-dev/message/11403
Mute This Top

Re: [vpp-dev] Build failing on AArch64

[Ole Troan]

Sirshak,

Can you touch one of the .api files and rebuild with V=2 and show the output of 
that?
It might be that vppapigen fails for some reason (or try to run it manually and 
see).

Ole

> On 26 Nov 2018, at 06:48, Sirshak Das  wrote:
> 
> Hi all,
> 
> I am currently facing these build failures in master on AArch64.
> 
> [38/1160] Building C object vat/CMakeFiles/vpp_api_test.dir/types.c.o
> FAILED: vat/CMakeFiles/vpp_api_test.dir/types.c.o 
> ccache /usr/lib/ccache/cc -DHAVE_MEMFD_CREATE -Dvpp_api_test_EXPORTS 
> -I/home/sirdas/code/commita/vpp/src -I. -Iinclude -march=armv8-a+crc -g -O2 
> -DFORTIFY_SOURCE=2 -fstack-protector -fPIC -Werror   
> -Wno-address-of-packed-member -pthread -MD -MT 
> vat/CMakeFiles/vpp_api_test.dir/types.c.o -MF 
> vat/CMakeFiles/vpp_api_test.dir/types.c.o.d -o 
> vat/CMakeFiles/vpp_api_test.dir/types.c.o   -c 
> /home/sirdas/code/commita/vpp/src/vat/types.c
> In file included from 
> /home/sirdas/code/commita/vpp/src/vpp/api/vpe_all_api_h.h:25,
> from /home/sirdas/code/commita/vpp/src/vpp/api/types.h:20,
> from /home/sirdas/code/commita/vpp/src/vat/types.c:19:
> /home/sirdas/code/commita/vpp/src/vnet/vnet_all_api_h.h:33:10: fatal error: 
> vnet/devices/af_packet/af_packet.api.h: No such file or directory
> #include 
>  ^~~~
> compilation terminated.
> [85/1160] Building C object 
> vnet/CMakeFiles/vnet_cortexa72.dir/ethernet/node.c.o
> ninja: build stopped: subcommand failed.
> Makefile:691: recipe for target 'vpp-build' failed
> make[1]: *** [vpp-build] Error 1
> make[1]: Leaving directory '/home/sirdas/code/commita/vpp/build-root'
> Makefile:366: recipe for target 'build-release' failed
> make: *** [build-release] Error 2
> 
> [114/1310] Building C object vat/CMakeFiles/vpp_api_test.dir/types.c.o
> FAILED: vat/CMakeFiles/vpp_api_test.dir/types.c.o 
> ccache /usr/lib/ccache/cc -DHAVE_MEMFD_CREATE -Dvpp_api_test_EXPORTS 
> -I/home/sirdas/code/commitb/vpp/src -I. -Iinclude -march=armv8-a+crc -g -O2 
> -DFORTIFY_SOURCE=2 -fstack-protector -fPIC -Werror   
> -Wno-address-of-packed-member -pthread -MD -MT 
> vat/CMakeFiles/vpp_api_test.dir/types.c.o -MF 
> vat/CMakeFiles/vpp_api_test.dir/types.c.o.d -o 
> vat/CMakeFiles/vpp_api_test.dir/types.c.o   -c 
> /home/sirdas/code/commitb/vpp/src/vat/types.c
> In file included from 
> /home/sirdas/code/commitb/vpp/src/vpp/api/vpe_all_api_h.h:25,
> from /home/sirdas/code/commitb/vpp/src/vpp/api/types.h:20,
> from /home/sirdas/code/commitb/vpp/src/vat/types.c:19:
> /home/sirdas/code/commitb/vpp/src/vnet/vnet_all_api_h.h:32:10: fatal error: 
> vnet/bonding/bond.api.h: No such file or directory
> #include 
>  ^
> compilation terminated.
> [161/1310] Building C object 
> vnet/CMakeFiles/vnet_thunderx2t99.dir/ethernet/node.c.o
> ninja: build stopped: subcommand failed.
> Makefile:691: recipe for target 'vpp-build' failed
> make[1]: *** [vpp-build] Error 1
> make[1]: Leaving directory '/home/sirdas/code/commitb/vpp/build-root'
> Makefile:366: recipe for target 'build-release' failed
> make: *** [build-release] Error 2
> 
> 
> Its all someway or the other related to *.api files and genereated
> header files.
> 
> I am not able to isolate any particular commit that did this.
> 
> Does anybody know if anything changed off the top of their head ?
> 
> Thank you
> Sirshak Das
> -=-=-=-=-=-=-=-=-=-=-=-
> Links: You receive all messages sent to this group.
> 
> View/Reply Online (#11400): https://lists.fd.io/g/vpp-dev/message/11400
> Mute This Topic: https://lists.fd.io/mt/28318534/675193
> Group Owner: vpp-dev+ow...@lists.fd.io
> Unsubscribe: https://lists.fd.io/g/vpp-dev/unsub  [otr...@employees.org]
> -=-=-=-=-=-=-=-=-=-=-=-

-=-=-=-=-=-=-=-=-=-=-=-
Links: You receive all messages sent to this group.

View/Reply Online (#11404): https://lists.fd.io/g/vpp-dev/message/11404
Mute This Topic: https://lists.fd.io/mt/28318534/21656
Group Owner: vpp-dev+ow...@lists.fd.io
Unsubscribe: https://lists.fd.io/g/vpp-dev/unsub  [arch...@mail-archive.com]
-=-=-=-=-=-=-=-=-=-=-=-

Re: [vpp-dev] Build failing on AArch64

[Gorka Garcia]

Hi Sirshak,

Seems OK for me with master right now.

Gorka

-Original Message-
From: vpp-dev@lists.fd.io  On Behalf Of Sirshak Das
Sent: Monday, November 26, 2018 6:49 AM
To: vpp-dev@lists.fd.io; Honnappa Nagarahalli ; 
Juraj Linkeš ; Lijian Zhang (Arm Technology China) 

Subject: [vpp-dev] Build failing on AArch64

External Email

Hi all,

I am currently facing these build failures in master on AArch64.

[38/1160] Building C object vat/CMakeFiles/vpp_api_test.dir/types.c.o
FAILED: vat/CMakeFiles/vpp_api_test.dir/types.c.o
ccache /usr/lib/ccache/cc -DHAVE_MEMFD_CREATE -Dvpp_api_test_EXPORTS 
-I/home/sirdas/code/commita/vpp/src -I. -Iinclude -march=armv8-a+crc -g -O2 
-DFORTIFY_SOURCE=2 -fstack-protector -fPIC -Werror   
-Wno-address-of-packed-member -pthread -MD -MT 
vat/CMakeFiles/vpp_api_test.dir/types.c.o -MF 
vat/CMakeFiles/vpp_api_test.dir/types.c.o.d -o 
vat/CMakeFiles/vpp_api_test.dir/types.c.o   -c 
/home/sirdas/code/commita/vpp/src/vat/types.c
In file included from 
/home/sirdas/code/commita/vpp/src/vpp/api/vpe_all_api_h.h:25,
 from /home/sirdas/code/commita/vpp/src/vpp/api/types.h:20,
 from /home/sirdas/code/commita/vpp/src/vat/types.c:19:
/home/sirdas/code/commita/vpp/src/vnet/vnet_all_api_h.h:33:10: fatal error: 
vnet/devices/af_packet/af_packet.api.h: No such file or directory  #include 

