summaryrefslogtreecommitdiffstats
path: root/src/plugins/linux-cp
AgeCommit message (Collapse)AuthorFilesLines
2022-03-29linux-cp: fix tap interface attrs in case the sw pool realloc'dVladislav Grishenko1-18/+16
Creating tap interface / sub interface causes allocation of a new software interface with possible sw interface pool reallocation. In such case accessing L3 MTU and interface flags by obsolete sw pointer is UAF. Instead, keep desired tap interface MTU value before sw intreface creation and refetch sw pointer right before sw flags inheritance. Type: fix Fixes: b89c1ddcb3b4f9138ca3ebefb2115f896ff3e1bd Signed-off-by: Vladislav Grishenko <themiron@yandex-team.ru> Change-Id: I21ea46d146d11060bb9bedc77377ab17ae9e22e8
2022-03-29linux-cp: handle ipv4 routes when link goes down on subifAlexander Chernavin1-17/+43
Type: improvement Currently, the plugin can monitor link state changes on hardware interfaces for which a linux-cp pair exists. When the link goes down on one of the hardware interfaces, the plugin processes IPv4 routes that resolve through that interface according to the configurations: del-static-on-link-down and del-dynamic-on-link-down. The problem is that link state changes are not signaled for subinterfaces and the code that handles IPv4 routes is not triggered. When the link on a hardware interface goes down, it implies that subinterfaces added to that interface also will have the link in the down state. With this change, when the link goes down on a hardware interface, iterate over subinterfaces added to the interface and apply the same logic of routes processing as for hardware interfaces. Signed-off-by: Alexander Chernavin <achernavin@netgate.com> Change-Id: I97337d2e328437c73f2d99a00737768778f197a1
2022-03-29linux-cp: add support for table flush if multiple interfacesAlexander Chernavin1-15/+39
Type: improvement lcp_router_table_flush() is used to remove routes from the given route table if they are resolved through the given interface with specified FIB source. Currently, if you need to remove routes from a route table that are resolved through one of the interfaces from a vector, the function has to be executed for every interface from the vector. Every execution walks the route table again. With this change, lcp_router_table_flush() accepts a vector of interfaces. Thus, the function can walk a single route table once and delete routes that resolve through one of the interfaces from the vector. Signed-off-by: Alexander Chernavin <achernavin@netgate.com> Change-Id: I6d99384064d279dea24bb4dc1790a1af943be41c
2022-03-28linux-cp: Fix API responsePim van Pelt1-5/+7
* Correct endianness issue * lip_namespace is a vector not a string * Provide null termination to avoid unpack() failures in the client Responses in the python API now look like: lcp_itf_pair_details(_0=328, context=3, phy_sw_if_index=1, host_sw_if_index=3, vif_index=19, host_if_name='ice0', host_if_type=<vl_api_lcp_itf_host_type_t.LCP_API_ITF_HOST_TAP: 0>, namespace='dataplane') lcp_itf_pair_details(_0=328, context=3, phy_sw_if_index=2, host_sw_if_index=4, vif_index=20, host_if_name='ice1', host_if_type=<vl_api_lcp_itf_host_type_t.LCP_API_ITF_HOST_TAP: 0>, namespace='dataplane') lcp_itf_pair_details(_0=328, context=3, phy_sw_if_index=5, host_sw_if_index=6, vif_index=21, host_if_name='ice0.1234', host_if_type=<vl_api_lcp_itf_host_type_t.LCP_API_ITF_HOST_TAP: 0>, namespace='dataplane') Type: fix Signed-off-by: Pim van Pelt <pim@ipng.nl> Change-Id: If4bf06a8b70977676ec7f5b1413cee6cc9d1714a
2022-03-27linux-cp: fix name formattingDmitry Valter1-1/+1
Format host interface name as vector rather than c-string. Otherwise non-null-terminated vector overrun triggers ASAN. Type: fix Fixes: 1705a6baefe205bb6792b547c7376eee3f328a71 Signed-off-by: Dmitry Valter <d-valter@yandex-team.ru> Change-Id: Ib204e57ee17c7ed3bfeb568dcdd834d7d7519102
2022-03-25linux-cp: handle ipv4 routes when link goes downAlexander Chernavin5-0/+163
