diff options
Diffstat (limited to 'src/vnet')
44 files changed, 434 insertions, 241 deletions
diff --git a/src/vnet/adj/adj.c b/src/vnet/adj/adj.c index 03c82062cc0..3871e2c1612 100644 --- a/src/vnet/adj/adj.c +++ b/src/vnet/adj/adj.c @@ -63,15 +63,35 @@ ip_adjacency_t * adj_alloc (fib_protocol_t proto) { ip_adjacency_t *adj; + u8 need_barrier_sync = 0; + vlib_main_t *vm; + vm = vlib_get_main(); + + ASSERT (vm->thread_index == 0); + + pool_get_aligned_will_expand (adj_pool, need_barrier_sync, + CLIB_CACHE_LINE_BYTES); + /* If the adj_pool will expand, stop the parade. */ + if (need_barrier_sync) + vlib_worker_thread_barrier_sync (vm); pool_get_aligned(adj_pool, adj, CLIB_CACHE_LINE_BYTES); adj_poison(adj); - /* Make sure certain fields are always initialized. */ /* Validate adjacency counters. */ + if (need_barrier_sync == 0) + { + /* If the adj counter pool will expand, stop the parade */ + need_barrier_sync = vlib_validate_combined_counter_will_expand + (&adjacency_counters, adj_get_index (adj)); + if (need_barrier_sync) + vlib_worker_thread_barrier_sync (vm); + } vlib_validate_combined_counter(&adjacency_counters, adj_get_index(adj)); + + /* Make sure certain fields are always initialized. */ vlib_zero_combined_counter(&adjacency_counters, adj_get_index(adj)); fib_node_init(&adj->ia_node, @@ -88,6 +108,9 @@ adj_alloc (fib_protocol_t proto) clib_memset(&adj->sub_type.midchain.next_dpo, 0, sizeof(adj->sub_type.midchain.next_dpo)); + if (need_barrier_sync) + vlib_worker_thread_barrier_release (vm); + return (adj); } diff --git a/src/vnet/bonding/cli.c b/src/vnet/bonding/cli.c index 631a97b3a82..c49b6efc176 100644 --- a/src/vnet/bonding/cli.c +++ b/src/vnet/bonding/cli.c @@ -675,12 +675,11 @@ bond_enslave (vlib_main_t * vm, bond_enslave_args_t * args) } if (bif_hw->l2_if_count) - { - ethernet_set_flags (vnm, sif_hw->hw_if_index, - ETHERNET_INTERFACE_FLAG_ACCEPT_ALL); - /* ensure all packets go to ethernet-input */ - ethernet_set_rx_redirect (vnm, sif_hw, 1); - } + ethernet_set_flags (vnm, sif_hw->hw_if_index, + ETHERNET_INTERFACE_FLAG_ACCEPT_ALL); + else + ethernet_set_flags (vnm, sif_hw->hw_if_index, + /*ETHERNET_INTERFACE_FLAG_DEFAULT_L3 */ 0); if (bif->mode == BOND_MODE_LACP) { diff --git a/src/vnet/bonding/device.c b/src/vnet/bonding/device.c index 21bbcb51f1d..ad52f621511 100644 --- a/src/vnet/bonding/device.c +++ b/src/vnet/bonding/device.c @@ -99,9 +99,6 @@ bond_set_l2_mode_function (vnet_main_t * vnm, sif_hw = vnet_get_sup_hw_interface (vnm, *sw_if_index); ethernet_set_flags (vnm, sif_hw->hw_if_index, ETHERNET_INTERFACE_FLAG_ACCEPT_ALL); - - /* ensure all packets go to ethernet-input */ - ethernet_set_rx_redirect (vnm, sif_hw, 1); } } else if ((bif_hw->l2_if_count == 0) && (l2_if_adjust == -1)) @@ -110,9 +107,8 @@ bond_set_l2_mode_function (vnet_main_t * vnm, vec_foreach (sw_if_index, bif->slaves) { sif_hw = vnet_get_sup_hw_interface (vnm, *sw_if_index); - - /* Allow ip packets to go directly to ip4-input etc */ - ethernet_set_rx_redirect (vnm, sif_hw, 0); + ethernet_set_flags (vnm, sif_hw->hw_if_index, + /*ETHERNET_INTERFACE_FLAG_DEFAULT_L3 */ 0); } } diff --git a/src/vnet/classify/vnet_classify.c b/src/vnet/classify/vnet_classify.c index d97042eda36..dd846cbe3d2 100755 --- a/src/vnet/classify/vnet_classify.c +++ b/src/vnet/classify/vnet_classify.c @@ -1037,7 +1037,7 @@ unformat_ip6_mask (unformat_input_t * input, va_list * args) { u8 **maskp = va_arg (*args, u8 **); u8 *mask = 0; - u8 found_something = 0; + u8 found_something; ip6_header_t *ip; u32 ip_version_traffic_class_and_flow_label; @@ -1070,6 +1070,10 @@ unformat_ip6_mask (unformat_input_t * input, va_list * args) break; } + /* Account for "special" field names */ + found_something = version + traffic_class + flow_label + + src_address + dst_address + protocol; + #define _(a) found_something += a; foreach_ip6_proto_field; #undef _ diff --git a/src/vnet/config.c b/src/vnet/config.c index 9beda4a5706..73fed66d13a 100644 --- a/src/vnet/config.c +++ b/src/vnet/config.c @@ -267,11 +267,16 @@ vnet_config_add_feature (vlib_main_t * vm, f->feature_index = feature_index; f->node_index = node_index; - n_feature_config_u32s = - round_pow2 (n_feature_config_bytes, - sizeof (f->feature_config[0])) / - sizeof (f->feature_config[0]); - vec_add (f->feature_config, feature_config, n_feature_config_u32s); + if (n_feature_config_bytes) + { + n_feature_config_u32s = + round_pow2 (n_feature_config_bytes, + sizeof (f->feature_config[0])) / + sizeof (f->feature_config[0]); + vec_validate (f->feature_config, n_feature_config_u32s - 1); + clib_memcpy_fast (f->feature_config, feature_config, + n_feature_config_bytes); + } /* Sort (prioritize) features. */ if (vec_len (new_features) > 1) diff --git a/src/vnet/devices/netlink.c b/src/vnet/devices/netlink.c index a954fef74fd..298a3e43c5a 100644 --- a/src/vnet/devices/netlink.c +++ b/src/vnet/devices/netlink.c @@ -184,7 +184,7 @@ vnet_netlink_set_link_state (int ifindex, int up) vnet_netlink_msg_t m; struct ifinfomsg ifmsg = { 0 }; - ifmsg.ifi_flags = IFF_UP; + ifmsg.ifi_flags = ((up) ? IFF_UP : 0); ifmsg.ifi_change = IFF_UP; ifmsg.ifi_index = ifindex; diff --git a/src/vnet/devices/virtio/vhost_user_input.c b/src/vnet/devices/virtio/vhost_user_input.c index 2cc192d9dc8..e2ad5cf7cae 100644 --- a/src/vnet/devices/virtio/vhost_user_input.c +++ b/src/vnet/devices/virtio/vhost_user_input.c @@ -296,15 +296,11 @@ vhost_user_handle_rx_offload (vlib_buffer_t * b0, u8 * b0_data, tcp_header_t *tcp = (tcp_header_t *) (b0_data + vnet_buffer (b0)->l4_hdr_offset); l4_hdr_sz = tcp_header_bytes (tcp); - tcp->checksum = 0; b0->flags |= VNET_BUFFER_F_OFFLOAD_TCP_CKSUM; } else if (l4_proto == IP_PROTOCOL_UDP) { - udp_header_t *udp = - (udp_header_t *) (b0_data + vnet_buffer (b0)->l4_hdr_offset); - l4_hdr_sz = sizeof (*udp); - udp->checksum = 0; + l4_hdr_sz = sizeof (udp_header_t); b0->flags |= VNET_BUFFER_F_OFFLOAD_UDP_CKSUM; } } diff --git a/src/vnet/devices/virtio/virtio.c b/src/vnet/devices/virtio/virtio.c index 5e23bef0889..0fdac9cbd6c 100644 --- a/src/vnet/devices/virtio/virtio.c +++ b/src/vnet/devices/virtio/virtio.c @@ -55,7 +55,8 @@ call_read_ready (clib_file_t * uf) CLIB_UNUSED (ssize_t size) = read (uf->file_descriptor, &b, sizeof (b)); if ((qid & 1) == 0) - vnet_device_input_set_interrupt_pending (vnm, vif->hw_if_index, qid); + vnet_device_input_set_interrupt_pending (vnm, vif->hw_if_index, + RX_QUEUE_ACCESS (qid)); return 0; } diff --git a/src/vnet/dhcp/client.c b/src/vnet/dhcp/client.c index 5412dab3f7e..3aa92c3ebb7 100644 --- a/src/vnet/dhcp/client.c +++ b/src/vnet/dhcp/client.c @@ -276,10 +276,10 @@ dhcp_client_for_us (u32 bi, vlib_buffer_t * b, udp_header_t * udp, dhcp_header_t * dhcp) { dhcp_client_main_t *dcm = &dhcp_client_main; - vlib_main_t *vm = dcm->vlib_main; + vlib_main_t *vm = vlib_get_main (); dhcp_client_t *c; uword *p; - f64 now = vlib_time_now (dcm->vlib_main); + f64 now = vlib_time_now (vm); u8 dhcp_message_type = 0; dhcp_option_t *o; diff --git a/src/vnet/dpo/classify_dpo.c b/src/vnet/dpo/classify_dpo.c index 08fab83f2ee..bc536a10266 100644 --- a/src/vnet/dpo/classify_dpo.c +++ b/src/vnet/dpo/classify_dpo.c @@ -26,8 +26,13 @@ static classify_dpo_t * classify_dpo_alloc (void) { classify_dpo_t *cd; + vlib_main_t *vm; + u8 did_barrier_sync; + dpo_pool_barrier_sync (vm, classify_dpo_pool, did_barrier_sync); pool_get_aligned(classify_dpo_pool, cd, CLIB_CACHE_LINE_BYTES); + dpo_pool_barrier_release (vm, did_barrier_sync); + clib_memset(cd, 0, sizeof(*cd)); return (cd); diff --git a/src/vnet/dpo/dpo.h b/src/vnet/dpo/dpo.h index 19b47f268b0..0658f4216c6 100644 --- a/src/vnet/dpo/dpo.h +++ b/src/vnet/dpo/dpo.h @@ -16,7 +16,7 @@ * @brief * A Data-Path Object is an object that represents actions that are * applied to packets are they are switched through VPP's data-path. - * + * * The DPO can be considered to be like is a base class that is specialised * by other objects to provide concreate actions * @@ -328,7 +328,7 @@ extern void dpo_stack(dpo_type_t child_type, const dpo_id_t *parent_dpo); /** - * @brief + * @brief * Set and stack a DPO. * The DPO passed is set to the parent DPO and the necessary * VLIB graph arcs are created, from the child_node passed. @@ -341,7 +341,7 @@ extern void dpo_stack(dpo_type_t child_type, * * @param parent_dpo * The parent DPO to stack onto. - */ + */ extern void dpo_stack_from_node(u32 child_node, dpo_id_t *dpo, const dpo_id_t *parent); @@ -443,7 +443,7 @@ typedef struct dpo_vft_t_ * (see above). * * @param type - * The type being registered. + * The type being registered. * * @param vft * The virtual function table to register for the type. @@ -497,4 +497,49 @@ dpo_get_next_node_by_type_and_proto (dpo_type_t child_type, dpo_proto_t child_proto, dpo_type_t parent_type, dpo_proto_t parent_proto); + + +/** + * @brief Barrier sync if a dpo pool is about to expand + * + * @param VM (output) + * vlib_main_t *, invariably &vlib_global_main + * + * @param P + * pool pointer + * + * @param YESNO (output) + * typically a u8, 1 => expand will occur, worker barrier held + * 0 => no expand, barrier not held + * + * @return YESNO set + */ + +#define dpo_pool_barrier_sync(VM,P,YESNO) \ +do { \ + pool_get_aligned_will_expand ((P), YESNO, CLIB_CACHE_LINE_BYTES); \ + \ + if (YESNO) \ + { \ + VM = vlib_get_main(); \ + ASSERT ((VM)->thread_index == 0); \ + vlib_worker_thread_barrier_sync((VM)); \ + } \ +} while(0); + +/** + * @brief Release barrier sync after dpo pool expansion + * + * @param VM + * vlib_main_t pointer, must be &vlib_global_main + * + * @param YESNO + * typically a u8, 1 => release required + * 0 => no release required + * @return none + */ + +#define dpo_pool_barrier_release(VM,YESNO) \ + if ((YESNO)) vlib_worker_thread_barrier_release((VM)); + #endif diff --git a/src/vnet/dpo/load_balance.c b/src/vnet/dpo/load_balance.c index 7acccca61bf..c029341f147 100644 --- a/src/vnet/dpo/load_balance.c +++ b/src/vnet/dpo/load_balance.c @@ -93,12 +93,33 @@ static load_balance_t * load_balance_alloc_i (void) { load_balance_t *lb; + u8 need_barrier_sync = 0; + vlib_main_t *vm = vlib_get_main(); + ASSERT (vm->thread_index == 0); + + pool_get_aligned_will_expand (load_balance_pool, need_barrier_sync, + CLIB_CACHE_LINE_BYTES); + if (need_barrier_sync) + vlib_worker_thread_barrier_sync (vm); pool_get_aligned(load_balance_pool, lb, CLIB_CACHE_LINE_BYTES); clib_memset(lb, 0, sizeof(*lb)); lb->lb_map = INDEX_INVALID; lb->lb_urpf = INDEX_INVALID; + + if (need_barrier_sync == 0) + { + need_barrier_sync += vlib_validate_combined_counter_will_expand + (&(load_balance_main.lbm_to_counters), + load_balance_get_index(lb)); + need_barrier_sync += vlib_validate_combined_counter_will_expand + (&(load_balance_main.lbm_via_counters), + load_balance_get_index(lb)); + if (need_barrier_sync) + vlib_worker_thread_barrier_sync (vm); + } + vlib_validate_combined_counter(&(load_balance_main.lbm_to_counters), load_balance_get_index(lb)); vlib_validate_combined_counter(&(load_balance_main.lbm_via_counters), @@ -108,6 +129,9 @@ load_balance_alloc_i (void) vlib_zero_combined_counter(&(load_balance_main.lbm_via_counters), load_balance_get_index(lb)); + if (need_barrier_sync) + vlib_worker_thread_barrier_release (vm); + return (lb); } @@ -1121,7 +1145,7 @@ load_balance_inline (vlib_main_t * vm, vnet_buffer(b0)->ip.flow_hash = bier_compute_flow_hash(bh0); } - dpo0 = load_balance_get_bucket_i(lb0, + dpo0 = load_balance_get_bucket_i(lb0, vnet_buffer(b0)->ip.flow_hash & (lb0->lb_n_buckets_minus_1)); diff --git a/src/vnet/dpo/load_balance_map.c b/src/vnet/dpo/load_balance_map.c index 7da360b88ac..c03acaf2d70 100644 --- a/src/vnet/dpo/load_balance_map.c +++ b/src/vnet/dpo/load_balance_map.c @@ -387,8 +387,13 @@ load_balance_map_alloc (const load_balance_path_t *paths) { load_balance_map_t *lbm; u32 ii; + vlib_main_t *vm; + u8 did_barrier_sync; + dpo_pool_barrier_sync (vm, load_balance_map_pool, did_barrier_sync); pool_get_aligned(load_balance_map_pool, lbm, CLIB_CACHE_LINE_BYTES); + dpo_pool_barrier_release (vm, did_barrier_sync); + clib_memset(lbm, 0, sizeof(*lbm)); vec_validate(lbm->lbm_paths, vec_len(paths)-1); diff --git a/src/vnet/dpo/lookup_dpo.c b/src/vnet/dpo/lookup_dpo.c index daa2352f649..677a19fe862 100644 --- a/src/vnet/dpo/lookup_dpo.c +++ b/src/vnet/dpo/lookup_dpo.c @@ -63,8 +63,12 @@ static lookup_dpo_t * lookup_dpo_alloc (void) { lookup_dpo_t *lkd; + vlib_main_t *vm; + u8 did_barrier_sync; + dpo_pool_barrier_sync (vm, lookup_dpo_pool, did_barrier_sync); pool_get_aligned(lookup_dpo_pool, lkd, CLIB_CACHE_LINE_BYTES); + dpo_pool_barrier_release (vm, did_barrier_sync); return (lkd); } @@ -1076,7 +1080,7 @@ lookup_dpo_mpls_inline (vlib_main_t * vm, */ if (table_from_interface) { - fib_index0 = + fib_index0 = mpls_fib_table_get_index_for_sw_if_index( vnet_buffer(b0)->sw_if_index[VLIB_RX]); } @@ -1142,9 +1146,9 @@ lookup_dpo_mpls_inline (vlib_main_t * vm, if (PREDICT_FALSE(vnet_buffer2(b0)->loop_counter > MAX_LUKPS_PER_PACKET)) next0 = MPLS_LOOKUP_NEXT_DROP; - if (PREDICT_FALSE(b0->flags & VLIB_BUFFER_IS_TRACED)) + if (PREDICT_FALSE(b0->flags & VLIB_BUFFER_IS_TRACED)) { - lookup_trace_t *tr = vlib_add_trace (vm, node, + lookup_trace_t *tr = vlib_add_trace (vm, node, b0, sizeof (*tr)); tr->fib_index = fib_index0; tr->lbi = lbi0; diff --git a/src/vnet/dpo/mpls_label_dpo.c b/src/vnet/dpo/mpls_label_dpo.c index 9d147f98f13..683b5449513 100644 --- a/src/vnet/dpo/mpls_label_dpo.c +++ b/src/vnet/dpo/mpls_label_dpo.c @@ -39,8 +39,13 @@ static mpls_label_dpo_t * mpls_label_dpo_alloc (void) { mpls_label_dpo_t *mld; + vlib_main_t *vm; + u8 did_barrier_sync; + dpo_pool_barrier_sync (vm, mpls_label_dpo_pool, did_barrier_sync); pool_get_aligned(mpls_label_dpo_pool, mld, CLIB_CACHE_LINE_BYTES); + dpo_pool_barrier_release (vm, did_barrier_sync); + clib_memset(mld, 0, sizeof(*mld)); dpo_reset(&mld->mld_dpo); diff --git a/src/vnet/dpo/receive_dpo.c b/src/vnet/dpo/receive_dpo.c index 949dbfa6587..b12b382ce64 100644 --- a/src/vnet/dpo/receive_dpo.c +++ b/src/vnet/dpo/receive_dpo.c @@ -35,8 +35,13 @@ static receive_dpo_t * receive_dpo_alloc (void) { receive_dpo_t *rd; + vlib_main_t *vm; + u8 did_barrier_sync; + dpo_pool_barrier_sync (vm, receive_dpo_pool, did_barrier_sync); pool_get_aligned(receive_dpo_pool, rd, CLIB_CACHE_LINE_BYTES); + dpo_pool_barrier_release (vm, did_barrier_sync); + clib_memset(rd, 0, sizeof(*rd)); return (rd); diff --git a/src/vnet/ethernet/p2p_ethernet_api.c b/src/vnet/ethernet/p2p_ethernet_api.c index 3f537168a8e..74b5e0c8658 100644 --- a/src/vnet/ethernet/p2p_ethernet_api.c +++ b/src/vnet/ethernet/p2p_ethernet_api.c @@ -52,7 +52,7 @@ vl_api_p2p_ethernet_add_t_handler (vl_api_p2p_ethernet_add_t * mp) u32 parent_if_index = htonl (mp->parent_if_index); u32 sub_id = htonl (mp->subif_id); - u32 p2pe_if_index; + u32 p2pe_if_index = ~0; u8 remote_mac[6]; clib_memcpy (remote_mac, mp->remote_mac, 6); diff --git a/src/vnet/fib/fib_entry_src_interpose.c b/src/vnet/fib/fib_entry_src_interpose.c index 2220fa4debd..15accac5533 100644 --- a/src/vnet/fib/fib_entry_src_interpose.c +++ b/src/vnet/fib/fib_entry_src_interpose.c @@ -115,6 +115,20 @@ fib_entry_src_interpose_activate (fib_entry_src_t *src, */ src->fes_pl = best_src->fes_pl; } + else + { + /* + * the best source won't install so will use a drop + */ + dpo_proto_t dproto; + + dproto = fib_proto_to_dpo(fib_entry->fe_prefix.fp_proto); + + src->fes_pl = + fib_path_list_create_special(dproto, + FIB_PATH_LIST_FLAG_DROP, + drop_dpo_get(dproto)); + } } else { diff --git a/src/vnet/interface_cli.c b/src/vnet/interface_cli.c index 6c4df198548..2356f268435 100644 --- a/src/vnet/interface_cli.c +++ b/src/vnet/interface_cli.c @@ -65,16 +65,15 @@ compare_interface_names (void *a1, void *a2) static clib_error_t * show_or_clear_hw_interfaces (vlib_main_t * vm, unformat_input_t * input, - vlib_cli_command_t * cmd) + vlib_cli_command_t * cmd, int is_show) { clib_error_t *error = 0; vnet_main_t *vnm = vnet_get_main (); vnet_interface_main_t *im = &vnm->interface_main; vnet_hw_interface_t *hi; u32 hw_if_index, *hw_if_indices = 0; - int i, verbose = -1, is_show, show_bond = 0; + int i, verbose = -1, show_bond = 0; - is_show = strstr (cmd->path, "show") != 0; while (unformat_check_input (input) != UNFORMAT_END_OF_INPUT) { /* See if user wants to show a specific interface. */ @@ -168,6 +167,21 @@ done: return error; } +static clib_error_t * +show_hw_interfaces (vlib_main_t * vm, + unformat_input_t * input, vlib_cli_command_t * cmd) +{ + return show_or_clear_hw_interfaces (vm, input, cmd, 1 /* is_show */ ); +} + +static clib_error_t * +clear_hw_interfaces (vlib_main_t * vm, + unformat_input_t * input, vlib_cli_command_t * cmd) +{ + return show_or_clear_hw_interfaces (vm, input, cmd, 0 /* is_show */ ); +} + + /*? * Display more detailed information about all or a list of given interfaces. * The verboseness of the output can be controlled by the following optional @@ -229,7 +243,7 @@ VLIB_CLI_COMMAND (show_hw_interfaces_command, static) = { .path = "show hardware-interfaces", .short_help = "show hardware-interfaces [brief|verbose|detail] [bond] " "[<interface> [<interface> [..]]] [<sw_idx> [<sw_idx> [..]]]", - .function = show_or_clear_hw_interfaces, + .function = show_hw_interfaces, }; /* *INDENT-ON* */ @@ -250,7 +264,7 @@ VLIB_CLI_COMMAND (clear_hw_interface_counters_command, static) = { .path = "clear hardware-interfaces", .short_help = "clear hardware-interfaces " "[<interface> [<interface> [..]]] [<sw_idx> [<sw_idx> [..]]]", - .function = show_or_clear_hw_interfaces, + .function = clear_hw_interfaces, }; /* *INDENT-ON* */ diff --git a/src/vnet/ip/ip.c b/src/vnet/ip/ip.c index 785cd491b57..3ecea9b8b27 100644 --- a/src/vnet/ip/ip.c +++ b/src/vnet/ip/ip.c @@ -81,7 +81,10 @@ void ip_copy (ip46_address_t * dst, ip46_address_t * src, u8 is_ip4) { if (is_ip4) - dst->ip4.as_u32 = src->ip4.as_u32; + { + ip46_address_mask_ip4 (dst); + dst->ip4.as_u32 = src->ip4.as_u32; + } else clib_memcpy_fast (&dst->ip6, &src->ip6, sizeof (ip6_address_t)); } @@ -90,7 +93,10 @@ void ip_set (ip46_address_t * dst, void *src, u8 is_ip4) { if (is_ip4) - dst->ip4.as_u32 = ((ip4_address_t *) src)->as_u32; + { + ip46_address_mask_ip4 (dst); + dst->ip4.as_u32 = ((ip4_address_t *) src)->as_u32; + } else clib_memcpy_fast (&dst->ip6, (ip6_address_t *) src, sizeof (ip6_address_t)); diff --git a/src/vnet/ip/ip4_punt_drop.c b/src/vnet/ip/ip4_punt_drop.c index fc5a68fc66a..819eaa14861 100644 --- a/src/vnet/ip/ip4_punt_drop.c +++ b/src/vnet/ip/ip4_punt_drop.c @@ -337,10 +337,10 @@ ip4_punt_redirect_cmd (vlib_main_t * vm, vlib_cli_command_t * cmd) { unformat_input_t _line_input, *line_input = &_line_input; - fib_route_path_t *rpaths = NULL, rpath; - dpo_proto_t payload_proto; + ip46_address_t nh = { 0 }; clib_error_t *error = 0; u32 rx_sw_if_index = ~0; + u32 tx_sw_if_index = ~0; vnet_main_t *vnm; u8 is_add; @@ -361,9 +361,13 @@ ip4_punt_redirect_cmd (vlib_main_t * vm, else if (unformat (line_input, "rx %U", unformat_vnet_sw_interface, vnm, &rx_sw_if_index)) ; + else if (unformat (line_input, "via %U %U", + unformat_ip4_address, &nh.ip4, + unformat_vnet_sw_interface, vnm, &tx_sw_if_index)) + ; else if (unformat (line_input, "via %U", - unformat_fib_route_path, &rpath, &payload_proto)) - vec_add1 (rpaths, rpath); + unformat_vnet_sw_interface, vnm, &tx_sw_if_index)) + ; else { error = unformat_parse_error (line_input); @@ -379,8 +383,7 @@ ip4_punt_redirect_cmd (vlib_main_t * vm, if (is_add) { - if (vec_len (rpaths)) - ip4_punt_redirect_add_paths (rx_sw_if_index, rpaths); + ip4_punt_redirect_add (rx_sw_if_index, tx_sw_if_index, &nh); } else { diff --git a/src/vnet/ip/ip6_format.c b/src/vnet/ip/ip6_format.c index 4d1793970df..6287195507b 100644 --- a/src/vnet/ip/ip6_format.c +++ b/src/vnet/ip/ip6_format.c @@ -127,13 +127,12 @@ format_ip6_address_and_mask (u8 * s, va_list * args) return format (s, "any"); if (am->mask.as_u64[0] == ~0 && am->mask.as_u64[1] == ~0) - return format (s, "%U", format_ip4_address, &am->addr); + return format (s, "%U", format_ip6_address, &am->addr); return format (s, "%U/%U", format_ip6_address, &am->addr, - format_ip4_address, &am->mask); + format_ip6_address, &am->mask); } - /* Parse an IP6 address. */ uword unformat_ip6_address (unformat_input_t * input, va_list * args) diff --git a/src/vnet/ip/punt.c b/src/vnet/ip/punt.c index a2952773f97..a3ccc43375e 100644 --- a/src/vnet/ip/punt.c +++ b/src/vnet/ip/punt.c @@ -424,8 +424,9 @@ vnet_punt_add_del (vlib_main_t * vm, const punt_reg_t * pr, bool is_add) static clib_error_t * punt_cli (vlib_main_t * vm, - unformat_input_t * input, vlib_cli_command_t * cmd) + unformat_input_t * input__, vlib_cli_command_t * cmd) { + unformat_input_t line_input, *input = &line_input; clib_error_t *error = NULL; bool is_add = true; /* *INDENT-OFF* */ @@ -442,6 +443,9 @@ punt_cli (vlib_main_t * vm, u32 port; /* *INDENT-ON* */ + if (!unformat_user (input__, unformat_line_input, input)) + return 0; + while (unformat_check_input (input) != UNFORMAT_END_OF_INPUT) { if (unformat (input, "del")) @@ -476,6 +480,7 @@ punt_cli (vlib_main_t * vm, } done: + unformat_free (input); return error; } @@ -509,8 +514,10 @@ VLIB_CLI_COMMAND (punt_command, static) = { static clib_error_t * punt_socket_register_cmd (vlib_main_t * vm, - unformat_input_t * input, vlib_cli_command_t * cmd) + unformat_input_t * input__, + vlib_cli_command_t * cmd) { + unformat_input_t line_input, *input = &line_input; u8 *socket_name = 0; clib_error_t *error = NULL; /* *INDENT-OFF* */ @@ -526,6 +533,9 @@ punt_socket_register_cmd (vlib_main_t * vm, }; /* *INDENT-ON* */ + if (!unformat_user (input__, unformat_line_input, input)) + return 0; + while (unformat_check_input (input) != UNFORMAT_END_OF_INPUT) { if (unformat (input, "ipv4")) @@ -556,6 +566,7 @@ punt_socket_register_cmd (vlib_main_t * vm, error = vnet_punt_socket_add (vm, 1, &pr, (char *) socket_name); done: + unformat_free (input); return error; } @@ -577,9 +588,10 @@ VLIB_CLI_COMMAND (punt_socket_register_command, static) = static clib_error_t * punt_socket_deregister_cmd (vlib_main_t * vm, - unformat_input_t * input, + unformat_input_t * input__, vlib_cli_command_t * cmd) { + unformat_input_t line_input, *input = &line_input; clib_error_t *error = NULL; /* *INDENT-OFF* */ punt_reg_t pr = { @@ -594,6 +606,9 @@ punt_socket_deregister_cmd (vlib_main_t * vm, }; /* *INDENT-ON* */ + if (!unformat_user (input__, unformat_line_input, input)) + return 0; + while (unformat_check_input (input) != UNFORMAT_END_OF_INPUT) { if (unformat (input, "ipv4")) @@ -618,6 +633,7 @@ punt_socket_deregister_cmd (vlib_main_t * vm, error = vnet_punt_socket_del (vm, &pr); done: + unformat_free (input); return error; } @@ -723,13 +739,17 @@ punt_client_show_one (const punt_client_t * pc, void *ctx) static clib_error_t * punt_socket_show_cmd (vlib_main_t * vm, - unformat_input_t * input, vlib_cli_command_t * cmd) + unformat_input_t * input__, vlib_cli_command_t * cmd) { + unformat_input_t line_input, *input = &line_input; clib_error_t *error = NULL; punt_type_t pt; pt = PUNT_TYPE_L4; + if (!unformat_user (input__, unformat_line_input, input)) + return 0; + while (unformat_check_input (input) != UNFORMAT_END_OF_INPUT) { if (unformat (input, "exception")) @@ -749,6 +769,7 @@ punt_socket_show_cmd (vlib_main_t * vm, punt_client_walk (pt, punt_client_show_one, vm); done: + unformat_free (input); return (error); } diff --git a/src/vnet/ip/reass/ip4_full_reass.c b/src/vnet/ip/reass/ip4_full_reass.c index a2d08a4909c..cebc6a0e965 100644 --- a/src/vnet/ip/reass/ip4_full_reass.c +++ b/src/vnet/ip/reass/ip4_full_reass.c @@ -459,15 +459,15 @@ again: if (!clib_bihash_search_16_8 (&rm->hash, (clib_bihash_kv_16_8_t *) kv, (clib_bihash_kv_16_8_t *) kv)) { + if (vm->thread_index != kv->v.memory_owner_thread_index) + { + *do_handoff = 1; + return NULL; + } reass = pool_elt_at_index (rm->per_thread_data [kv->v.memory_owner_thread_index].pool, kv->v.reass_index); - if (vm->thread_index != reass->memory_owner_thread_index) - { - *do_handoff = 1; - return reass; - } if (now > reass->last_heard + rm->timeout) { diff --git a/src/vnet/ip/reass/ip6_full_reass.c b/src/vnet/ip/reass/ip6_full_reass.c index 6848f59c65c..69ba452840e 100644 --- a/src/vnet/ip/reass/ip6_full_reass.c +++ b/src/vnet/ip/reass/ip6_full_reass.c @@ -471,16 +471,17 @@ again: if (!clib_bihash_search_48_8 (&rm->hash, (clib_bihash_kv_48_8_t *) kv, (clib_bihash_kv_48_8_t *) kv)) { - reass = - pool_elt_at_index (rm->per_thread_data - [kv->v.memory_owner_thread_index].pool, - kv->v.reass_index); if (vm->thread_index != kv->v.memory_owner_thread_index) { *do_handoff = 1; - return reass; + return NULL; } + reass = + pool_elt_at_index (rm->per_thread_data + [kv->v.memory_owner_thread_index].pool, + kv->v.reass_index); + if (now > reass->last_heard + rm->timeout) { ip6_full_reass_on_timeout (vm, node, rm, reass, icmp_bi); diff --git a/src/vnet/ipfix-export/flow_report.c