  ^~~~
compilation terminated.
[85/1160] Building C object vnet/CMakeFiles/vnet_cortexa72.dir/ethernet/node.c.o
ninja: build stopped: subcommand failed.
Makefile:691: recipe for target 'vpp-build' failed
make[1]: *** [vpp-build] Error 1
make[1]: Leaving directory '/home/sirdas/code/commita/vpp/build-root'
Makefile:366: recipe for target 'build-release' failed
make: *** [build-release] Error 2

[114/1310] Building C object vat/CMakeFiles/vpp_api_test.dir/types.c.o
FAILED: vat/CMakeFiles/vpp_api_test.dir/types.c.o
ccache /usr/lib/ccache/cc -DHAVE_MEMFD_CREATE -Dvpp_api_test_EXPORTS 
-I/home/sirdas/code/commitb/vpp/src -I. -Iinclude -march=armv8-a+crc -g -O2 
-DFORTIFY_SOURCE=2 -fstack-protector -fPIC -Werror   
-Wno-address-of-packed-member -pthread -MD -MT 
vat/CMakeFiles/vpp_api_test.dir/types.c.o -MF 
vat/CMakeFiles/vpp_api_test.dir/types.c.o.d -o 
vat/CMakeFiles/vpp_api_test.dir/types.c.o   -c 
/home/sirdas/code/commitb/vpp/src/vat/types.c
In file included from 
/home/sirdas/code/commitb/vpp/src/vpp/api/vpe_all_api_h.h:25,
 from /home/sirdas/code/commitb/vpp/src/vpp/api/types.h:20,
 from /home/sirdas/code/commitb/vpp/src/vat/types.c:19:
/home/sirdas/code/commitb/vpp/src/vnet/vnet_all_api_h.h:32:10: fatal error: 
vnet/bonding/bond.api.h: No such file or directory  #include 

  ^
compilation terminated.
[161/1310] Building C object 
vnet/CMakeFiles/vnet_thunderx2t99.dir/ethernet/node.c.o
ninja: build stopped: subcommand failed.
Makefile:691: recipe for target 'vpp-build' failed
make[1]: *** [vpp-build] Error 1
make[1]: Leaving directory '/home/sirdas/code/commitb/vpp/build-root'
Makefile:366: recipe for target 'build-release' failed
make: *** [build-release] Error 2


Its all someway or the other related to *.api files and genereated header files.

I am not able to isolate any particular commit that did this.

Does anybody know if anything changed off the top of their head ?

Thank you
Sirshak Das
-=-=-=-=-=-=-=-=-=-=-=-
Links: You receive all messages sent to this group.

View/Reply Online (#11405): https://lists.fd.io/g/vpp-dev/message/11405
Mute This Topic: https://lists.fd.io/mt/28318534/21656
Group Owner: vpp-dev+ow...@lists.fd.io
Unsubscribe: https://lists.fd.io/g/vpp-dev/unsub  [arch...@mail-archive.com]
-=-=-=-=-=-=-=-=-=-=-=-

Re: [vpp-dev] dpdk socket-mem and dpdk_pool_create

[Kingwel Xie]

thanks. then those pools can be moved to dpdk socket-mem, I guess.

I'll submit a patch soon.


 原始邮件 
主题： Re: [vpp-dev] dpdk socket-mem and dpdk_pool_create
来自： Damjan Marion 
发至： 2018年11月25日 下午8:06
抄送： Kingwel Xie 


> On 25 Nov 2018, at 05:23, Kingwel Xie  wrote:
>
> Hi Damjan and vPPers,
>
> I got a question about the physical mem management in vPP.
>
> As I understand, we specify socket-mem in startup.conf for DPDK to allocate 
> mem for itself, but we are using vPP phymem allocator for mbuf and crypto 
> PMDs if vdev is specified. The latter consist of crypto op , session, and 
> driver pools, and they are quite small in general. However, at least one 
> hugepage will be allocated for each pool, which could be 1GB. Big waste in a 
> way.
> DPDK instead handles it in a better way using a mem segment based mechanism.
>
> Question: why use a customzied dpdk_pool_create instea of asking DPDK to 
> manage mempool just like rte_pktbuf_create_by_ops?
> 


We care only for buffer mempools to be allocated by vpp physmem allocator, no 
need for others. They can be allocated by dpdk or
alternatively other mempools can share single physmem region with dpdk buffer 
mempools


--
Damjan
-=-=-=-=-=-=-=-=-=-=-=-
Links: You receive all messages sent to this group.

View/Reply Online (#11406): https://lists.fd.io/g/vpp-dev/message/11406
Mute This Topic: https://lists.fd.io/mt/28308134/21656
Group Owner: vpp-dev+ow...@lists.fd.io
Unsubscribe: https://lists.fd.io/g/vpp-dev/unsub  [arch...@mail-archive.com]
-=-=-=-=-=-=-=-=-=-=-=-

[vpp-dev] About in-band telnet/ssh support of VPP

[tianye@sina]

Hello Everyone:

 

As we all knows, the latest VPP version 18.10 support telnet.

We can set the conf file like this to monitor the remote telnet request:

unix {

  cli-listen localhost 5002 or cli-listen 192.168. 5002

  ...

 

But actually the IP/Port pair we are listening is the "in-band" interface.

That means that interface belongs to the Linux host system(not the dedicate
NIC pre-allocated for VPP)

Is there any solution for telnet/ssh toward the VPP in-band interface?

(Provide telnet/ssh support for in-band interface is very important when we
managed to build a gateway/router device

over bare metal machine, since we cannot guarantee we can involve additional
out-band interface with any topology and product cost limitation)

-=-=-=-=-=-=-=-=-=-=-=-
Links: You receive all messages sent to this group.

View/Reply Online (#11408): https://lists.fd.io/g/vpp-dev/message/11408
Mute This Topic: https://lists.fd.io/mt/28320167/21656
Group Owner: vpp-dev+ow...@lists.fd.io
Unsubscribe: https://lists.fd.io/g/vpp-dev/unsub  [arch...@mail-archive.com]
-=-=-=-=-=-=-=-=-=-=-=-

答复: 答复: 答复: 答复: [vpp-dev] about sctp

[刘道林]

Hi Marco，

Thanks for your detail explanation.

1. I just saw the function ip4_sctp_compute_checksum(). The comment /* 
Initialize checksum with ip header. */ seems that you include the IP header to 
calculate the checksum. And also in this function, you call 
ip_incremental_checksum(), so it seems that the algorithm not like crc32c.

2. Maybe I was wrong. But I didn't find any structure to save the cookie in the 
sctp_state_cookie_param_t. In the function sctp_handle_init_ack(), you save it 
like this:

case SCTP_STATE_COOKIE_TYPE:
  {
sctp_state_cookie_param_t *state_cookie_param =
  (sctp_state_cookie_param_t *) opt_params_hdr;

clib_memcpy (&(sctp_conn->cookie_param), state_cookie_param,
 sizeof (sctp_state_cookie_param_t));

break;
  }

And then in the function sctp_prepare_cookie_echo_chunk(), just copy it like 
this:

  clib_memcpy (&(cookie_echo_chunk->cookie), &sctp_conn->cookie_param,
   sizeof (sctp_state_cookie_param_t));

Maybe I miss something, but indeed in the COOKIE_ECHO chunk from the standard, 
it's only COOKIE, not optional state cookie parameter, i.e. there is no 
Parameter type and Parameter length in the COOKIE_ECHO chunk.