Type: improvement Currently, when the link goes down on an interface, routes that resolve through that interface and created with Nexthop API are removed by the kernel. However, IPv4 routes remain in the FIB because the kernel doesn't send any notifications about that. And for the plugin working with user-space applications that create routes in the kernel using Nexthop API there should be a mechanism to synchronize the FIB and the kernel in this case. With this change, add two new startup configuration options to the plugin to be able to control what should happen with static and dynamic routes managed by the plugin on link down: - del-static-on-link-down (disabled by default, delete routes created with the linux-cp static FIB source on link down), - del-dynamic-on-link-down (disabled by default, delete routes created with the linux-cp dynamic FIB source on link down). Then, monitor link state changes on interfaces for which a linux-cp pair exists. If the link goes down on one of the interfaces, process routes that resolve through that interface according to the new configurations. Signed-off-by: Alexander Chernavin <achernavin@netgate.com> Change-Id: I0fbaeeca3f3d1fcd22e8eebb08a0a4a3d0dfe5b8
2022-03-07linux-cp: handle ipv4 routes when interface is disabledAlexander Chernavin1-2/+88
Type: improvement Currently, when an interface is brought down administratively, IPv4 routes that resolve through that interface remain in the FIB. However, the kernel removes those routes but doesn't send any notifications about that. Desynchronization between the kernel and VPP happens. With this change, when a notification received from the kernel indicating that an interface was brought down, in addition to bringing the VPP interface down, walk the IPv4 FIB bound to that interface and remove any entries that resolve through that interface and were added with one of the linux-cp FIB sources. Signed-off-by: Alexander Chernavin <achernavin@netgate.com> Change-Id: I0cd14bb63c9e6616ae1c5739b17c3bf33b186bc2
2022-03-04linux-cp: fix issue of possibly closing negative fdAlexander Chernavin1-5/+14
Type: fix Primarily fix an issue reported by Coverity in lcp_nl_open_sync_socket() that close() could possibly be run with negative fd. Also, add more checks and error logging there. Signed-off-by: Alexander Chernavin <achernavin@netgate.com> Change-Id: I9a88520d068392977a6eba0766451e5652fe512c
2022-03-04linux-cp: stop signaling read event on every notifAlexander Chernavin1-7/+9
Type: improvement Currently, read event signal is sent on every notification message received and added in the queue. With this change, signal read event only when all currently available notification messages are received. Signed-off-by: Alexander Chernavin <achernavin@netgate.com> Change-Id: Ib86d189311ce01f50167e4e97feb99df0292ad96
2022-03-04linux-cp: stop ignoring ENOBUFS while reading notifAlexander Chernavin1-9/+2
Type: improvement Currently, while reading notifications, ENOBUFS error is ignored and reading continues. This was done to minimize the number of notifications that are lost due to reopening the socket. Now that synchronization is implemented to recover from socket errors, ignoring ENOBUFS and reading as much notifications as possible is not actual. Before synchronization, all currently enqueued notification are discarded in any case. With this change, stop reading notifications if any error occurs. Signed-off-by: Alexander Chernavin <achernavin@netgate.com> Change-Id: I1184d9a3aa99df63ef59bc2a67be2b1e5e0e9329
2022-03-04linux-cp: ignore neighbors if ip addr is multicastAlexander Chernavin1-0/+17
Type: improvement When dump of neighbors is requested, the replies will also include neighbor entries for IPv6 multicast addresses: GigabitEthernet0/8/0 S ff02::16 33:33:00:00:00:16 GigabitEthernet0/8/0 S ff02::1:ff76:7135 33:33:ff:76:71:35 GigabitEthernet0/8/0 S ff02::2 33:33:00:00:00:02 Such entries are not reported in netlink notification messages and VPP is unlikely to use these. With this change, ignore neighbor entries when the IP address is a multicast address. Signed-off-by: Alexander Chernavin <achernavin@netgate.com> Change-Id: Ic712aa4904f1d559f31fd89ff4541268e2340f84
2022-03-03linux-cp: detect and delete stale entries after syncAlexander Chernavin1-0/+95
Type: improvement During synchronization, only the current actual set of entries is loaded. If some entries are no longer present in the set being loaded but present in VPP, they should be removed to fully syncronize. With this change, add handlers for sync begin and end events. Begin handlers will mark the entries as stale. End handlers will remove the entries that are still marked as stale. Signed-off-by: Alexander Chernavin <achernavin@netgate.com> Change-Id: I4f7e872af3e1c9ffa6c63bcc3984ec76def1bb43
