aboutsummaryrefslogtreecommitdiffstats
path: root/src/plugins/map
AgeCommit message (Collapse)AuthorFilesLines
2024-10-07ip: add extended shallow reassemblyKlement Sekera1-3/+2
This patch adds some fixes and improvements: Fixes bug where save_rewrite_length gets overwritten on reassembly handoff. Fixes bug where duplicate fragments could cause a reassembly context to be lost, because the race losing thread would remove bihash entry created by winning thread. Improves tracing by adding more events. Adds extended shallow reassembly. This is a toggleable option, which if turned on will cause reassembly to wait for both first and last fragments to calculate total IP payload length. Furthermore it'll store a local copy of first fragment and necessary data to retrieve it in vnet_buffer2. This allows downstream features to access full L3/L4 headers when dealing with fragments. Type: fix Change-Id: I81695070533410c5815291dbc65ea71c87e3ae05 Signed-off-by: Klement Sekera <klement.sekera@gmail.com>
2024-04-02map: BR rule lookup updateDan Geist4-7/+39
Update to the MAP rule lookup (in IPv6) based on the rule's source prefix instead of DMR Type: improvement Per RFC, the DMR is allowed to serve multiple MAP Basic Mapping Rules, but this capability was prevented by the above logic. Updates to the code include populating a new hash table based on the MAP rule ip6 prefix and length, changing several functions to reference this new table, and slight alterations to a few functions regarding pre-lookup bitmasking. All changes are commented with [dgeist] and are in need of peer review, especially the bitmask alterations. An attempt was made at generating an additonal MAP rule in the test_map_br test harness, but the coding appears very much oriented towards testing just one rule. I would appreciate suggestions on how to test multi-rule cases. Issue: VPP-2111 Change-Id: Id1fea280eba625e23cd893575d9b63aac7f48405 Signed-off-by: Dan Geist <dan@polter.net>
2024-03-12misc: remove GNU Indent directivesDamjan Marion6-42/+0
Type: refactor Change-Id: I5235bf3e9aff58af6ba2c14e8c6529c4fc9ec86c Signed-off-by: Damjan Marion <damarion@cisco.com>
2023-08-16tests docs: update python3 venv packagesDave Wallace3-0/+3
- Package update performed by 1. updating pip, pip-tools, setuptools 2. 'make test-refresh-deps' on ubuntu 22.04 3. fixing 'make test' and 'make docs' issues on ubuntu 22.04 4. 'make test-refresh-deps' on ubuntu 20.04 - Add dependency for 'make test-refresh-deps' to insure python venv is set up. - Update of python formatter, black, caused reformating of 41 python code files. Type: make Change-Id: I7cafdf4b5189065ac57cb6b254937f6e0897a924 Signed-off-by: Dave Wallace <dwallacelf@gmail.com>
2022-05-10tests: replace pycodestyle with blackKlement Sekera3-118/+284
Drop pycodestyle for code style checking in favor of black. Black is much faster, stable PEP8 compliant code style checker offering also automatic formatting. It aims to be very stable and produce smallest diffs. It's used by many small and big projects. Running checkstyle with black takes a few seconds with a terse output. Thus, test-checkstyle-diff is no longer necessary. Expand scope of checkstyle to all python files in the repo, replacing test-checkstyle with checkstyle-python. Also, fixstyle-python is now available for automatic style formatting. Note: python virtualenv has been consolidated in test/Makefile, test/requirements*.txt which will eventually be moved to a central location. This is required to simply the automated generation of docker executor images in the CI. Type: improvement Change-Id: I022a326603485f58585e879ac0f697fceefbc9c8 Signed-off-by: Klement Sekera <klement.sekera@gmail.com> Signed-off-by: Dave Wallace <dwallacelf@gmail.com>
2022-03-11map: fix memory leakBenoît Ganne1-1/+2