Best regards
刘道林 (Daolin Liu)
T&W大连市共进科技有限公司
DALIAN GONGJIN TECHNOLOGY CO.,LTD
中国大连市高新园区软件园路1A-4-24层
Floor 24th, 1A-4 Software Park Road, Hi-tech Zone, Dalian, Liaoning, China
直线(TEL)：(86-411)39996705   分机(EXT)：76824
手机(Mobile)：(86)13704090959


-邮件原件-
发件人: Marco Varlese [mailto:mvarl...@suse.de]
发送时间: 2018年11月23日 20:39
收件人: Liu Daolin (刘道林); vpp-dev@lists.fd.io
主题: Re: 答复: 答复: 答复: [vpp-dev] about sctp

On Fri, 2018-11-23 at 09:14 +, Liu Daolin (刘道林) wrote:
> Hi Marco，
>
> 1. If you indeed use crc32c, it's ok. But from my view, it should not include
> ip header.
And it does not!

>
> 2. the definition is below:
>
> #define SHA1_OUTPUT_LENGTH 20
> /*
>  * 0   1   2   3
>  * 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
>  * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
>  * |  Parameter Type   |   Parameter Length|
>  * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
>  * \   \
>  * /   Parameter Value /
>  * \   \
>  * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
>  */
> typedef struct
> {
>   sctp_opt_params_hdr_t param_hdr;
>
>   unsigned char mac[SHA1_OUTPUT_LENGTH];/* RFC 2104 */
>   u64 creation_time;
>   u32 cookie_lifespan;
>
> } sctp_state_cookie_param_t;
>
> The macro definition SHA1_OUTPUT_LENGTH 20 seems not enough.
In your earlier email you mentioned COOKIE LENGTH which is _NOT_ what you're
referring to now. The SHA1_OUTPUT_LENGTH has nothing to do with the COOKIE
LENGTH but the length of the hash calculated via a SHA1 algorithm!

Indeed the macro is called SHA1_OUTPUT_LENGTH which it's pretty self
explanatory.

I have no clue why you believe it is "not enough", maybe you were thinking about
the COOKIE LENGTH? I have no idea...

As you can see from the code there is a reference to an RFC (2104): if you spent
2 minutes looking that up you would see that it states (section 2, page 2, line
6): "16 bytes for MD5 hash output and 20 bytes for SHA-1 hash output".
Further, the RFC 2104 is referenced by the SCTP (RFC 4960) at section 5.1.3
where the topic State Cookie is discerned.

Having said all that, I won't go into any deeper details about the RFC/protocol
over the ML; you can read that up.

If you identify anything wrong with the implementation (which doesn't match the
RFC) please send a patch via gerrit with RFC references.

>
>
>
>
> Best regards
> 刘道林 (Daolin Liu)
> T&W大连市共进科技有限公司
> DALIAN GONGJIN TECHNOLOGY CO.,LTD
> 中国大连市高新园区软件园路1A-4-24层
> Floor 24th, 1A-4 Software Park Road, Hi-tech Zone, Dalian, Liaoning, China
> 直线(TEL)：(86-411)39996705   分机(EXT)：76824
> 手机(Mobile)：(86)13704090959
>
>
> -邮件原件-
> 发件人: Marco Varlese [mailto:mvarl...@suse.de]
> 发送时间: 2018年11月23日 17:07
> 收件人: Liu Daolin (刘道林); vpp-dev@lists.fd.io
> 主题: Re: 答复: 答复: [vpp-dev] about sctp
>
>
> On Fri, 2018-11-23 at 00:57 +, Liu Daolin (刘道林) wrote:
> > Hi Macro,
> >
> > OK, I will try it when I have time.
> Well, as you wish.
>
> > I'm reading the sctp source code and found some issues. The most critical
> > one
> > is the checksum. The sctp checksum should not include the ip header, just
> > only
> > sctp data, and also it should use crc32c, not the current code shown.
> I am not sure what you refer to with "code shown".
> However the crc calculated is indeed the one you mention and it's using SSE4
> instructions which are exactly using the polynomial depicted by RFC 4960.
>
> > Another important i

Re: [vpp-dev] About in-band telnet/ssh support of VPP

[Dave Barach via Lists.Fd.Io]

Please do not use the vpp host stack to listen to port 23 (telnet) on a 
network-facing interface. You could do that, but please don't do that.

All you would need to add is a well-known default password, and you would have 
created a super-trivial attack surface for your product.

Florin and I are working to crank up sshd over the host stack. No guaranteed 
end-date, but it's coming...

D.

From: vpp-dev@lists.fd.io  On Behalf Of tianye@sina
Sent: Sunday, November 25, 2018 9:10 PM
To: vpp-dev@lists.fd.io
Subject: [vpp-dev] About in-band telnet/ssh support of VPP

Hello Everyone:

As we all knows, the latest VPP version 18.10 support telnet.
We can set the conf file like this to monitor the remote telnet request:
unix {
  cli-listen localhost 5002 or cli-listen 192.168. 5002
  .

But actually the IP/Port pair we are listening is the "in-band" interface.
That means that interface belongs to the Linux host system(not the dedicate NIC 
pre-allocated for VPP)
Is there any solution for telnet/ssh toward the VPP in-band interface?
(Provide telnet/ssh support for in-band interface is very important when we 
managed to build a gateway/router device
over bare metal machine, since we cannot guarantee we can involve additional 
out-band interface with any topology and product cost limitation)
-=-=-=-=-=-=-=-=-=-=-=-
Links: You receive all messages sent to this group.

View/Reply Online (#11409): https://lists.fd.io/g/vpp-dev/message/11409
Mute This Topic: https://lists.fd.io/mt/28320167/21656
Group Owner: vpp-dev+ow...@lists.fd.io
Unsubscribe: https://lists.fd.io/g/vpp-dev/unsub  [arch...@mail-archive.com]
-=-=-=-=-=-=-=-=-=-=-=-

Re: [vpp-dev] Regarding page table address NULL in dpdk_pool_create

[Alok Makhariya]