2022-03-03linux-cp: resync with kernel after nl socket errorAlexander Chernavin2-27/+503
Type: improvement Currently, if an error happens on the netlink notification socket, the socket gets reopened. A portion of notification messages have been lost because of this and will never arrive on the socket. VPP will be out of sync with the kernel networking state. With this change, synchronize VPP state and the kernel networking state if there was an error polling or reading the notification socket. Signed-off-by: Alexander Chernavin <achernavin@netgate.com> Change-Id: I8cdff89b505cd227535a0acaadb6ee757204c45e
2022-03-03linux-cp: make check of message ts null-tolerantAlexander Chernavin1-0/+3
Type: improvement For some message types, timestamps are checked on netlink message to decide whether the message should be applied. For notification messages timestamps are expected to be always available. With this change, before accessing the timestamp, make sure the message info object that carries it is not null. If it is null, pass the check. This is to be ready to process dump replies that will not need the timestamp check and will have the message info object set to null. Signed-off-by: Alexander Chernavin <achernavin@netgate.com> Change-Id: Ic7211c0d451d72f6a5248898b3a8f8e0bca8f7aa
2022-03-03linux-cp: reflect hw link state on tap on pair creationAlexander Chernavin1-0/+14
Type: fix Currently, a tap interface created to be a member of a linux-cp pair has default link state (down) and default link speed (10Mb/s). Then the plugin monitors the link state of the paired hardware interface and if it changes, the new link state is reflected on the tap interface. And when the new link state is "up", the link speed is also reflected on the tap interface. The problem is that this scheme implies that the hardware interface's link state is "down" at the moment of the linux-cp pair creation and then changes. But there are cases when the link state is already "up" at that moment. If that is the case, the link speed on the tap interface will remain the default one until the link comes down and then comes up. With this fix, when a linux-cp pair is created, reflect current link state of the hardware interface being paired on the created tap interface. Signed-off-by: Alexander Chernavin <achernavin@netgate.com> Change-Id: I73664d753f4daaa6d439c9ca898fb7363d21c06d
2022-03-02linux-cp: lcp fib fixesVladimir Ratnikov1-5/+6
Some possible side effects for multicast routes appears to be in lcp_router_table_add_or_lock. so ff00/8 route will be processed for ospf purposes the right way Ignore IPv6 kernel routes Skip adding auto routes into FIB Type: fix Signed-off-by: Vladimir Ratnikov <vratnikov@netgate.com> Change-Id: I35f73d629a7fffca7f7d4547adc2549b72c2048f
2022-02-22linux-cp: Only enable/disable the punt feature on the 0<->1 transitionNeale Ranns1-9/+14
Type: fix otherwise the feature is enabled n times for n lcp-pairs and the packets go n times through the feature. Signed-off-by: Neale Ranns <neale@graphiant.com> Change-Id: I8e47e4a293d6e2711f54aa09e9545e5e07728026
2022-01-30linux-cp: check if libmnl headers are presentFlorin Coras1-0/+6
Type: improvement Signed-off-by: Florin Coras <fcoras@cisco.com> Change-Id: Icb86be8b37fa821f05300ee4415065ca96425fcb
2022-01-28linux-cp: Fix coverity issuePim van Pelt1-1/+1
Type: fix Possible negative return in open(), do not use curr_ns_fd if it is negative. Addresses Coverity issue 248535 Signed-off-by: Pim van Pelt <pim@ipng.nl> Change-Id: I8429ede0f1fe9fe6619e3c4dbd83adb620ea62c2
2022-01-28linux-cp: Linux Control Plane Netlink ListenerNeale Ranns8-16/+1768
Type: feature please see FEATURE.yaml for details. Signed-off-by: Neale Ranns <nranns@cisco.com> Signed-off-by: Matthew Smith <mgsmith@netgate.com> Signed-off-by: Jon Loeliger <jdl@netgate.com> Signed-off-by: Pim van Pelt <pim@ipng.nl> Signed-off-by: Neale Ranns <neale@graphiant.com> Change-Id: I6255fd9953d0b03e6b4fe75b67a6845a7c206f74 Signed-off-by: Pim van Pelt <pim@ipng.nl>
2022-01-18linux-cp: fix possible null derefPim van Pelt1-0/+2
Found by coverity as defect id 243763 Signed-off-by: Pim van Pelt <pim@ipng.nl> Type: fix Change-Id: Idbada5528a1f2625f6498072d538edf306268b6d
