Remove pf1-proxy

Dockerfile

@@ -100,7 +100,6 @@ ARG DPSERVICE_FEATURES=""
 RUN meson setup release_build $DPSERVICE_FEATURES --buildtype=release && ninja -C release_build
 RUN CC=clang CXX=clang++ meson setup clang_build $DPSERVICE_FEATURES && ninja -C clang_build
 RUN meson setup xtratest_build $DPSERVICE_FEATURES -Denable_tests=true && ninja -C xtratest_build
-RUN meson setup pf1_proxy_build $DPSERVICE_FEATURES -Denable_pf1_proxy=true && ninja -C pf1_proxy_build
 
 
 # Test-image to run pytest

docs/deployment/help_dpservice-bin.md

@@ -6,8 +6,6 @@
 | -v, --version | None | display version and exit |  |
 | --pf0 | IFNAME | first physical interface (e.g. eth0) |  |
 | --pf1 | IFNAME | second physical interface (e.g. eth1) |  |
-| --pf1-proxy | IFNAME | VF representor to use as a proxy for pf1 packets |  |
-| --pf1-proxy-vf | IFNAME | VF interface of the pf1-proxy VF representor |  |
 | --ipv6 | ADDR6 | IPv6 underlay address |  |
 | --vf-pattern | PATTERN | virtual interface name pattern (e.g. 'eth1vf') |  |
 | --dhcp-mtu | SIZE | set the mtu field in DHCP responses (68 - 1500) |  |

docs/deployment/mellanox.md

@@ -43,9 +43,11 @@ For this mode to be functional, an additional firmware setting `LAG_RESOURCE_ALL
 
 In some cases (looks like a nic/switch combination) performance is severly affected when VM traffic is happening. This has been observed to be fixed by setting `ROCE_CONTROL=1` (this means "disabled", the default is `2` meaning "enabled"). The actual cause of this is yet to be discovered.
 
+> For this to work, kernal has to have "TC recirculation support" (CONFIG_NET_TC_SKB_EXT) enabled. This is not the default for Debian.
+
 
 ## Dp-service setup
 Either `prepare.sh` script or `preparedp.service` systemd unit needs to be run before dp-service can work properly. This should already be done automatically if using the Docker image provided. Make sure this does not produce any errors.
 
 ### Multiport-eswitch
-The `prepare.sh` script supports `--multiport-eswitch` argument to set the card up in multiport-eswitch mode. There is an additional `--pf1-proxy` argument to also create a VF on PF1 for proxying PF1 traffic. Currently both arguments are needed to properly run dpservice in multiport-eswitch mode due to a (suspected) driver bug.
+The `prepare.sh` script supports `--multiport-eswitch` argument to set the card up in multiport-eswitch mode.

docs/development/running.md

@@ -80,10 +80,3 @@ In this mode, only the PF0 (which is bonded with PF1) needs to be specified:
 ```bash
 ./dpservice-bin -a 0000:03:00.0,class=rxq_cqe_comp_en=0,rx_vec_en=1,dv_flow_en=2,dv_esw_en=1,fdb_def_rule_en=1,representor=pf[0-1]vf[0-5] -l 0,1 -- --pf0=enp59s0f1 --pf1=enp59s0f1 --vf-pattern=enp59s0f0_ --ipv6=2a10:afc0:e01f:209:: --no-stats --no-offload --multiport-eswitch
 ```
-
-#### PF1-proxy
-In multiport-eswitch mode, currently PF1 is not usable (suspected driver problem), so dpservice provides a way to proxy the communication over a separate VF on PF1.
-```bash
-./dpservice-bin -a 0000:03:00.0,class=rxq_cqe_comp_en=0,rx_vec_en=1,dv_flow_en=2,dv_esw_en=1,fdb_def_rule_en=1,representor=pf[0-1]vf[0-5] -l 0,1 -- --pf0=enp59s0f1 --pf1=enp59s0f1 --vf-pattern=enp59s0f0_ --ipv6=2a10:afc0:e01f:209:: --no-stats --no-offload --multiport-eswitch --pf1-proxy enp59s0f1npf1vf0 --pf1-proxy-vf enp59s0f1v0
-```
-The `--pf1-proxy` is the representor used by dpservice for proxying packets. The `--pf1-proxy-vf` is the VF used by the Linux kernel to receive packets, i.e. the replacement for PF1. Without `--pf1-proxy-vf` dpservice is unable to determine the MAC address to use for host-host overlay traffic.