Hi,

Today, I got the following errors on my VPP 18.01 after a restart from a core -

Nov 26 07:55:14 fe01-oam vnet[5990]: clib_sysfs_prealloc_hugepages:239: 
pre-allocating 212 additional 2048K hugepages on numa node 0
Nov 26 07:55:14 fe01-oam vnet[5990]: unix_physmem_region_alloc:231: physmem 
page for region 'dpdk_mbuf_pool_socket0' allocated on the wrong numa node 
(requested 0 actual 4294967294)
Nov 26 07:55:14 fe01-oam vnet[5990]: received signal SIGSEGV, PC 
0x2ad6b0ea4df8, faulting address 0x0
Nov 26 07:56:01 fe01-oam vnet[8225]: clib_sysfs_prealloc_hugepages:239: 
pre-allocating 212 additional 2048K hugepages on numa node 0
Nov 26 07:56:01 fe01-oam vnet[8225]: unix_physmem_region_alloc:231: physmem 
page for region 'dpdk_mbuf_pool_socket0' allocated on the wrong numa node 
(requested 0 actual 4294967294)
Nov 26 07:56:01 fe01-oam vnet[8225]: received signal SIGSEGV, PC 
0x2ae1d820ddf8, faulting address 0x0
Nov 26 07:56:08 fe01-oam vnet[9882]: clib_sysfs_prealloc_hugepages:239: 
pre-allocating 212 additional 2048K hugepages on numa node 0
Nov 26 07:56:08 fe01-oam vnet[9882]: unix_physmem_region_alloc:231: physmem 
page for region 'dpdk_mbuf_pool_socket0' allocated on the wrong numa node 
(requested 0 actual 4294967294)
Nov 26 07:56:08 fe01-oam vnet[9882]: received signal SIGSEGV, PC 
0x2b9e286bcdf8, faulting address 0x0
Nov 26 07:56:15 fe01-oam vnet[10213]: clib_sysfs_prealloc_hugepages:239: 
pre-allocating 212 additional 2048K hugepages on numa node 0
Nov 26 07:56:15 fe01-oam vnet[10213]: unix_physmem_region_alloc:231: physmem 
page for region 'dpdk_mbuf_pool_socket0' allocated on the wrong numa node 
(requested 0 actual 4294967294)
Nov 26 07:56:15 fe01-oam vnet[10213]: received signal SIGSEGV, PC 
0x2b08007ffdf8, faulting address 0x0
Nov 26 07:56:26 fe01-oam vnet[10549]: clib_sysfs_prealloc_hugepages:239: 
pre-allocating 212 additional 2048K hugepages on numa node 0
Nov 26 07:56:26 fe01-oam vnet[10549]: unix_physmem_region_alloc:231: physmem 
page for region 'dpdk_mbuf_pool_socket0' allocated on the wrong numa node 
(requested 0 actual 4294967294)
Nov 26 07:56:26 fe01-oam vnet[10549]: received signal SIGSEGV, PC 
0x2b1c399e0df8, faulting address 0x0
Nov 26 07:56:33 fe01-oam vnet[11007]: clib_sysfs_prealloc_hugepages:239: 
pre-allocating 212 additional 2048K hugepages on numa node 0
Nov 26 07:56:33 fe01-oam vnet[11007]: unix_physmem_region_alloc:231: physmem 
page for region 'dpdk_mbuf_pool_socket0' allocated on the wrong numa node 
(requested 0 actual 4294967294)
Nov 26 07:56:33 fe01-oam vnet[11007]: received signal SIGSEGV, PC 
0x2b7e9504fdf8, faulting address 0x0
Nov 26 07:56:41 fe01-oam vnet[11319]: clib_sysfs_prealloc_hugepages:239: 
pre-allocating 212 additional 2048K hugepages on numa node 0
Nov 26 07:56:41 fe01-oam vnet[11319]: unix_physmem_region_alloc:231: physmem 
page for region 'dpdk_mbuf_pool_socket0' allocated on the wrong numa node 
(requested 0 actual 4294967294)
Nov 26 07:56:41 fe01-oam vnet[11319]: received signal SIGSEGV, PC 
0x2b2b4289ddf8, faulting address 0x0
Nov 26 07:56:48 fe01-oam vnet[11706]: clib_sysfs_prealloc_hugepages:239: 
pre-allocating 212 additional 2048K hugepages on numa node 0
Nov 26 07:56:48 fe01-oam vnet[11706]: unix_physmem_region_alloc:231: physmem 
page for region 'dpdk_mbuf_pool_socket0' allocated on the wrong numa node 
(requested 0 actual 4294967294)
Nov 26 07:56:48 fe01-oam vnet[11706]: received signal SIGSEGV, PC 
0x2b817b8abdf8, faulting address 0x0
Nov 26 07:56:55 fe01-oam vnet[12037]: clib_sysfs_prealloc_hugepages:239: 
pre-allocating 212 additional 2048K hugepages on numa node 0
Nov 26 07:56:55 fe01-oam vnet[12037]: unix_physmem_region_alloc:231: physmem 
page for region 'dpdk_mbuf_pool_socket0' allocated on the wrong numa node 
(requested 0 actual 4294967294)
Nov 26 07:56:55 fe01-oam vnet[12037]: received signal SIGSEGV, PC 
0x2b9ae2e28df8, faulting address 0x0
Nov 26 07:57:03 fe01-oam vnet[12366]: clib_sysfs_prealloc_hugepages:239: 
pre-allocating 212 additional 2048K hugepages on numa node 0
Nov 26 07:57:03 fe01-oam vnet[12366]: unix_physmem_region_alloc:231: physmem 
page for region 'dpdk_mbuf_pool_socket0' allocated on the wrong numa node 
(requested 0 actual 4294967294)
Nov 26 07:57:03 fe01-oam vnet[12366]: received signal SIGSEGV, PC 
0x2b749e33bdf8, faulting address 0x0
Nov 26 07:57:11 fe01-oam vnet[12801]: clib_sysfs_prealloc_hugepages:239: 
pre-allocating 212 additional 2048K hugepages on numa node 0
Nov 26 07:57:11 fe01-oam vnet[12801]: unix_physmem_region_alloc:231: physmem 
page for region 'dpdk_mbuf_pool_socket0' allocated on the wrong numa node 
(requested 0 actual 4294967294)
Nov 26 07:57:11 fe01-oam vnet[12801]: received signal SIGSEGV, PC 
0x2b56e48badf8, faulting address 0x0
Nov 26 07:57:18 fe01-oam vnet[13134]: clib_sysfs_prealloc_hugepages:239: 
pre-allocating 212 additional 2048K hugepages on numa node 0
Nov 26 07:57:18 fe01-oam vnet[13134]: unix_physmem_region_alloc:231: physmem 
page for region 'dpdk_mbuf_pool_socket0' allo

Re: [vpp-dev] question related to VPP statistics

[Vratko Polak -X (vrpolak - PANTHEON TECHNOLOGIES at Cisco) via Lists.Fd.Io]

There is "stat segment" [0] way of publishing counters.
But it was added somewhat recently,
so ipsec code probably does not support it (yet).

Vratko.

[0] https://github.com/FDio/vpp/blob/master/src/vpp/stats/stats.md

From: vpp-dev@lists.fd.io  On Behalf Of Kevin Yan
Sent: Friday, 2018-November-02 02:40
To: vpp-dev@lists.fd.io
Subject: [vpp-dev] question related to VPP statistics

Hello VPP experts,
  We are designing an application mainly acting as a SeGW, VPP is used as 
fast-path,  we have a slow-path application called ipsecAgent to manage ipsec 
tunnels.  ipsecAgent need to get the ipsec tunnel statistics from VPP to 
trigger some features, such as , Re-key when packets/bytes reaches the 
limitation,  ipsec tunnel deletion when inactivity timer reached, etc.  If we 
use binary API to communicate between slow-path and VPP,  I don’t know if there 
will be performance issue here,  for example, if we support 100k ipsec tunnels, 
 slow path need to query the ipsec statistics every 5 seconds per tunnel, then 
there will be 10/5=2 messages/s. What we are thinking of is if we can 
use shared memory directly, i.e. VPP creates shared memory at startup phase, 
and ipsec related statistics are stored and updated in this shared memory, 
slow-path only map this shared memory and get statistics by reading shared 
memory directly.
  Is it more efficient ? or we can use other solution VPP already provided 
but I don’t know yet.

  Thanks.


BRs,
Kevin

This e-mail message may contain confidential or proprietary information of 
Mavenir Systems, Inc. or its affiliates and is intended solely for the use of 
the intended recipient(s). If you are not the intended recipient of this 
message, you are hereby notified that any review, use or distribution of this 
information is absolutely prohibited and we request that you delete all copies 
in your control and contact us by e-mailing to 
secur...@mavenir.com. This message contains the 
views of its author and may not necessarily reflect the views of Mavenir 
Systems, Inc. or its affiliates, who employ systems to monitor email messages, 
but make no representation that such messages are authorized, secure, 
uncompromised, or free from computer viruses, malware, or other defects. Thank 
You
-=-=-=-=-=-=-=-=-=-=-=-
Links: You receive all messages sent to this group.