2022-01-11linux-cp: Add VPP->Linux synchronizationPim van Pelt7-166/+697
Part 1 -- notes in https://ipng.ch/s/articles/2021/08/13/vpp-2.html Add the ability for VPP to copy out (sync) its state from the dataplane to Linux Interface Pairs, when they exist. Gated by a configuration flag (linux-cp { lcp-sync }), and by a CLI option to toggle on/off, synchronize the following events: - Interface state changes - Interface MTU changes - Interface IPv4/IPv6 address add/deletion In VPP, subints can have any link state and MTU, orthogonal to their phy. In Linux, setting admin-down on a phy forces its children to be down as well. Also, in Linux, MTU of children must not exceed that of the phy. Add a state synchronizer which walks over phy+subints to ensure Linux and VPP end up in the same consistent state. Part 2 -- notes in https://ipng.ch/s/articles/2021/08/15/vpp-3.html Add the ability for VPP to autocreate sub-interfaces of existing Linux Interface pairs. Gated by a configuration flag (linux-cp { lcp-auto-subint }), and by a CLI option to toggle on/off, synchronize the following event: - Sub-interface creation (dot1q, dot1ad, QinQ and QinAD) A few other changes: - Add two functions into netlink.[ch] to delete ip4 and ip6 addresses. - Remove a spurious logline (printing MTU) in netlink.c. - Resolve a TODO around vnet_sw_interface_supports_addressing() Type: improvement Signed-off-by: Pim van Pelt <pim@ipng.nl> Change-Id: I34fc070e80af4013be58d7a8cbf64296cc760e4e Signed-off-by: Pim van Pelt <pim@ipng.nl>
2022-01-06tap: add num_tx_queues APINathan Skrzypczak1-0/+1
This adds a create_tap_v3 api that has a num_tx_queues parameter allowing to create more than num_workers queues, following on multi TX support Type: feature Change-Id: Idce433147e8dd165f842241d6c76e041e1b1c9b8 Signed-off-by: Nathan Skrzypczak <nathan.skrzypczak@gmail.com>
2021-11-26api: add helper macros for native endianMohsin Kazmi1-10/+2
Type: improvement Change-Id: Ifa074dfd337f9cd68858468d34abf641fe7f247f Signed-off-by: Mohsin Kazmi <sykazmi@cisco.com>
2021-11-03linux-cp: Cleanup any existing pairs when an interface is deletedNeale Ranns1-0/+17
Type: fix This only happens when the user deletes the physical before they delete the pair, that's not supoosed to be the case, but don't crash if it is. Signed-off-by: Neale Ranns <neale@graphiant.com> Change-Id: I8c2317b360d897775dde23833d04430f88531cbd
2021-09-09linux-cp: fix non-NULL terminated stringBenoît Ganne1-1/+1
lip->lip_host_name is a non-NULL terminated vector. Type: fix Change-Id: Ic154ad7f57f0b507204e55f78995cc0e89132e57 Signed-off-by: Benoît Ganne <bganne@cisco.com>
2021-09-09linux-cp: Complete interface creation logicPim van Pelt6-86/+268
Linux Control Plane interface creation logic is currently only able to create untagged interfaces, and dot1q VLAN sub-interfaces. This change makes it possible to create dot1ad VLAN sub-ints, and Q-in-AD as well as Q-in-Q sub-interfaces as well. It makes the plugin a bit more robust by catching a few common errors, such as creating an lcp on a sub-interface without its parent having one, and creating an lcp on a sub-interface that is not exact-match. This change has a bunch of smaller improvemnets as well. I documented my work in this post: https://ipng.ch/s/articles/2021/08/12/vpp-1.html It shows that after the change is merged, all VPP interface types now create and operate cleanly as LCP interfaces as well. Type: improvement Signed-off-by: Pim van Pelt <pim@ipng.nl> Change-Id: I322669f7316d44c227090b83d6a574fb9c00e76a
2021-09-08linux-cp: fix crash on failed vlib_buffer_copyPim van Pelt1-12/+24
Type: fix Signed-off-by: Pim van Pelt <pim@ipng.nl> Change-Id: I390282ecc63600728cf11413510c0169178e305c
2021-07-22vppinfra: add abstract socket & netns fnsNathan Skrzypczak1-23/+10
* Add clib_socket_init support for abstract sockets if name starts with an '@' * Add clib_socket_init_netns to open socket in netns * Add clib_netns_open Type: feature Change-Id: I89637ad657c702ec38ddecb5c03a1673d0dfb104 Signed-off-by: Nathan Skrzypczak <nathan.skrzypczak@gmail.com>
2021-07-15linux-cp: clear all db entries when deleting a pairSergio Gonzalez Monroy1-1/+2
Type: fix Change-Id: I5677cbb183b10c974a3a2e569d1a7a525a7eb45d Signed-off-by: Sergio Gonzalez Monroy <sgmonroy@gmail.com>