docs/sys_design/README.md

@@ -5,14 +5,6 @@ This is the graph topology for packets handled by dpservice. Offloaded packets n
 
 Note that every graph node actually has one other edge to it that leads to a **"Drop"** node, but for clarity this is omitted. As the name suggests, that node has no other edge and is simply dropping the packets without sending them anywhere.
 
-## PF1-proxy
-When using a (conditionally compiled-in) pf1-proxy feature, all traffic for the host (i.e. not underlay traffic for dpservice) needs to be forwarded to a special VF on PF1 called "pf1-proxy" and back.
-
-### Traffic from proxy to PF1
-Since **all packets** without exception need to be forwarded directly to PF1, an rte-rule is installed to do just that, so all packets are offloaded and never enter the graph.
-
-### Traffic from PF1 to proxy
-Only non-underlay IPv6 packets, i.e. IPv6 packets with destination IP matching the host's IP (`--ipv6` command-line argument) are directly forwarded by offloading via an rte-rule. The remaining packets enter dpservice normally and if they are classified as "unusable" (i.e. should be dropped by "Classify" node), they are instead forwarded to pf1-proxy. See the dashed graph edge above.
 
 ## Virtual services
 If virtual services are compiled-in, there is another path for packets to take. Packets going from a virtual IPv4 and TCP/UDP port to a specific web-service (i.e. specific IPv6 and TCP/UDP port) undergo an IP header replacement (from IPv4 to IPv6 and back) to enable VMs to contact IPv6 web-services without the use of NAT. This is useful for services that are heavily used by many connections, like DNS, k8s api-servers, etc.

hack/dp_conf.json

@@ -19,24 +19,6 @@
       "type": "char",
       "array_size": "IF_NAMESIZE"
     },
-    {
-      "lgopt": "pf1-proxy",
-      "arg": "IFNAME",
-      "help": "VF representor to use as a proxy for pf1 packets",
-      "var": "pf1_proxy",
-      "type": "char",
-      "array_size": "IF_NAMESIZE",
-      "ifdef": "ENABLE_PF1_PROXY"
-    },
-    {
-      "lgopt": "pf1-proxy-vf",
-      "arg": "IFNAME",
-      "help": "VF interface of the pf1-proxy VF representor",
-      "var": "pf1_proxy_vf",
-      "type": "char",
-      "array_size": "IF_NAMESIZE",
-      "ifdef": "ENABLE_PF1_PROXY"
-    },
     {
       "lgopt": "ipv6",
       "arg": "ADDR6",

hack/prepare.sh

@@ -10,7 +10,6 @@ set -Eeuo pipefail
 #
 
 OPT_MULTIPORT=false
-OPT_PF1_PROXY=false
 
 BLUEFIELD_IDENTIFIERS=("MT_0000000543", "MT_0000000541")
 MAX_NUMVFS_POSSIBLE=126
@@ -166,10 +165,6 @@ function create_vf() {
 	# plus we don't need to unbind them before enabling switchdev mode
 	log "disabling automatic binding of VFs on pf0 '$pf0'"
 	echo 0 > /sys/bus/pci/devices/$pf0/sriov_drivers_autoprobe
-	if [[ "$OPT_PF1_PROXY" == "true" ]]; then
-		log "enabling automatic binding of VFs on pf1 '$pf1'"
-		echo 1 > /sys/bus/pci/devices/$pf1/sriov_drivers_autoprobe
-	fi
 