View/Reply Online (#11411): https://lists.fd.io/g/vpp-dev/message/11411
Mute This Topic: https://lists.fd.io/mt/27823623/21656
Group Owner: vpp-dev+ow...@lists.fd.io
Unsubscribe: https://lists.fd.io/g/vpp-dev/unsub  [arch...@mail-archive.com]
-=-=-=-=-=-=-=-=-=-=-=-

Re: [vpp-dev] question related to VPP statistics

[Ole Troan]

> There is "stat segment" [0] way of publishing counters.
> But it was added somewhat recently,
> so ipsec code probably does not support it (yet).

Right, and if ipsec uses interfaces, then the counters are already there in the 
stat segment.
Available either through the C, Python or Go interfaces.

Cheers,
Ole


>  
> Vratko.
>  
> [0] https://github.com/FDio/vpp/blob/master/src/vpp/stats/stats.md
>  
> From: vpp-dev@lists.fd.io  On Behalf Of Kevin Yan
> Sent: Friday, 2018-November-02 02:40
> To: vpp-dev@lists.fd.io
> Subject: [vpp-dev] question related to VPP statistics
>  
> Hello VPP experts,
>   We are designing an application mainly acting as a SeGW, VPP is used as 
> fast-path,  we have a slow-path application called ipsecAgent to manage ipsec 
> tunnels.  ipsecAgent need to get the ipsec tunnel statistics from VPP to 
> trigger some features, such as , Re-key when packets/bytes reaches the 
> limitation,  ipsec tunnel deletion when inactivity timer reached, etc.  If we 
> use binary API to communicate between slow-path and VPP,  I don’t know if 
> there will be performance issue here,  for example, if we support 100k ipsec 
> tunnels,  slow path need to query the ipsec statistics every 5 seconds per 
> tunnel, then there will be 10/5=2 messages/s. What we are thinking of 
> is if we can use shared memory directly, i.e. VPP creates shared memory at 
> startup phase, and ipsec related statistics are stored and updated in this 
> shared memory, slow-path only map this shared memory and get statistics by 
> reading shared memory directly.
>   Is it more efficient ? or we can use other solution VPP already 
> provided but I don’t know yet.
>  
>   Thanks.
>  
>  
> BRs,
> Kevin
> This e-mail message may contain confidential or proprietary information of 
> Mavenir Systems, Inc. or its affiliates and is intended solely for the use of 
> the intended recipient(s). If you are not the intended recipient of this 
> message, you are hereby notified that any review, use or distribution of this 
> information is absolutely prohibited and we request that you delete all 
> copies in your control and contact us by e-mailing to secur...@mavenir.com. 
> This message contains the views of its author and may not necessarily reflect 
> the views of Mavenir Systems, Inc. or its affiliates, who employ systems to 
> monitor email messages, but make no representation that such messages are 
> authorized, secure, uncompromised, or free from computer viruses, malware, or 
> other defects. Thank You
> -=-=-=-=-=-=-=-=-=-=-=-
> Links: You receive all messages sent to this group.
> 
> View/Reply Online (#11411): https://lists.fd.io/g/vpp-dev/message/11411
> Mute This Topic: https://lists.fd.io/mt/27823623/675193
> Group Owner: vpp-dev+ow...@lists.fd.io
> Unsubscribe: https://lists.fd.io/g/vpp-dev/unsub  [otr...@employees.org]
> -=-=-=-=-=-=-=-=-=-=-=-

-=-=-=-=-=-=-=-=-=-=-=-
Links: You receive all messages sent to this group.

View/Reply Online (#11412): https://lists.fd.io/g/vpp-dev/message/11412
Mute This Topic: https://lists.fd.io/mt/27823623/21656
Group Owner: vpp-dev+ow...@lists.fd.io
Unsubscribe: https://lists.fd.io/g/vpp-dev/unsub  [arch...@mail-archive.com]
-=-=-=-=-=-=-=-=-=-=-=-

Re: [vpp-dev] Build failing on AArch64

[Sirshak Das]

I tried it the second time it worked. Will keep track of the steps to reproduce 
next time.
Thanks all for the help.

-Original Message-
From: vpp-dev@lists.fd.io  On Behalf Of Sirshak Das
Sent: Monday, November 26, 2018 11:19 AM
To: vpp-dev@lists.fd.io; Honnappa Nagarahalli ; 
Juraj Linkeš ; Lijian Zhang (Arm Technology China) 

Subject: [vpp-dev] Build failing on AArch64

Hi all,

I am currently facing these build failures in master on AArch64.

[38/1160] Building C object vat/CMakeFiles/vpp_api_test.dir/types.c.o
FAILED: vat/CMakeFiles/vpp_api_test.dir/types.c.o
ccache /usr/lib/ccache/cc -DHAVE_MEMFD_CREATE -Dvpp_api_test_EXPORTS 
-I/home/sirdas/code/commita/vpp/src -I. -Iinclude -march=armv8-a+crc -g -O2 
-DFORTIFY_SOURCE=2 -fstack-protector -fPIC -Werror   
-Wno-address-of-packed-member -pthread -MD -MT 
vat/CMakeFiles/vpp_api_test.dir/types.c.o -MF 
vat/CMakeFiles/vpp_api_test.dir/types.c.o.d -o 
vat/CMakeFiles/vpp_api_test.dir/types.c.o   -c 
/home/sirdas/code/commita/vpp/src/vat/types.c
In file included from 
/home/sirdas/code/commita/vpp/src/vpp/api/vpe_all_api_h.h:25,
 from /home/sirdas/code/commita/vpp/src/vpp/api/types.h:20,
 from /home/sirdas/code/commita/vpp/src/vat/types.c:19:
/home/sirdas/code/commita/vpp/src/vnet/vnet_all_api_h.h:33:10: fatal error: 
vnet/devices/af_packet/af_packet.api.h: No such file or directory  #include 

  ^~~~
compilation terminated.
[85/1160] Building C object vnet/CMakeFiles/vnet_cortexa72.dir/ethernet/node.c.o
ninja: build stopped: subcommand failed.
Makefile:691: recipe for target 'vpp-build' failed
make[1]: *** [vpp-build] Error 1
make[1]: Leaving directory '/home/sirdas/code/commita/vpp/build-root'
Makefile:366: recipe for target 'build-release' failed
make: *** [build-release] Error 2

[114/1310] Building C object vat/CMakeFiles/vpp_api_test.dir/types.c.o
FAILED: vat/CMakeFiles/vpp_api_test.dir/types.c.o
ccache /usr/lib/ccache/cc -DHAVE_MEMFD_CREATE -Dvpp_api_test_EXPORTS 
-I/home/sirdas/code/commitb/vpp/src -I. -Iinclude -march=armv8-a+crc -g -O2 
-DFORTIFY_SOURCE=2 -fstack-protector -fPIC -Werror   
-Wno-address-of-packed-member -pthread -MD -MT 
vat/CMakeFiles/vpp_api_test.dir/types.c.o -MF 
vat/CMakeFiles/vpp_api_test.dir/types.c.o.d -o 
vat/CMakeFiles/vpp_api_test.dir/types.c.o   -c 
/home/sirdas/code/commitb/vpp/src/vat/types.c
In file included from 
/home/sirdas/code/commitb/vpp/src/vpp/api/vpe_all_api_h.h:25,
 from /home/sirdas/code/commitb/vpp/src/vpp/api/types.h:20,
 from /home/sirdas/code/commitb/vpp/src/vat/types.c:19:
/home/sirdas/code/commitb/vpp/src/vnet/vnet_all_api_h.h:32:10: fatal error: 
vnet/bonding/bond.api.h: No such file or directory  #include 

  ^
compilation terminated.
[161/1310] Building C object 
vnet/CMakeFiles/vnet_thunderx2t99.dir/ethernet/node.c.o
ninja: build stopped: subcommand failed.
Makefile:691: recipe for target 'vpp-build' failed
make[1]: *** [vpp-build] Error 1
make[1]: Leaving directory '/home/sirdas/code/commitb/vpp/build-root'
Makefile:366: recipe for target 'build-release' failed
make: *** [build-release] Error 2


Its all someway or the other related to *.api files and genereated header files.