b/src/vnet/ipfix-export/flow_report.c index d904479c9c9..56a2d16b8d5 100644 --- a/src/vnet/ipfix-export/flow_report.c +++ b/src/vnet/ipfix-export/flow_report.c @@ -500,7 +500,8 @@ set_ipfix_exporter_command_fn (vlib_main_t * vm, { if (unformat (input, "collector %U", unformat_ip4_address, &collector)) ; - else if (unformat (input, "port %u", &collector_port)) + else if (unformat (input, "port %U", unformat_udp_port, + &collector_port)) ; else if (unformat (input, "src %U", unformat_ip4_address, &src)) ; @@ -569,7 +570,7 @@ VLIB_CLI_COMMAND (set_ipfix_exporter_command, static) = { "collector <ip4-address> [port <port>] " "src <ip4-address> [fib-id <fib-id>] " "[path-mtu <path-mtu>] " - "[template-interval <template-interval>]", + "[template-interval <template-interval>] " "[udp-checksum]", .function = set_ipfix_exporter_command_fn, }; diff --git a/src/vnet/ipsec/esp_encrypt.c b/src/vnet/ipsec/esp_encrypt.c index 6170603ded1..1023a1a981e 100644 --- a/src/vnet/ipsec/esp_encrypt.c +++ b/src/vnet/ipsec/esp_encrypt.c @@ -97,7 +97,7 @@ esp_add_footer_and_icv (vlib_buffer_t * b, u8 block_size, u8 icv_sz, { static const u8 pad_data[ESP_MAX_BLOCK_SIZE] = { 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08, - 0x09, 0x0a, 0x0b, 0x0c, 0x0d, 0x0e, 0x00, 0x00, + 0x09, 0x0a, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f, 0x00, }; u16 min_length = b->current_length + sizeof (esp_footer_t); @@ -201,6 +201,24 @@ esp_get_ip6_hdr_len (ip6_header_t * ip6) return len; } +/* IPsec IV generation: IVs requirements differ depending of the + * encryption mode: IVs must be unpredictable for AES-CBC whereas it can + * be predictable but should never be reused with the same key material + * for CTR and GCM. + * We use a packet counter as the IV for CTR and GCM, and to ensure the + * IV is unpredictable for CBC, it is then encrypted using the same key + * as the message. You can refer to NIST SP800-38a and NIST SP800-38d + * for more details. */ +static_always_inline void * +esp_generate_iv (ipsec_sa_t * sa, void *payload, int iv_sz) +{ + ASSERT (iv_sz >= sizeof (u64)); + u64 *iv = (u64 *) (payload - iv_sz); + clib_memset_u8 (iv, 0, iv_sz); + *iv = sa->iv_counter++; + return iv; +} + static_always_inline void esp_process_ops (vlib_main_t * vm, vlib_node_runtime_t * node, vnet_crypto_op_t * ops, vlib_buffer_t * b[], u16 * nexts) @@ -463,6 +481,7 @@ esp_encrypt_inline (vlib_main_t * vm, vlib_node_runtime_t * node, vnet_crypto_op_t *op; vec_add2_aligned (ptd->crypto_ops, op, 1, CLIB_CACHE_LINE_BYTES); vnet_crypto_op_init (op, sa0->crypto_enc_op_id); + void *pkt_iv = esp_generate_iv (sa0, payload, iv_sz); op->src = op->dst = payload; op->key_index = sa0->crypto_key_index; op->len = payload_len - icv_sz; @@ -481,16 +500,19 @@ esp_encrypt_inline (vlib_main_t * vm, vlib_node_runtime_t * node, op->tag = payload + op->len; op->tag_len = 16; - u64 *iv = (u64 *) (payload - iv_sz); nonce->salt = sa0->salt; - nonce->iv = *iv = clib_host_to_net_u64 (sa0->gcm_iv_counter++); + nonce->iv = *(u64 *) pkt_iv; op->iv = (u8 *) nonce; nonce++; } else { - op->iv = payload - iv_sz; - op->flags = VNET_CRYPTO_OP_FLAG_INIT_IV; + /* construct zero iv in front of the IP header */ + op->iv = pkt_iv - hdr_len - iv_sz; + clib_memset_u8 (op->iv, 0, iv_sz); + /* include iv field in crypto */ + op->src -= iv_sz; + op->len += iv_sz; } } diff --git a/src/vnet/ipsec/ipsec_sa.h b/src/vnet/ipsec/ipsec_sa.h index b3e138bfbea..bc9f3b47683 100644 --- a/src/vnet/ipsec/ipsec_sa.h +++ b/src/vnet/ipsec/ipsec_sa.h @@ -122,6 +122,8 @@ typedef struct u64 replay_window; dpo_id_t dpo; + u64 iv_counter; + vnet_crypto_key_index_t crypto_key_index; vnet_crypto_key_index_t integ_key_index; vnet_crypto_op_id_t crypto_enc_op_id:16; @@ -161,7 +163,6 @@ typedef struct /* Salt used in GCM modes - stored in network byte order */ u32 salt; - u64 gcm_iv_counter; } ipsec_sa_t; STATIC_ASSERT_OFFSET_OF (ipsec_sa_t, cacheline1, CLIB_CACHE_LINE_BYTES); diff --git a/src/vnet/l2/l2_input.c b/src/vnet/l2/l2_input.c index 7b93fba20b1..8a7ab802175 100644 --- a/src/vnet/l2/l2_input.c +++ b/src/vnet/l2/l2_input.c @@ -800,9 +800,6 @@ set_int_l2_mode (vlib_main_t * vm, vnet_main_t * vnet_main, /* */ config->feature_bitmap &= ~(L2INPUT_FEAT_LEARN | L2INPUT_FEAT_FWD | L2INPUT_FEAT_FLOOD); shg = 0; /* not used in xconnect */ - - /* Insure all packets go to ethernet-input */ - ethernet_set_rx_redirect (vnet_main, hi, 1); } /* set up split-horizon group and set output feature bit */ @@ -827,25 +824,18 @@ set_int_l2_mode (vlib_main_t * vm, vnet_main_t * vnet_main, /* */ { if ((hi->l2_if_count == 1) && (l2_if_adjust == 1)) { - /* Just added first L2 interface on this port */ - - /* Set promiscuous mode on the l2 interface */ + /* Just added first L2 interface on this port + * Set promiscuous mode on the l2 interface */ ethernet_set_flags (vnet_main, hi->hw_if_index, ETHERNET_INTERFACE_FLAG_ACCEPT_ALL); - - /* ensure all packets go to ethernet-input */ - ethernet_set_rx_redirect (vnet_main, hi, 1); - } else if ((hi->l2_if_count == 0) && (l2_if_adjust == -1)) { - /* Just removed only L2 subinterface on this port */ - - /* Disable promiscuous mode on the l2 interface */ - ethernet_set_flags (vnet_main, hi->hw_if_index, 0); + /* Just removed only L2 subinterface on this port + * Disable promiscuous mode on the l2 interface */ + ethernet_set_flags (vnet_main, hi->hw_if_index, + /*ETHERNET_INTERFACE_FLAG_DEFAULT_L3 */ 0); - /* Allow ip packets to go directly to ip4-input etc */ - ethernet_set_rx_redirect (vnet_main, hi, 0); } } diff --git a/src/vnet/l2/l2_patch.c b/src/vnet/l2/l2_patch.c index fb8849dc261..618ae20536d 100644 --- a/src/vnet/l2/l2_patch.c +++ b/src/vnet/l2/l2_patch.c @@ -270,15 +270,15 @@ vnet_l2_patch_add_del (u32 rx_sw_if_index, u32 tx_sw_if_index, int is_add) ETHERNET_INTERFACE_FLAG_ACCEPT_ALL); vnet_feature_enable_disable ("device-input", "l2-patch", - rxhi->hw_if_index, 1, 0, 0); + rxhi->sw_if_index, 1, 0, 0); } else { ethernet_set_flags (l2pm->vnet_main, rxhi->hw_if_index, - 0 /* disable promiscuous mode */ ); + /*ETHERNET_INTERFACE_FLAG_DEFAULT_L3 */ 0); vnet_feature_enable_disable ("device-input", "l2-patch", - rxhi->hw_if_index, 0, 0, 0); + rxhi->sw_if_index, 0, 0, 0); if (vec_len (l2pm->tx_next_by_rx_sw_if_index) > rx_sw_if_index) { l2pm->tx_next_by_rx_sw_if_index[rx_sw_if_index] = ~0; diff --git a/src/vnet/lisp-cp/control.c b/src/vnet/lisp-cp/control.c index d2cc8da717b..6f26d1e2aeb 100644 --- a/src/vnet/lisp-cp/control.c +++ b/src/vnet/lisp-cp/control.c @@ -1398,19 +1398,19 @@ vnet_lisp_del_mapping (gid_address_t * eid, u32 * res_map_index) gid_address_copy (&m_args->eid, eid); m_args->locator_set_index = old_map->locator_set_index; - /* delete mapping associated from map-cache */ - vnet_lisp_map_cache_add_del (m_args, 0); - ls_args->is_add = 0; ls_args->index = old_map->locator_set_index; - /* delete locator set */ - vnet_lisp_add_del_locator_set (ls_args, 0); - /* delete timer associated to the mapping if any */ if (old_map->timer_set) mapping_delete_timer (lcm, mi); + /* delete locator set */ + vnet_lisp_add_del_locator_set (ls_args, 0); + + /* delete mapping associated from map-cache */ + vnet_lisp_map_cache_add_del (m_args, 0); + /* return old mapping index */ if (res_map_index) res_map_index[0] = mi; @@ -2004,8 +2004,8 @@ vnet_lisp_add_del_locator (vnet_lisp_add_del_locator_set_args_t * a, removed = 1; remove_locator_from_locator_set (ls, locit, ls_index, loc_id); } - if (0 == loc->local && - !gid_address_cmp (&loc->address, &itloc->address)) + else if (0 == loc->local && + !gid_address_cmp (&loc->address, &itloc->address)) { removed = 1; remove_locator_from_locator_set (ls, locit, ls_index, loc_id); @@ -2083,14 +2083,9 @@ vnet_lisp_add_del_locator_set (vnet_lisp_add_del_locator_set_args_t * a, ls->name = vec_dup (a->name); if (!lcm->locator_set_index_by_name) - lcm->locator_set_index_by_name = hash_create_vec ( - /* size */ - 0, - sizeof - (ls->name - [0]), - sizeof - (uword)); + lcm->locator_set_index_by_name = + hash_create_vec ( /* size */ 0, sizeof (ls->name[0]), + sizeof (uword)); hash_set_mem (lcm->locator_set_index_by_name, ls->name, ls_index); diff --git a/src/vnet/lisp-cp/lisp_cli.c b/src/vnet/lisp-cp/lisp_cli.c index 5cd183402b0..817fb50156b 100644 --- a/src/vnet/lisp-cp/lisp_cli.c +++ b/src/vnet/lisp-cp/lisp_cli.c @@ -418,14 +418,16 @@ done: return error; } -VLIB_CLI_COMMAND (lisp_add_del_remote_mapping_command) = -{ -.path = "lisp remote-mapping",.short_help = - "lisp remote-mapping add|del [del-all] vni <vni> " - "eid <est-eid> [action <no-action|natively-forward|" - "send-map-request|drop>] rloc <dst-locator> p <prio> w <weight> " - "[rloc <dst-locator> ... ]",.function = - lisp_add_del_remote_mapping_command_fn,}; +/* *INDENT-OFF* */ +VLIB_CLI_COMMAND (lisp_add_del_remote_mapping_command) = { + .path = "lisp remote-mapping", + .short_help = "lisp remote-mapping add|del [del-all] vni <vni> " + "eid <est-eid> [action <no-action|natively-forward|" + "send-map-request|drop>] rloc <dst-locator> p <prio> " + "w <weight> [rloc <dst-locator> ... ]", + .function = lisp_add_del_remote_mapping_command_fn, +}; +/* *INDENT-ON* */ /** * Handler for add/del adjacency CLI. @@ -892,54 +894,44 @@ VLIB_CLI_COMMAND (lisp_cp_show_eid_table_command) = { static clib_error_t * -lisp_enable_disable_command_fn (vlib_main_t * vm, unformat_input_t * input, - vlib_cli_command_t * cmd) +lisp_enable_command_fn (vlib_main_t * vm, unformat_input_t * input, + vlib_cli_command_t * cmd) { - unformat_input_t _line_input, *line_input = &_line_input; - u8 is_enabled = 0; - u8 is_set = 0; - clib_error_t *error = NULL; + if (unformat_check_input (input) != UNFORMAT_END_OF_INPUT) + return clib_error_return (0, "parse error: '%U'", format_unformat_error, + input); - /* Get a line of input. */ - if (!unformat_user (input, unformat_line_input, line_input)) - return clib_error_return (0, "expected enable | disable"); + vnet_lisp_enable_disable (1); - while (unformat_check_input (line_input) != UNFORMAT_END_OF_INPUT) - { - if (unformat (line_input, "enable")) - { - is_set = 1; - is_enabled = 1; - } - else if (unformat (line_input, "disable")) - is_set = 1; - else - { - error = clib_error_return (0, "parse error: '%U'", - format_unformat_error, line_input); - goto done; - } - } + return 0; +} - if (!is_set) - { - error = clib_error_return (0, "state not set"); - goto done; - } +/* *INDENT-OFF* */ +VLIB_CLI_COMMAND (lisp_cp_enable_command) = { + .path = "lisp enable", + .short_help = "lisp enable", + .function = lisp_enable_command_fn, +}; +/* *INDENT-ON* */ - vnet_lisp_enable_disable (is_enabled); +static clib_error_t * +lisp_disable_command_fn (vlib_main_t * vm, unformat_input_t * input, + vlib_cli_command_t * cmd) +{ + if (unformat_check_input (input) != UNFORMAT_END_OF_INPUT) + return clib_error_return (0, "parse error: '%U'", format_unformat_error, + input); -done: - unformat_free (line_input); + vnet_lisp_enable_disable (0); - return error; + return 0; } /* *INDENT-OFF* */ -VLIB_CLI_COMMAND (lisp_cp_enable_disable_command) = { - .path = "lisp", - .short_help = "lisp [enable|disable]", - .function = lisp_enable_disable_command_fn, +VLIB_CLI_COMMAND (lisp_cp_disable_command) = { + .path = "lisp disable", + .short_help = "lisp disable", + .function = lisp_disable_command_fn, }; /* *INDENT-ON* */ @@ -1163,7 +1155,7 @@ lisp_add_del_locator_set_command_fn (vlib_main_t * vm, /* Get a line of input. */ if (!unformat_user (input, unformat_line_input, line_input)) - return 0; + return clib_error_return (0, "missing parameters"); while (unformat_check_input (line_input) != UNFORMAT_END_OF_INPUT) { @@ -1187,6 +1179,7 @@ lisp_add_del_locator_set_command_fn (vlib_main_t * vm, } } + vec_terminate_c_string (locator_set_name); a->name = locator_set_name; a->locators = locators; a->is_add = is_add; diff --git a/src/vnet/lisp-cp/one_api.c b/src/vnet/lisp-cp/one_api.c index 56cb74b0c77..e96e950cfea 100644 --- a/src/vnet/lisp-cp/one_api.c +++ b/src/vnet/lisp-cp/one_api.c @@ -1214,7 +1214,7 @@ one_adjacency_copy (vl_api_one_adjacency_t * dst, lisp_adjacency_t * adjs) clib_memcpy (a.leid, &nsh, sizeof (nsh)); break; default: - ASSERT (0); + ALWAYS_ASSERT (0); } dst[i] = a; } diff --git a/src/vnet/lisp-cp/one_cli.c b/src/vnet/lisp-cp/one_cli.c index d5a0ee00015..e44632f9760 100644 --- a/src/vnet/lisp-cp/one_cli.c +++ b/src/vnet/lisp-cp/one_cli.c @@ -1369,54 +1369,44 @@ VLIB_CLI_COMMAND (one_cp_enable_disable_xtr_mode_command) = { /* *INDENT-ON* */ static clib_error_t * -lisp_enable_disable_command_fn (vlib_main_t * vm, unformat_input_t * input, - vlib_cli_command_t * cmd) +one_enable_command_fn (vlib_main_t * vm, unformat_input_t * input, + vlib_cli_command_t * cmd) { - unformat_input_t _line_input, *line_input = &_line_input; - u8 is_enabled = 0; - u8 is_set = 0; - clib_error_t *error = NULL; + if (unformat_check_input (input) != UNFORMAT_END_OF_INPUT) + return clib_error_return (0, "parse error: '%U'", format_unformat_error, + input); - /* Get a line of input. */ - if (!unformat_user (input, unformat_line_input, line_input)) - return clib_error_return (0, "expected enable | disable"); + vnet_lisp_enable_disable (1); - while (unformat_check_input (line_input) != UNFORMAT_END_OF_INPUT) - { - if (unformat (line_input, "enable")) - { - is_set = 1; - is_enabled = 1; - } - else if (unformat (line_input, "disable")) - is_set = 1; - else - { - error = clib_error_return (0, "parse error: '%U'", - format_unformat_error, line_input); - goto done; - } - } + return 0; +} - if (!is_set) - { - error = clib_error_return (0, "state not set"); - goto done; - } +/* *INDENT-OFF* */ +VLIB_CLI_COMMAND (one_cp_enable_command) = { + .path = "one enable", + .short_help = "one enable", + .function = one_enable_command_fn, +}; +/* *INDENT-ON* */ - vnet_lisp_enable_disable (is_enabled); +static clib_error_t * +one_disable_command_fn (vlib_main_t * vm, unformat_input_t * input, + vlib_cli_command_t * cmd) +{ + if (unformat_check_input (input) != UNFORMAT_END_OF_INPUT) + return clib_error_return (0, "parse error: '%U'", format_unformat_error, + input); -done: - unformat_free (line_input); + vnet_lisp_enable_disable (0); - return error; + return 0; } /* *INDENT-OFF* */ -VLIB_CLI_COMMAND (one_cp_enable_disable_command) = { - .path = "one", - .short_help = "one [enable|disable]", - .function = lisp_enable_disable_command_fn, +VLIB_CLI_COMMAND (one_cp_disable_command) = { + .path = "one disable", + .short_help = "one disable", + .function = one_disable_command_fn, }; /* *INDENT-ON* */ diff --git a/src/vnet/session/session.c b/src/vnet/session/session.c index 258a15898b6..ec3c9cbde15 100644 --- a/src/vnet/session/session.c +++ b/src/vnet/session/session.c @@ -573,6 +573,11 @@ session_enqueue_notify_inline (session_t * s) SESSION_EVT (SESSION_EVT_ENQ, s, svm_fifo_max_dequeue_prod (s->rx_fifo)); s->flags &= ~SESSION_F_RX_EVT; + + /* Application didn't confirm accept yet */ + if (PREDICT_FALSE (s->session_state == SESSION_STATE_ACCEPTING)) + return 0; + if (PREDICT_FALSE (app_worker_lock_and_send_event (app_wrk, s, SESSION_IO_EVT_RX))) return -1; @@ -745,8 +750,11 @@ session_stream_connect_notify_inline (transport_connection_t * tc, u8 is_fail, if (app_worker_connect_notify (app_wrk, s, opaque)) { + session_lookup_del_connection (tc); + /* Avoid notifying app about rejected session cleanup */ s = session_get (new_si, new_ti); - session_free_w_fifos (s); + segment_manager_dealloc_fifos (s->rx_fifo, s->tx_fifo); + session_free (s); return -1; } diff --git a/src/vnet/session/session_lookup.c b/src/vnet/session/session_lookup.c index 604344a27cd..6c787fbe34b 100644 --- a/src/vnet/session/session_lookup.c +++ b/src/vnet/session/session_lookup.c @@ -156,25 +156,28 @@ make_v6_ss_kv_from_tc (session_kv6_t * kv, transport_connection_t * tc) } static session_table_t * -session_table_get_or_alloc (u8 fib_proto, u8 fib_index) +session_table_get_or_alloc (u8 fib_proto, u32 fib_index) { session_table_t *st; u32 table_index; - if (vec_len (fib_index_to_table_index[fib_proto]) <= fib_index) + ASSERT (fib_index != ~0); + if (vec_len (fib_index_to_table_index[fib_proto]) > fib_index && + fib_index_to_table_index[fib_proto][fib_index] != ~0) + { + table_index = fib_index_to_table_index[fib_proto][fib_index]; + return session_table_get (table_index); + } + else { st = session_table_alloc (); table_index = session_table_index (st); - vec_validate (fib_index_to_table_index[fib_proto], fib_index); + vec_validate_init_empty (fib_index_to_table_index[fib_proto], fib_index, + ~0); fib_index_to_table_index[fib_proto][fib_index] = table_index; st->active_fib_proto = fib_proto; session_table_init (st, fib_proto); return st; } - else - { - table_index = fib_index_to_table_index[fib_proto][fib_index]; - return session_table_get (table_index); - } } static session_table_t * diff --git a/src/vnet/session/session_node.c b/src/vnet/session/session_node.c index eb5876d2c3d..ebb3503ff6b 100644 --- a/src/vnet/session/session_node.c +++ b/src/vnet/session/session_node.c @@ -906,6 +906,8 @@ session_tx_fifo_read_and_snd_i (session_worker_t * wrk, return SESSION_TX_NO_BUFFERS; } + transport_connection_update_tx_bytes (ctx->tc, ctx->max_len_to_snd); + ctx->left_to_snd = ctx->max_len_to_snd; n_left = ctx->n_segs_per_evt; @@ -979,7 +981,6 @@ session_tx_fifo_read_and_snd_i (session_worker_t * wrk, vlib_buffer_free (vm, wrk->tx_buffers, n_bufs); *n_tx_packets += ctx->n_segs_per_evt; - transport_connection_update_tx_bytes (ctx->tc, ctx->max_len_to_snd); SESSION_EVT (SESSION_EVT_DEQ, ctx->s, ctx->max_len_to_snd, ctx->max_dequeue, ctx->s->tx_fifo->has_event, wrk->last_vlib_time); diff --git a/src/vnet/srv6/sr_policy_rewrite.c b/src/vnet/srv6/sr_policy_rewrite.c index feac151665a..1d6b7816b52 100755 --- a/src/vnet/srv6/sr_policy_rewrite.c +++ b/src/vnet/srv6/sr_policy_rewrite.c @@ -1012,7 +1012,7 @@ show_sr_policies_command_fn (vlib_main_t * vm, unformat_input_t * input, } s = format (s, "\b\b > "); s = format (s, "weight: %u", segment_list->weight); - vlib_cli_output (vm, " %s", s); + vlib_cli_output (vm, " %v", s); } vlib_cli_output (vm, "-----------"); } diff --git a/src/vnet/srv6/sr_steering.c b/src/vnet/srv6/sr_steering.c index 566ba1fe5a0..aa98a45d3da 100755 --- a/src/vnet/srv6/sr_steering.c +++ b/src/vnet/srv6/sr_steering.c @@ -146,14 +146,11 @@ sr_steering_policy (int is_del, ip6_address_t * bsid, u32 sr_policy_index, /* Remove promiscous mode from interface */ vnet_main_t *vnm = vnet_get_main (); - ethernet_main_t *em = ðernet_main; - ethernet_interface_t *eif = - ethernet_get_interface (em, sw_if_index); - - if (!eif) - goto cleanup_error_redirection; - - ethernet_set_flags (vnm, sw_if_index, 0); + vnet_hw_interface_t *hi = + vnet_get_sup_hw_interface (vnm, sw_if_index); + /* Make sure it is main interface */ + if (hi->sw_if_index == sw_if_index) + ethernet_set_flags (vnm, hi->hw_if_index, 0); } /* Delete SR steering policy entry */ @@ -289,14 +286,11 @@ sr_steering_policy (int is_del, ip6_address_t * bsid, u32 sr_policy_index, /* Set promiscous mode on interface */ vnet_main_t *vnm = vnet_get_main (); - ethernet_main_t *em = ðernet_main; - ethernet_interface_t *eif = ethernet_get_interface (em, sw_if_index); - - if (!eif) - goto cleanup_error_redirection; - - ethernet_set_flags (vnm, sw_if_index, - ETHERNET_INTERFACE_FLAG_ACCEPT_ALL); + vnet_hw_interface_t *hi = vnet_get_sup_hw_interface (vnm, sw_if_index); + /* Make sure it is main interface */ + if (hi->sw_if_index == sw_if_index) + ethernet_set_flags (vnm, hi->hw_if_index, + ETHERNET_INTERFACE_FLAG_ACCEPT_ALL); } else if (traffic_type == SR_STEER_IPV4) if (!sr_policy->is_encap) diff --git a/src/vnet/tcp/tcp_bt.c b/src/vnet/tcp/tcp_bt.c index b6649444eb5..e5162515da6 100644 --- a/src/vnet/tcp/tcp_bt.c +++ b/src/vnet/tcp/tcp_bt.c @@ -336,6 +336,7 @@ tcp_bt_track_rxt (tcp_connection_t * tc, u32 start, u32 end) tcp_bt_sample_t *bts, *next, *cur, *prev, *nbts; u32 bts_index, cur_index, next_index, prev_index, max_seq; u8 is_end = end == tc->snd_nxt; + tcp_bts_flags_t bts_flags; /* Contiguous blocks retransmitted at the same time */ bts = bt_get_sample (bt, bt->last_ooo); @@ -350,8 +351,10 @@ tcp_bt_track_rxt (tcp_connection_t * tc, u32 start, u32 end) return; } - /* Find original tx sample */ + /* Find original tx sample and cache flags in case the sample + * is freed or the pool moves */ bts = bt_lookup_seq (bt, start); + bts_flags = bts->flags; ASSERT (bts != 0 && seq_geq (start, bts->min_seq)); @@ -364,11 +367,12 @@ tcp_bt_track_rxt (tcp_connection_t * tc, u32 start, u32 end) { prev_index = bts->prev; next = bt_fix_overlapped (bt, bts, end, is_end); + /* bts might no longer be valid from here */ next_index = bt_sample_index (bt, next); cur = tcp_bt_alloc_tx_sample (tc, start, end); cur->flags |= TCP_BTS_IS_RXT; - if (bts->flags & TCP_BTS_IS_RXT) + if (bts_flags & TCP_BTS_IS_RXT) cur->flags |= TCP_BTS_IS_RXT_LOST; cur->next = next_index; cur->prev = prev_index; @@ -410,7 +414,7 @@ tcp_bt_track_rxt (tcp_connection_t * tc, u32 start, u32 end) /* Have to split or tail overlap */ cur = tcp_bt_alloc_tx_sample (tc, start, end); cur->flags |= TCP_BTS_IS_RXT; - if (bts->flags & TCP_BTS_IS_RXT) + if (bts_flags & TCP_BTS_IS_RXT) cur->flags |= TCP_BTS_IS_RXT_LOST; cur->prev = bts_index; cur_index = bt_sample_index (bt, cur); @@ -587,11 +591,12 @@ tcp_bt_sample_delivery_rate (tcp_connection_t * tc, tcp_rate_sample_t * rs) return; delivered = tc->bytes_acked + tc->sack_sb.last_sacked_bytes; + /* Do not count bytes that were previously sacked again */ + delivered -= tc->sack_sb.last_bytes_delivered; if (!delivered || tc->bt->head == TCP_BTS_INVALID_INDEX) return; - /* Do not count bytes that were previously sacked again */ - tc->delivered += delivered - tc->sack_sb.last_bytes_delivered; + tc->delivered += delivered; tc->delivered_time = tcp_time_now_us (tc->c_thread_index); if (tc->app_limited && tc->delivered > tc->app_limited) diff --git a/src/vnet/tcp/tcp_output.c b/src/vnet/tcp/tcp_output.c index 9eba05eb71e..f0f5e82177f 100644 --- a/src/vnet/tcp/tcp_output.c +++ b/src/vnet/tcp/tcp_output.c @@ -121,6 +121,11 @@ tcp_update_rcv_wnd (tcp_connection_t * tc) * Figure out how much space we have available */ available_space = transport_max_rx_enqueue (&tc->connection); + + /* Make sure we have a multiple of 1 << rcv_wscale. We round down to + * avoid advertising a window larger than what can be buffered */ + available_space = round_down_pow2 (available_space, 1 << tc->rcv_wscale); + if (PREDICT_FALSE (available_space < tc->rcv_opts.mss)) { tc->rcv_wnd = 0; @@ -136,7 +141,7 @@ tcp_update_rcv_wnd (tcp_connection_t * tc) /* Bad. Thou shalt not shrink */ if (PREDICT_FALSE ((i32) available_space < observed_wnd)) { - wnd = clib_max (observed_wnd, 0); + wnd = round_pow2 (clib_max (observed_wnd, 0), 1 << tc->rcv_wscale); TCP_EVT (TCP_EVT_RCV_WND_SHRUNK, tc, observed_wnd, available_space); } else @@ -144,14 +149,6 @@ tcp_update_rcv_wnd (tcp_connection_t * tc) wnd = available_space; } - /* Make sure we have a multiple of rcv_wscale */ - if (wnd && tc->rcv_wscale) - { - wnd &= ~((1 << tc->rcv_wscale) - 1); - if (wnd == 0) - wnd = 1 << tc->rcv_wscale; - } - tc->rcv_wnd = clib_min (wnd, TCP_WND_MAX << tc->rcv_wscale); } diff --git a/src/vnet/udp/udp.h b/src/vnet/udp/udp.h index 5ff613b568a..a5c7b53394e 100644 --- a/src/vnet/udp/udp.h +++ b/src/vnet/udp/udp.h @@ -256,6 +256,7 @@ udp_get_dst_port_info (udp_main_t * um, udp_dst_port_t dst_port, u8 is_ip4) format_function_t format_udp_header; format_function_t format_udp_rx_trace; unformat_function_t unformat_udp_header; +unformat_function_t unformat_udp_port; void udp_register_dst_port (vlib_main_t * vm, udp_dst_port_t dst_port, diff --git a/src/vnet/udp/udp_encap.h b/src/vnet/udp/udp_encap.h index 888efa8c37c..9d82e59ba55 100644 --- a/src/vnet/udp/udp_encap.h +++ b/src/vnet/udp/udp_encap.h @@ -68,14 +68,14 @@ typedef struct udp_encap_t_ } __attribute__ ((packed)) ue_hdrs; /** - * Flags controlling fixup behaviour + * The DPO used to forward to the next node in the VLIB graph */ - udp_encap_fixup_flags_t ue_flags; + dpo_id_t ue_dpo; /** - * The DPO used to forward to the next node in the VLIB graph + * Flags controlling fixup behaviour */ - dpo_id_t ue_dpo; + udp_encap_fixup_flags_t ue_flags; /** * the protocol of the IP header imposed diff --git a/src/vnet/udp/udp_format.c b/src/vnet/udp/udp_format.c index 2277e18bcdb..93e7508711b 100644 --- a/src/vnet/udp/udp_format.c +++ b/src/vnet/udp/udp_format.c @@ -82,6 +82,23 @@ format_udp_header (u8 * s, va_list * args) return s; } +uword +unformat_udp_port (unformat_input_t * input, va_list * args) +{ + u16 *result = va_arg (*args, u16 *); + int port; + + /* Numeric type. */ + if (unformat (input, "0x%x", &port) || unformat (input, "%d", &port)) + { + if (port <= 0 || port >= (1 << 16)) + return 0; + *result = port; + return 1; + } + return 0; +} + /* * fd.io coding-style-patch-verification: ON * |