 	if [[ "$IS_X86_WITH_MLX" == "true" ]]; then
 		# enable switchdev mode, this operation takes most time
@@ -193,20 +188,6 @@ function create_vf() {
 	actualvfs=$((NUMVFS_DESIRED<totalvfs ? NUMVFS_DESIRED : totalvfs))
 	log "creating $actualvfs virtual functions"
 	echo $actualvfs > /sys/bus/pci/devices/$pf0/sriov_numvfs
-	if [[ "$OPT_PF1_PROXY" == "true" ]]; then
-		log "creating pf1-proxy virtual function"
-		echo 1 > /sys/bus/pci/devices/$pf1/sriov_numvfs
-		log "configuring pf1-proxy"
-		local pf1proxy=$(get_pf1_proxy $pf1)
-		ip link set $pf1proxy mtu 9100
-		ip link set $pf1proxy up
-		local pf1_name=$(get_ifname 1)
-		local pf1_mac=$(cat /sys/class/net/$pf1_name/address)
-		local pf1proxy_vf=$(get_pf1_proxy_vf)
-		ip link set $pf1proxy_vf mtu 9100
-		ip link set $pf1proxy_vf address $pf1_mac
-		ip link set $pf1proxy_vf up
-	fi
 }
 
 function get_pattern() {
@@ -220,27 +201,6 @@ function get_pattern() {
 	echo "$pattern"
 }
 
-function get_pf1_proxy() {
-	local dev=$1
-	proxy=$(devlink port | grep pci/$dev/ | grep "virtual\|pcivf" | awk '{print $5}' | uniq)
-	if [ -z "$proxy" ]; then
-		err "can't determine the pf1-proxy vf for $dev"
-	elif [ $(wc -l <<< "$proxy") -ne 1 ]; then
-		err "multiple pf1-proxy devices found for $dev"
-	fi
-	echo "$proxy"
-}
-
-function get_pf1_proxy_vf() {
-	vf=$(devlink port | grep auxiliary/mlx5_core.eth.2/ | grep virtual | awk '{print $5}' | uniq)
-	if [ -z "$vf" ]; then
-		err "can't determine the pf1-proxy vf"
-	elif [ $(wc -l <<< "$vf") -ne 1 ]; then
-		err "multiple pf1-proxy vfs found"
-	fi
-	echo "$vf"
-}
-
 function get_ifname() {
 	local port=$1
 	devlink port | grep "physical port $port" | awk '{ print $5}'
@@ -268,10 +228,6 @@ function make_config() {
 	conf_pf1="$(get_ifname 1)"
 	conf_vf_pattern="$(get_pattern ${devs[0]})"
 	conf_ipv6="$(get_ipv6)"
-	if [[ "$OPT_MULTIPORT" == "true" ]]; then
-		conf_pf1_proxy="$(get_pf1_proxy ${devs[1]})"
-		conf_pf1_proxy_vf="$(get_pf1_proxy_vf)"
-	fi
 
 	{ echo "# This has been generated by prepare.sh"
 	echo "no-stats"
@@ -281,10 +237,6 @@ function make_config() {
 	echo "ipv6 $conf_ipv6"
 	if [[ "$OPT_MULTIPORT" == "true" ]]; then
 		echo "a-pf0 ${devs[0]},class=rxq_cqe_comp_en=0,rx_vec_en=1,dv_flow_en=2,dv_esw_en=1,fdb_def_rule_en=1,representor=pf[0-1]vf[0-$[$actualvfs-1]]"
-		if [[ "$OPT_PF1_PROXY" == "true" ]]; then
-			echo "pf1-proxy $conf_pf1_proxy"
-			echo "pf1-proxy-vf $conf_pf1_proxy_vf"
-		fi
 		echo "multiport-eswitch"
 	else
 		echo "a-pf0 ${devs[0]},class=rxq_cqe_comp_en=0,rx_vec_en=1,representor=pf[0]vf[0-$[$actualvfs-1]]"
@@ -293,9 +245,6 @@ function make_config() {
 