I am not able to isolate any particular commit that did this.

Does anybody know if anything changed off the top of their head ?

Thank you
Sirshak Das
IMPORTANT NOTICE: The contents of this email and any attachments are 
confidential and may also be privileged. If you are not the intended recipient, 
please notify the sender immediately and do not disclose the contents to any 
other person, use it for any purpose, or store or copy the information in any 
medium. Thank you.
-=-=-=-=-=-=-=-=-=-=-=-
Links: You receive all messages sent to this group.

View/Reply Online (#11413): https://lists.fd.io/g/vpp-dev/message/11413
Mute This Topic: https://lists.fd.io/mt/28318534/21656
Group Owner: vpp-dev+ow...@lists.fd.io
Unsubscribe: https://lists.fd.io/g/vpp-dev/unsub  [arch...@mail-archive.com]
-=-=-=-=-=-=-=-=-=-=-=-

Re: [vpp-dev] Build failing on Fedora

[Ed Kern via Lists.Fd.Io]

Burt,

Just an fyi and a comment…

fyi on the build containers we install cmake  (this predated cmakeY being in 
the Makefile)
cmake version 2.8.12.2

cmake3 is installed as part of install dep
cmake3 version 3.12.2

My build will fail (centos)  without cmake3
CMake Error at CMakeLists.txt:14 (cmake_minimum_required):
  CMake 3.5 or higher is required.  You are running version 2.8.12.2

on my centos container I can get a good build without cmake being installed at 
all..(only cmake3)

Also (because Ive fallen into this hole before) your dnf change wont work 
because it requires dnf..
If you really want to use dnf you’ll need to install it with yum (or some other 
way) first then switch over to all dnf
based installs.

Ed



On Nov 24, 2018, at 2:42 PM, Burt Silverman 
mailto:bur...@gmail.com>> wrote:

I agree re cmake3, it looks like the correct package is cmake, not cmake3. 
Maybe something like this is needed (for the Fedora case) since dnf has been 
around a long time now.

diff --git a/Makefile b/Makefile
index e0c710fd..3c8d7c31 100644
--- a/Makefile
+++ b/Makefile
@@ -82,13 +82,13 @@ else
DEB_DEPENDS += libssl-dev
 endif

-RPM_DEPENDS  = redhat-lsb glibc-static java-1.8.0-openjdk-devel yum-utils
+RPM_DEPENDS  = redhat-lsb glibc-static java-1.8.0-openjdk-devel dnf
 RPM_DEPENDS += apr-devel
 RPM_DEPENDS += numactl-devel
 RPM_DEPENDS += check check-devel
 RPM_DEPENDS += boost boost-devel
 RPM_DEPENDS += selinux-policy selinux-policy-devel
-RPM_DEPENDS += cmake3 ninja-build
+RPM_DEPENDS += cmake ninja-build

 ifeq ($(OS_ID)-$(OS_VERSION_ID),fedora-25)
RPM_DEPENDS += subunit subunit-devel
@@ -300,9 +300,9 @@ ifeq ($(OS_ID),rhel)
 else ifeq ($(OS_ID),centos)
@sudo -E yum install $(CONFIRM) centos-release-scl-rh
 endif
-   @sudo -E yum groupinstall $(CONFIRM) $(RPM_DEPENDS_GROUPS)
-   @sudo -E yum install $(CONFIRM) $(RPM_DEPENDS)
-   @sudo -E debuginfo-install $(CONFIRM) glibc openssl-libs mbedtls-devel 
zlib
+   @sudo -E dnf group install $(CONFIRM) $(RPM_DEPENDS_GROUPS)
+   @sudo -E dnf install $(CONFIRM) $(RPM_DEPENDS)
+   @sudo -E dnf debuginfo-install $(CONFIRM) glibc openssl-libs 
mbedtls-devel zlib openssl-libs
 else ifeq ($(filter opensuse-tumbleweed,$(OS_ID)),$(OS_ID))
@sudo -E zypper refresh
@sudo -E zypper install -y $(RPM_SUSE_DEPENDS)
(END)


Burt
-=-=-=-=-=-=-=-=-=-=-=-
Links: You receive all messages sent to this group.

View/Reply Online (#11392): https://lists.fd.io/g/vpp-dev/message/11392
Mute This Topic: https://lists.fd.io/mt/28281426/675649
Group Owner: vpp-dev+ow...@lists.fd.io
Unsubscribe: https://lists.fd.io/g/vpp-dev/unsub  
[e...@cisco.com]
-=-=-=-=-=-=-=-=-=-=-=-

-=-=-=-=-=-=-=-=-=-=-=-
Links: You receive all messages sent to this group.

View/Reply Online (#11414): https://lists.fd.io/g/vpp-dev/message/11414
Mute This Topic: https://lists.fd.io/mt/28281426/21656
Group Owner: vpp-dev+ow...@lists.fd.io
Unsubscribe: https://lists.fd.io/g/vpp-dev/unsub  [arch...@mail-archive.com]
-=-=-=-=-=-=-=-=-=-=-=-

Re: [vpp-dev] Build failing on Fedora

[Burt Silverman]

Hi Ed,

Thank you for looking at my change, and I apologize for some laziness -- I
should have made it more clear that I was only doing part of the job -- not
adding the needed ifeq's so that this Fedora stuff would be isolated from
other platforms. I leave it to somebody else to finish the job.

Ouch, even the line I was most proud of has a glitch:
+   @sudo -E dnf debuginfo-install $(CONFIRM) glibc openssl-libs
mbedtls-devel zlib openssl-libs

I did not mean to add openssl-libs at the end (it already shows earlier in
the line). The main goody (for Fedora) is that "dnf debuginfo-install" as
opposed to simply "debuginfo-install" made an error disappear. The latter
fails in an ungraceful fashion; I have not looked into that very deeply.

Burt
-=-=-=-=-=-=-=-=-=-=-=-
Links: You receive all messages sent to this group.