Thanks to Ben McKeegan <ben@netservers.co.uk> for the report. Type: fix Change-Id: I8170dda572c326b6b1823fd330dbd5e961fdad74 Signed-off-by: Benoît Ganne <bganne@cisco.com>
2021-10-13docs: convert plugins doc md->rstNathan Skrzypczak2-69/+99
Type: improvement Change-Id: I7e821cce1feae229e1be4baeed249b9cca658135 Signed-off-by: Nathan Skrzypczak <nathan.skrzypczak@gmail.com>
2021-10-04docs: plugin comment nitfixesNathan Skrzypczak1-3/+2
Type: improvement Change-Id: Ib7e2f5f314144064de7b6be0fade3db2f9c943fe Signed-off-by: Nathan Skrzypczak <nathan.skrzypczak@gmail.com>
2021-05-13tests: move test source to vpp/testDave Wallace2-1658/+0
- Generate copyright year and version instead of using hard-coded data Type: refactor Signed-off-by: Dave Wallace <dwallacelf@gmail.com> Change-Id: I6058f5025323b3aa483f5df4a2c4371e27b5914e
2021-03-30map: tune dump/details test for socket transportOle Troan1-1/+1
Type: fix Signed-off-by: Ole Troan <ot@cisco.com> Change-Id: Id3ad783a7b0321a8fa37b4e606c0c4551ca4edd4
2021-03-15tests: use socket transport instead of shared memoryOle Troan1-4/+5
Type: improvement Signed-off-by: Ole Troan <ot@cisco.com> Change-Id: I9e65c94a5a05047a5104e9361ea36eac77b40442 Signed-off-by: Ole Troan <ot@cisco.com>
2021-02-04api: Fold the empty pool check into the main macroNeale Ranns1-6/+0
Type: improvement the empty pool chekc is always required, so make it alwayd happen. Signed-off-by: Neale Ranns <neale@graphiant.com> Change-Id: I3879e752036a7dd49fff7e16dc6d9ea02563aa7a
2021-02-03vppapigen: Support an 'autoendian' keyword for message definitions inNeale Ranns2-3/+1
.api files Type: feature Make the auto-endian nature explicit, rather than hidden in the x_api.c file. Signed-off-by: Neale Ranns <neale@graphiant.com> Change-Id: Ibe647117ceeaf6f99a38a96576a5a41a3cbb1615
2020-12-14misc: refactor clib_bitmap_foreach macroDamjan Marion1-3/+3
Type: refactor Change-Id: I077110e1a422722e20aa546a6f3224c06ab0cde5 Signed-off-by: Damjan Marion <damarion@cisco.com>
2020-12-14misc: move to new pool_foreach macrosDamjan Marion2-9/+9
Type: refactor Change-Id: Ie67dc579e88132ddb1ee4a34cb69f96920101772 Signed-off-by: Damjan Marion <damarion@cisco.com>
2020-11-30map: add include guard to map.hPaul Vinciguerra1-0/+4
Type: fix Change-Id: I26c3640d9fe82d4cf22f19935eeca1411f9a1c3b Signed-off-by: Paul Vinciguerra <pvinci@vinciconsulting.com>
2020-11-25api: vat2 and json autogeneration for api messagesOle Troan1-1/+4
VAT2: A completely auto-generated replacement of VAT. Reads input message in JSON from stdin and outputs received messages in JSON. A VAT2 plugin is automatically built for a .api file. There no longer a need for a separate _test.c. Example: vat2 show_version {} { "_msgname": "show_version_reply", "retval": 0, "program": "vpe", "version": "21.01-rc0~411-gf6eb348a6", "build_date": "2020-11-19T09:49:25", "build_directory": "/vpp/autogen3" } vat2 sw_interface_dump '{"sw_if_index": -1, "name_filter_valid": 0, "name_filter": ""}' [{ "_msgname": "sw_interface_details", "sw_if_index": 0, "sup_sw_if_index": 0, "l2_address": "00:00:00:00:00:00", "flags": "Invalid ENUM", "type": "IF_API_TYPE_HARDWARE", "link_duplex": "LINK_DUPLEX_API_UNKNOWN", "link_speed": 0, "link_mtu": 0, "mtu": [0, 0, 0, 0], "sub_id": 0, "sub_number_of_tags": 0, "sub_outer_vlan_id": 0, "sub_inner_vlan_id": 0, "sub_if_flags": "Invalid ENUM", "vtr_op": 0, "vtr_push_dot1q": 0, "vtr_tag1": 0, "vtr_tag2": 0, "outer_tag": 0, "b_dmac": "00:00:00:00:00:00", "b_smac": "00:00:00:00:00:00", "b_vlanid": 0, "i_sid": 0, "interface_name": "local0", "interface_dev_type": "local", "tag": "" }] This is the first phase and vat2 is not integrated in packaging yet. Type: feature Signed-off-by: Ole Troan <ot@cisco.com> Change-Id: Ib45ddeafb180ea7da8c5dc274a9274d7a4edc876 Signed-off-by: Ole Troan <ot@cisco.com>