 	if [[ "$OPT_MULTIPORT" == "true" ]]; then
 		log "dpservice configured in multiport-eswitch mode"
-		if [[ "$OPT_PF1_PROXY" == "true" ]]; then
-			log "dpservice will create a pf1-proxy"
-		fi
 	else
 		log "dpservice configured in normal mode"
 	fi
@@ -312,9 +261,6 @@ while [[ $# -gt 0 ]]; do
 		--multiport-eswitch)
 			OPT_MULTIPORT=true
 			;;
-		--pf1-proxy)
-			OPT_PF1_PROXY=true
-			;;
 		--force)
 			CONFIG_EXISTS=false
 			;;

include/dp_conf.h

@@ -48,10 +48,6 @@ const union dp_ipv6 *dp_conf_get_underlay_ip(void);
 const struct dp_conf_dhcp_dns *dp_conf_get_dhcp_dns(void);
 const struct dp_conf_dhcp_dns *dp_conf_get_dhcpv6_dns(void);
 
-#ifdef ENABLE_PF1_PROXY
-bool dp_conf_is_pf1_proxy_enabled(void);
-#endif
-
 #ifdef ENABLE_VIRTSVC
 const struct dp_conf_virtual_services *dp_conf_get_virtual_services(void);
 #endif

include/dp_conf_opts.h

@@ -27,12 +27,6 @@ enum dp_conf_log_format {
 
 const char *dp_conf_get_pf0_name(void);
 const char *dp_conf_get_pf1_name(void);
-#ifdef ENABLE_PF1_PROXY
-const char *dp_conf_get_pf1_proxy(void);
-#endif
-#ifdef ENABLE_PF1_PROXY
-const char *dp_conf_get_pf1_proxy_vf(void);
-#endif
 const char *dp_conf_get_vf_pattern(void);
 int dp_conf_get_dhcp_mtu(void);
 int dp_conf_get_wcmp_perc(void);

include/dp_port.h

@@ -58,10 +58,6 @@ struct dp_port_async_template {
 
 enum dp_port_async_template_type {
 	DP_PORT_ASYNC_TEMPLATE_PF_ISOLATION,
-#ifdef ENABLE_PF1_PROXY
-	DP_PORT_ASYNC_TEMPLATE_PF1_FROM_PROXY,
-	DP_PORT_ASYNC_TEMPLATE_PF1_TO_PROXY,
-#endif
 #ifdef ENABLE_VIRTSVC
 	DP_PORT_ASYNC_TEMPLATE_VIRTSVC_TCP_ISOLATION,
 	DP_PORT_ASYNC_TEMPLATE_VIRTSVC_UDP_ISOLATION,
@@ -72,10 +68,6 @@ enum dp_port_async_template_type {
 enum dp_port_async_flow_type {
 	DP_PORT_ASYNC_FLOW_ISOLATE_IPIP,
 	DP_PORT_ASYNC_FLOW_ISOLATE_IPV6,
-#ifdef ENABLE_PF1_PROXY
-	DP_PORT_ASYNC_FLOW_PF1_FROM_PROXY,
-	DP_PORT_ASYNC_FLOW_PF1_TO_PROXY,
-#endif
 	DP_PORT_ASYNC_FLOW_COUNT,
 };
 
@@ -120,9 +112,6 @@ struct dp_ports {
 // hidden structures for inline functions to access
 extern struct dp_port *_dp_port_table[DP_MAX_PORTS];
 extern struct dp_port *_dp_pf_ports[DP_MAX_PF_PORTS];
-#ifdef ENABLE_PF1_PROXY
-extern struct dp_port _dp_pf1_proxy_port;
-#endif
 extern struct dp_ports _dp_ports;
 
 
@@ -134,9 +123,6 @@ void dp_ports_free(void);
 
 int dp_start_port(struct dp_port *port);
 int dp_start_pf_port(uint16_t index);
-#ifdef ENABLE_PF1_PROXY
-int dp_start_pf1_proxy_port(void);
-#endif
 int dp_stop_port(struct dp_port *port);
 
 void dp_start_acquiring_neigh_mac(struct dp_port *port);
@@ -210,14 +196,6 @@ struct dp_port *dp_get_port_by_pf_index(uint16_t index)
 	return index < RTE_DIM(_dp_pf_ports) ? _dp_pf_ports[index] : NULL;
 }
 