View/Reply Online (#11415): https://lists.fd.io/g/vpp-dev/message/11415
Mute This Topic: https://lists.fd.io/mt/28281426/21656
Group Owner: vpp-dev+ow...@lists.fd.io
Unsubscribe: https://lists.fd.io/g/vpp-dev/unsub  [arch...@mail-archive.com]
-=-=-=-=-=-=-=-=-=-=-=-

Re: [vpp-dev] Build failing on Fedora

[Jim Thompson]

> On Nov 26, 2018, at 12:05 PM, Burt Silverman  wrote:
> 
> Hi Ed,
> 
> Thank you for looking at my change, and I apologize for some laziness -- I 
> should have made it more clear that I was only doing part of the job -- not 
> adding the needed ifeq's so that this Fedora stuff would be isolated from 
> other platforms. I leave it to somebody else to finish the job.
> 
> Ouch, even the line I was most proud of has a glitch:
> +   @sudo -E dnf debuginfo-install $(CONFIRM) glibc openssl-libs 
> mbedtls-devel zlib openssl-libs 
> 
> I did not mean to add openssl-libs at the end (it already shows earlier in 
> the line). The main goody (for Fedora) is that "dnf debuginfo-install" as 
> opposed to simply "debuginfo-install" made an error disappear. The latter 
> fails in an ungraceful fashion; I have not looked into that very deeply.
> 
> Burt


I’ve been dealing with this by installing epel.  Fresh minimal 7.5 install on 
top of QEMU on a Mac (thanks to Damjan for pointing out that the newest QEMU 
uses hypervisor.framework!)

https://gist.github.com/gonzopancho/4091e160f2cb86c0a94674b554ff#file-gistfile1-txt-L889-L890
 


https://gist.github.com/gonzopancho/4091e160f2cb86c0a94674b554ff#file-gistfile1-txt-L3995-L4254
 


And was about to write vpp-dev about same.

So do we want epel here, and thus cmake3?

Jim



-=-=-=-=-=-=-=-=-=-=-=-
Links: You receive all messages sent to this group.

View/Reply Online (#11416): https://lists.fd.io/g/vpp-dev/message/11416
Mute This Topic: https://lists.fd.io/mt/28281426/21656
Group Owner: vpp-dev+ow...@lists.fd.io
Unsubscribe: https://lists.fd.io/g/vpp-dev/unsub  [arch...@mail-archive.com]
-=-=-=-=-=-=-=-=-=-=-=-

Re: [vpp-dev] Build failing on Fedora

[Thomas F Herbert]

It is set to cmake3 cmake isn't available in Centos but cmake3 is.

We should patch Makefile so Fedora dep is cmake but Centos/RHEL is cmake3.

I will work on a fix.

--Tom


On 11/26/2018 01:57 PM, Jim Thompson wrote:



On Nov 26, 2018, at 12:05 PM, Burt Silverman > wrote:


Hi Ed,

Thank you for looking at my change, and I apologize for some laziness 
-- I should have made it more clear that I was only doing part of the 
job -- not adding the needed ifeq's so that this Fedora stuff would 
be isolated from other platforms. I leave it to somebody else to 
finish the job.


Ouch, even the line I was most proud of has a glitch:
+       @sudo -E dnf debuginfo-install $(CONFIRM) glibc openssl-libs 
mbedtls-devel zlib openssl-libs


I did not mean to add openssl-libs at the end (it already shows 
earlier in the line). The main goody (for Fedora) is that "dnf 
debuginfo-install" as opposed to simply "debuginfo-install" made an 
error disappear. The latter fails in an ungraceful fashion; I have 
not looked into that very deeply.


Burt


I’ve been dealing with this by installing epel.  Fresh minimal 7.5 
install on top of QEMU on a Mac (thanks to Damjan for pointing out 
that the newest QEMU uses hypervisor.framework!)


https://gist.github.com/gonzopancho/4091e160f2cb86c0a94674b554ff#file-gistfile1-txt-L889-L890

https://gist.github.com/gonzopancho/4091e160f2cb86c0a94674b554ff#file-gistfile1-txt-L3995-L4254

And was about to write vpp-dev about same.

So do we want epel here, and thus cmake3?

Jim





-=-=-=-=-=-=-=-=-=-=-=-
Links: You receive all messages sent to this group.

View/Reply Online (#11416): https://lists.fd.io/g/vpp-dev/message/11416
Mute This Topic: https://lists.fd.io/mt/28281426/675058
Group Owner: vpp-dev+ow...@lists.fd.io
Unsubscribe: https://lists.fd.io/g/vpp-dev/unsub  [therb...@redhat.com]
-=-=-=-=-=-=-=-=-=-=-=-


--
*Thomas F Herbert*
NFV and Fast Data Planes
Networking Group Office of the CTO
*Red Hat*
-=-=-=-=-=-=-=-=-=-=-=-
Links: You receive all messages sent to this group.

View/Reply Online (#11417): https://lists.fd.io/g/vpp-dev/message/11417
Mute This Topic: https://lists.fd.io/mt/28281426/21656
Group Owner: vpp-dev+ow...@lists.fd.io
Unsubscribe: https://lists.fd.io/g/vpp-dev/unsub  [arch...@mail-archive.com]
-=-=-=-=-=-=-=-=-=-=-=-

Re: [vpp-dev] Build failing on Fedora

[Thomas F Herbert]

I just verified with top of master that vpp builds fine on Fedora 28.

As for the current Centos release 7.5, you must install epel as below 
which is not explicitly in build dependencies.


yum install epel-release



On 11/26/2018 01:57 PM, Jim Thompson wrote:



On Nov 26, 2018, at 12:05 PM, Burt Silverman > wrote:


Hi Ed,

Thank you for looking at my change, and I apologize for some laziness 
-- I should have made it more clear that I was only doing part of the 
job -- not adding the needed ifeq's so that this Fedora stuff would 
be isolated from other platforms. I leave it to somebody else to 
finish the job.


Ouch, even the line I was most proud of has a glitch:
+       @sudo -E dnf debuginfo-install $(CONFIRM) glibc openssl-libs 
mbedtls-devel zlib openssl-libs


I did not mean to add openssl-libs at the end (it already shows 
earlier in the line). The main goody (for Fedora) is that "dnf 
debuginfo-install" as opposed to simply "debuginfo-install" made an 
error disappear. The latter fails in an ungraceful fashion; I have 
not looked into that very deeply.


Burt


I’ve been dealing with this by installing epel.  Fresh minimal 7.5 
install on top of QEMU on a Mac (thanks to Damjan for pointing out 
that the newest QEMU uses hypervisor.framework!)


https://gist.github.com/gonzopancho/4091e160f2cb86c0a94674b554ff#file-gistfile1-txt-L889-L890

https://gist.github.com/gonzopancho/4091e160f2cb86c0a94674b554ff#file-gistfile1-txt-L3995-L4254

And was about to write vpp-dev about same.

So do we want epel here, and thus cmake3?

Jim





-=-=-=-=-=-=-=-=-=-=-=-
Links: You receive all messages sent to this group.

View/Reply Online (#11416): https://lists.fd.io/g/vpp-dev/message/11416
Mute This Topic: https://lists.fd.io/mt/28281426/675058
Group Owner: vpp-dev+ow...@lists.fd.io
Unsubscribe: https://lists.fd.io/g/vpp-dev/unsub  [therb...@redhat.com]
-=-=-=-=-=-=-=-=-=-=-=-


--
*Thomas F Herbert*
NFV and Fast Data Planes
Networking Group Office of the CTO
*Red Hat*
-=-=-=-=-=-=-=-=-=-=-=-
Links: You receive all messages sent to this group.

View/Reply Online (#11418): https://lists.fd.io/g/vpp-dev/message/11418
Mute This Topic: https://lists.fd.io/mt/28281426/21656
Group Owner: vpp-dev+ow...@lists.fd.io
Unsubscribe: https://lists.fd.io/g/vpp-dev/unsub  [arch...@mail-archive.com]
-=-=-=-=-=-=-=-=-=-=-=-

Re: [E] Re: [vpp-dev] question related to VPP statistics

[Kevin Yan]

Thanks very much , I will check the new stat mechanism!