2020-10-13stats: counters data modelOle Troan6-68/+128
This adds a new data model for counters. Specifying the errors severity and unit. A later patch will update vpp_get_stats to take advantage of this. Only the map plugin is updates as an example. New .api language: A new "counters" keyword to define counter sets. counters map { none { severity info; type counter64; units "packets"; description "valid MAP packets"; }; bad_protocol { severity error; type counter64; units "packets"; description "bad protocol"; }; }; Each counter has 4 keywords. severity, which is one of error, info or warn. A type, which is one of counter64 or gauge64. units, which is a text field using units from YANG. paths { "/err/ip4-map" "map"; "/err/ip6-map" "map"; "/err/ip4-t-map" "map"; "/err/ip6-t-map" "map"; }; A new paths keyword that maps the counter-set to a path in the stats segment KV store. Updated VPP CLI to include severity so user can see error counter severity. DBGvpp# show errors Count Node Reason Severity 13 ethernet-input no error error Type: feature Signed-off-by: Ole Troan <ot@cisco.com> Change-Id: Ib2177543f49d4c3aef4d7fa72476cff2068f7771 Signed-off-by: Ole Troan <ot@cisco.com>
2020-09-16api: clean up use of deprecated flagOle Troan1-1/+1
The syntax of the deprecated flag has evolved. Clean up usage to be "option deprecated;". Type: fix Signed-off-by: Ole Troan <ot@cisco.com> Change-Id: If2b639f275eb8db58b36c457f9245fe35a4d8cb1
2020-09-01ip: fix ip zero checksum verificationBenoît Ganne1-1/+1
In one's complement, there are two representations of zero: the all zero and the all one bit values, often referred to as +0 and -0. See RFC 1624 section 3 for more details. This used to be taken care of in ip4_header_checksum(), but it is no longer the case. The check ip->checksum == ip4_header_checksum (ip) is no longer correct in the -0 case. Always use ip4_header_checksum_is_valid() instead (which behaves correctly since 9a79a1ab931c3b5a7ae07d6f0fcfef7c4368a2c4). Type: fix Fixes: e5f0050c7a5d411f96af6401797529d58825e2af Change-Id: Iacc6b60645a834287b085aecb9e3fdb4554cf0cf Signed-off-by: Benoît Ganne <bganne@cisco.com>
2020-07-16adl: move allow/deny list function to pluginDave Barach1-2/+2
Provide binary API compatibility support for the "cop" APIs until vpp 21.01. Change the deprecation date in map.api to vpp 21.01. Type: refactor Signed-off-by: Dave Barach <dave@barachs.net> Change-Id: I0e60d96de4ae9ae4448f134cf257934126f3b760
2020-05-27api: make vpp api handlers endian independentOle Troan1-4/+7
Add a new boolean to signal that the API infrastructure should performan any required endian conversions for the API handler. am->is_autoendian[mm->msg_id_base + VL_API_MAP_ADD_DOMAIN] = 1; Similarly add new REPLY_ macros that perform endian conversion. These changes do not change the on-the-wire encoding of the API messages, and therefore the API CRC is not changed. Type: feature Signed-off-by: Ole Troan <ot@cisco.com> Change-Id: I7588f8ccb38b2d1e8d85ea17be99bac43f756267 Signed-off-by: Ole Troan <ot@cisco.com>
2020-05-25api: add new stream message conventionOle Troan3-30/+122
Instead of having to wrap dump/detail calls in control ping, send details messages in between a normal reply / request pair. As expressed in the below service statement. Example: service { rpc map_domains_gets returns map_domains_get_reply stream map_domain_details; }; define map_domains_get { u32 client_index; u32 context; u32 cursor; }; define map_domains_get_reply { u32 context; i32 retval; u32 cursor; }; To avoid blocking the main thread for too long, the replies are now sent in client message queue size chunks. The reply message returns VNET_API_ERROR_EAGAIN when there is more to read. The API handler must also include a "cursor" that is used to the next call to the get function. API handler