-#ifdef ENABLE_PF1_PROXY
-static __rte_always_inline
-const struct dp_port *dp_get_pf1_proxy(void)
-{
-	return &_dp_pf1_proxy_port;
-}
-#endif
-
 #ifdef __cplusplus
 }
 #endif

include/dpdk_layer.h

@@ -14,11 +14,7 @@ extern "C" {
 
 #define DP_MAX_PF_PORTS 2
 #define DP_MAX_VF_PORTS 126
-#ifdef ENABLE_PF1_PROXY
-#define DP_MAX_PORTS    (DP_MAX_PF_PORTS + DP_MAX_VF_PORTS + 1)
-#else
 #define DP_MAX_PORTS    (DP_MAX_PF_PORTS + DP_MAX_VF_PORTS)
-#endif
 
 #define DP_NR_STD_RX_QUEUES		1
 #define DP_NR_STD_TX_QUEUES		1
@@ -47,17 +43,8 @@ extern "C" {
 // max Ether MTU 1500 + frame header 14 + frame footer 4 + IPv6 tunnel header 40
 #define DP_MBUF_BUF_SIZE	(1558 + RTE_PKTMBUF_HEADROOM)
 
-#ifdef ENABLE_PF1_PROXY
-#define DP_JUMBO_MBUF_POOL_SIZE	(50*1024)
-// max Jumbo Ether MTU 9100 + frame header 14 + frame footer 4
-#define DP_JUMBO_MBUF_BUF_SIZE	(9118 + RTE_PKTMBUF_HEADROOM)
-#endif
-
 struct dp_dpdk_layer {
 	struct rte_mempool	*rte_mempool;
-#ifdef ENABLE_PF1_PROXY
-	struct rte_mempool	*rte_jumbo_mempool;
-#endif
 	struct rte_ring		*grpc_tx_queue;
 	struct rte_ring		*grpc_rx_queue;
 	struct rte_ring		*periodic_msg_queue;

include/rte_flow/dp_rte_flow_helpers.h

@@ -38,12 +38,6 @@ union dp_flow_item_l4 {
 	struct rte_flow_item_icmp6 icmp6;
 };
 
-#ifdef ENABLE_PF1_PROXY
-static const struct rte_flow_item_ethdev dp_flow_item_ethdev_mask = {
-	.port_id = 0xffff,
-};
-#endif
-
 static const struct rte_flow_item_eth dp_flow_item_eth_mask = {
 	.hdr.ether_type = 0xffff,
 };
@@ -75,11 +69,6 @@ static const struct rte_flow_item_ipv6 dp_flow_item_ipv6_src_dst_mask = {
 	.hdr.proto = 0xff,
 };
 #endif
-#ifdef ENABLE_PF1_PROXY
-static const struct rte_flow_item_ipv6 dp_flow_item_ipv6_dst_only_mask = {
-	.hdr.dst_addr = "\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff",
-};
-#endif
 
 static const struct rte_flow_item_ipv4 dp_flow_item_ipv4_dst_mask = {
 	.hdr.dst_addr = 0xffffffff,

meson.build

@@ -56,9 +56,6 @@ endif
 if get_option('enable_tests')
   add_global_arguments('-DENABLE_PYTEST', language: ['c', 'cpp'])
 endif
-if get_option('enable_pf1_proxy')
-  add_global_arguments('-DENABLE_PF1_PROXY', language: ['c', 'cpp'])
-endif
 
 dpdk_dep = dependency('libdpdk', version: '>=21.11.0')
 proto_dep = dependency('protobuf')

meson_options.txt

@@ -10,6 +10,3 @@ option('compiler_suggestions', type: 'boolean', value: false, description:
        'Show various compiler suggestions (warnings)')
 option('build_dpservice_cli', type: 'boolean', value: false, description:
        'Enable building of dpservice-cli golang gRPC client')
-option('enable_pf1_proxy', type: 'boolean', value: false, description:
-       'Enable the workaround solution to allow PF1 to communicate with the outside world')
-