2021-06-24linux-cp: stop managing adjacencies for tunnelsAlexander Chernavin1-0/+12
Type: fix Outbound packets which arrive on tun/L3 interfaces use a default adjacency for the interface & address family from the corresponding interface pair. However, there are entries in the linux-cp adj table that are created for them. Managing these entries might cause a segfault because the rewrite data might exceed the reserved space for it of 28 bytes in the linux-cp adj key (e.g. in case of GRE IPv6). With this change, stop creating adjacencies for tun/L3 interfaces in the linux-cp adj table and delegating them. Signed-off-by: Alexander Chernavin <achernavin@netgate.com> Change-Id: I4bcd685860053ab87c65064c182e3ed53fd4fae9
2021-06-24linux-cp: add callbacks for pair managementMatthew Smith2-15/+41
Type: improvement Allow callbacks to be registered which will be called when an interface pair is added or deleted. Change-Id: I1c413ac2ada802021f9e56e2f878ce67e5eda2f5 Signed-off-by: Matthew Smith <mgsmith@netgate.com>
2021-06-03linux-cp: use default adjacencyMatthew Smith1-21/+16
Type: fix Outbound packets from the host have an adjacency lookup performed so buffer metadata can be filled in and output features can be applied. If no adjacency is found for a packet, it gets dropped. This breaks DHCP and possibly other things since the DHCP reply to a discover request is sent to a destination MAC address that is determined by the contents of the request packet rather than any existing neighbor table entry. If adjacency lookup for outbound packets does not find an entry, use the default adjacency for the interface & address family. Change-Id: Ia53a4df3a5bad2991768cfe4a84c560b879e656f Signed-off-by: Matthew Smith <mgsmith@netgate.com>
2021-05-25linux-cp: A V2 variant of pair create API that returns the hostNeale Ranns5-22/+88
interface created Type: improvement Signed-off-by: Neale Ranns <neale@graphiant.com> Change-Id: I31a83cd50513078895078bae3ae11372d351ddcd
2021-05-21linux-cp: Add delegate to adjacenciesMatthew Smith1-10/+74
Type: improvement When an adjacency is created, add the linux-cp delegate on the new adjacency so we can later deal with modifications & deletions in our cache of adjacency data. Add a pool of hash keys and associate the pool index for a particular key with the adj_delegate_t. If the rewrite on an adjacency is changed, this will allow us to delete the old hash table entry and it will not become orphaned. Signed-off-by: Matthew Smith <mgsmith@netgate.com> Change-Id: I072b960c02cf377d66f7d18b8c0e9e05824a0ca3
2021-05-13tests: move test source to vpp/testDave Wallace1-174/+0
- Generate copyright year and version instead of using hard-coded data Type: refactor Signed-off-by: Dave Wallace <dwallacelf@gmail.com> Change-Id: I6058f5025323b3aa483f5df4a2c4371e27b5914e
2021-04-30build: declare some CMake variables as advancedDamjan Marion1-1/+1
Type: make Change-Id: I780c1c81a50cb92bc89c05856efd8ef88479c0ab Signed-off-by: Damjan Marion <damarion@cisco.com>
2021-03-15tests: use socket transport instead of shared memoryOle Troan1-2/+2
Type: improvement Signed-off-by: Ole Troan <ot@cisco.com> Change-Id: I9e65c94a5a05047a5104e9361ea36eac77b40442 Signed-off-by: Ole Troan <ot@cisco.com>
2021-02-25linux-cp: fix vector-used-a-C-string overflowBenoît Ganne2-4/+3
lip_host_name is a non-NULL terminated vector, not a NULL-terminated C-string. Type: fix Change-Id: Ie5da59bc5680be72251904467d77b18263c882f8 Signed-off-by: Benoît Ganne <bganne@cisco.com>
2021-02-17linux-cp: fix coverity defectMatthew Smith1-0/+6
Type: fix If no host interface name is passed to the CLI command which creates an interface pair, NULL gets passed to lcp_itf_pair_create() and a seg fault occurs. Check whether a host interface name was provided and fail gracefully if none was given. Change-Id: I82886f4c2ee710e206c751c34a74399112e9062c Signed-off-by: Matthew Smith <mgsmith@netgate.com>
2021-02-04linux-cp: Linux Interface Mirroring for Control Plane IntegrationNeale Ranns15-0/+3555
Type: feature please see FEATURE.yaml for details. Signed-off-by: Neale Ranns <nranns@cisco.com> Signed-off-by: Matthew Smith <mgsmith@netgate.com> Signed-off-by: Jon Loeliger <jdl@netgate.com> Signed-off-by: Pim van Pelt <pim@ipng.nl> Change-Id: I04a45c15c0838906aa787e06660fa29f39f755fa