-Original Message-
From: Ole Troan [mailto:otr...@employees.org]
Sent: Tuesday, November 27, 2018 12:45 AM
To: Vratko Polak -X (vrpolak - PANTHEON TECHNOLOGIES at Cisco) 

Cc: Kevin Yan ; vpp-dev@lists.fd.io
Subject: [E] Re: [vpp-dev] question related to VPP statistics

> There is "stat segment" [0] way of publishing counters.
> But it was added somewhat recently,
> so ipsec code probably does not support it (yet).

Right, and if ipsec uses interfaces, then the counters are already there in the 
stat segment.
Available either through the C, Python or Go interfaces.

Cheers,
Ole


>
> Vratko.
>
> [0] https://github.com/FDio/vpp/blob/master/src/vpp/stats/stats.md
>
> From: vpp-dev@lists.fd.io  On Behalf Of Kevin Yan
> Sent: Friday, 2018-November-02 02:40
> To: vpp-dev@lists.fd.io
> Subject: [vpp-dev] question related to VPP statistics
>
> Hello VPP experts,
>   We are designing an application mainly acting as a SeGW, VPP is used as 
> fast-path,  we have a slow-path application called ipsecAgent to manage ipsec 
> tunnels.  ipsecAgent need to get the ipsec tunnel statistics from VPP to 
> trigger some features, such as , Re-key when packets/bytes reaches the 
> limitation,  ipsec tunnel deletion when inactivity timer reached, etc.  If we 
> use binary API to communicate between slow-path and VPP,  I don’t know if 
> there will be performance issue here,  for example, if we support 100k ipsec 
> tunnels,  slow path need to query the ipsec statistics every 5 seconds per 
> tunnel, then there will be 10/5=2 messages/s. What we are thinking of 
> is if we can use shared memory directly, i.e. VPP creates shared memory at 
> startup phase, and ipsec related statistics are stored and updated in this 
> shared memory, slow-path only map this shared memory and get statistics by 
> reading shared memory directly.
>   Is it more efficient ? or we can use other solution VPP already 
> provided but I don’t know yet.
>
>   Thanks.
>
>
> BRs,
> Kevin
> This e-mail message may contain confidential or proprietary information of 
> Mavenir Systems, Inc. or its affiliates and is intended solely for the use of 
> the intended recipient(s). If you are not the intended recipient of this 
> message, you are hereby notified that any review, use or distribution of this 
> information is absolutely prohibited and we request that you delete all 
> copies in your control and contact us by e-mailing to secur...@mavenir.com. 
> This message contains the views of its author and may not necessarily reflect 
> the views of Mavenir Systems, Inc. or its affiliates, who employ systems to 
> monitor email messages, but make no representation that such messages are 
> authorized, secure, uncompromised, or free from computer viruses, malware, or 
> other defects. Thank You
> -=-=-=-=-=-=-=-=-=-=-=-
> Links: You receive all messages sent to this group.
>
> View/Reply Online (#11411): https://lists.fd.io/g/vpp-dev/message/11411
> Mute This Topic: https://lists.fd.io/mt/27823623/675193
> Group Owner: vpp-dev+ow...@lists.fd.io
> Unsubscribe: https://lists.fd.io/g/vpp-dev/unsub  [otr...@employees.org]
> -=-=-=-=-=-=-=-=-=-=-=-


This e-mail message may contain confidential or proprietary information of 
Mavenir Systems, Inc. or its affiliates and is intended solely for the use of 
the intended recipient(s). If you are not the intended recipient of this 
message, you are hereby notified that any review, use or distribution of this 
information is absolutely prohibited and we request that you delete all copies 
in your control and contact us by e-mailing to secur...@mavenir.com. This 
message contains the views of its author and may not necessarily reflect the 
views of Mavenir Systems, Inc. or its affiliates, who employ systems to monitor 
email messages, but make no representation that such messages are authorized, 
secure, uncompromised, or free from computer viruses, malware, or other 
defects. Thank You
-=-=-=-=-=-=-=-=-=-=-=-
Links: You receive all messages sent to this group.

View/Reply Online (#11419): https://lists.fd.io/g/vpp-dev/message/11419
Mute This Topic: https://lists.fd.io/mt/28367448/21656
Group Owner: vpp-dev+ow...@lists.fd.io
Unsubscribe: https://lists.fd.io/g/vpp-dev/unsub  [arch...@mail-archive.com]
-=-=-=-=-=-=-=-=-=-=-=-

Re: [vpp-dev] About in-band telnet/ssh support of VPP

[Xuekun]

Dave, can you estimate when the sshd work to be done? We really like this 
feature.
Thanks.

From: vpp-dev@lists.fd.io  On Behalf Of Dave Barach via 
Lists.Fd.Io
Sent: Monday, November 26, 2018 8:42 PM
To: tianye@sina ; vpp-dev@lists.fd.io
Cc: vpp-dev@lists.fd.io
Subject: Re: [vpp-dev] About in-band telnet/ssh support of VPP

Please do not use the vpp host stack to listen to port 23 (telnet) on a 
network-facing interface. You could do that, but please don't do that.

All you would need to add is a well-known default password, and you would have 
created a super-trivial attack surface for your product.

Florin and I are working to crank up sshd over the host stack. No guaranteed 
end-date, but it's coming...

D.

From: vpp-dev@lists.fd.io 
mailto:vpp-dev@lists.fd.io>> On Behalf Of tianye@sina
Sent: Sunday, November 25, 2018 9:10 PM
To: vpp-dev@lists.fd.io
Subject: [vpp-dev] About in-band telnet/ssh support of VPP

Hello Everyone:

As we all knows, the latest VPP version 18.10 support telnet.
We can set the conf file like this to monitor the remote telnet request:
unix {
  cli-listen localhost 5002 or cli-listen 192.168. 5002
  .

But actually the IP/Port pair we are listening is the "in-band" interface.
That means that interface belongs to the Linux host system(not the dedicate NIC 
pre-allocated for VPP)
Is there any solution for telnet/ssh toward the VPP in-band interface?
(Provide telnet/ssh support for in-band interface is very important when we 
managed to build a gateway/router device
over bare metal machine, since we cannot guarantee we can involve additional 
out-band interface with any topology and product cost limitation)
-=-=-=-=-=-=-=-=-=-=-=-
Links: You receive all messages sent to this group.

View/Reply Online (#11420): https://lists.fd.io/g/vpp-dev/message/11420
Mute This Topic: https://lists.fd.io/mt/28320167/21656
Group Owner: vpp-dev+ow...@lists.fd.io
Unsubscribe: https://lists.fd.io/g/vpp-dev/unsub  [arch...@mail-archive.com]
-=-=-=-=-=-=-=-=-=-=-=-

Re: [vpp-dev] Build failing on Fedora

[Burt Silverman]

Possibly "29" is the only Fedora release that has issues? At the very
least, "make install-dep" was coughing there.

Burt
-=-=-=-=-=-=-=-=-=-=-=-
Links: You receive all messages sent to this group.

View/Reply Online (#11421): https://lists.fd.io/g/vpp-dev/message/11421
Mute This Topic: https://lists.fd.io/mt/28281426/21656
Group Owner: vpp-dev+ow...@lists.fd.io
Unsubscribe: https://lists.fd.io/g/vpp-dev/unsub  [arch...@mail-archive.com]
-=-=-=-=-=-=-=-=-=-=-=-