example: REPLY_AND_DETAILS_MACRO (VL_API_MAP_DOMAINS_GET_REPLY, mm->domains, ({ send_domain_details (cursor, rp, mp->context); })); The macro starts from cursor and iterates through the pool until vl_api_process_may_suspend() returns true or the iteration reaches the end of the list. Client Example: cursor = 0 d = [] while True: rv, details = map_domains_get(cursor=cursor) d += details if rv.retval == 0 or rv.retval != -165: break cursor = rv.cursor or the convenience iterator: for x in vpp.details_iter(vpp.api.map_domains_get): pass or list(details_iter(map_domains_get)) Change-Id: Iad9f6b41b0ef886adb584c97708dd91cf552749e Type: feature Signed-off-by: Ole Troan <ot@cisco.com>
2020-04-28tests: move defaults from defaultmapping to .api filesPaul Vinciguerra1-2/+2
facilitates use of papi beyond the tests. Type: improvement Change-Id: I3d502d9130b81a7fb65ee69bb06fe55802b28a27 Signed-off-by: Paul Vinciguerra <pvinci@vinciconsulting.com>
2020-03-25map: fix hop limit expiration at brVladimir Ratnikov2-2/+29
Before this patch, packet was dropped in ip4-input, but ip4-map-t node dropped response due to 'security check failed' This patch checkes if hop_limit==1 and sets error and next frame and sends icmp6 response correctly Type: fix Signed-off-by: Vladimir Ratnikov <vratnikov@netgate.com> Change-Id: I85a6af58205b05754ef8c45a94817bb84f915c85
2020-03-24map: fix translation of icmp6 error messagesAlexander Chernavin1-1/+80
Translation of ICMPv6 error messages to ICMP error messages fails because the sender port is not set that leads to securtiy check failure. With this commit, during ICMPv6 error messages translation, get the sender port value from the inner packet. Type: fix Change-Id: I1ee295a3685fab4837172edfb629a699f49afbee Signed-off-by: Alexander Chernavin <achernavin@netgate.com>
2020-03-15map: fix translation of icmp4 error messagesAlexander Chernavin2-6/+51
ICMP error messages are translated to ICMPv6 error messages with erroneous destination address in the outer IPv6 header because sender port is used instead of receiver port. Both source and destination addresses in the inner IPv6 header are translated erroneously because source and destination addresses of the inner IPv4 header are getting zeroed during the translation. With this commit, use receiver port for translation and save addresses of the inner IPv4 header before translation of the inner header. Type: fix Change-Id: I1e93d54c1bbc154b401adcbb0fb661299655d01a Signed-off-by: Alexander Chernavin <achernavin@netgate.com>
2020-03-04map: fix map port calculation for ICMPVladimir Isaev4-14/+78
type should be used to get ICMP type instead of code. Type: fix Signed-off-by: Vladimir Isaev <visaev@netgate.com> Change-Id: Iabf4ae38befde18309caff8efd9e1d956a2fde82
2020-02-26map: handle IPv6 extension headers for TCP/UDPVladimir Isaev1-2/+2
Without this patch offset for TCP/UDP headers was not calculated correctly if there is one or more IPv6 extension headers. Type: fix Signed-off-by: Vladimir Isaev <visaev@netgate.com> Change-Id: I04d6f5e42f8f072987192d6236085afbd74a4420
2020-02-20map: honor pre-resolve param in map-tAlexander Chernavin6-30/+154
With this commit, forward the translated packet directly to the specified next-hop if pre-resolve param is enabled in MAP-T. Type: fix Change-Id: Ie26080c7820318c7982599577a4af6e4d01a0574 Signed-off-by: Alexander Chernavin <achernavin@netgate.com>
2020-02-20map: honor icmp6-unreachables param in map-tAlexander Chernavin2-2/+47
With this commit, send ICMPv6 unreachable messages back if security check fails and icmp6-unreachables param enabled in MAP-T. Type: fix Change-Id: I9a8869df7763c764a1672e3faa1fde8dc13ec85a Signed-off-by: Alexander Chernavin <achernavin@netgate.com>
2020-02-04ip: translate fragmented icmp to fragmented icmp6Alexander Chernavin1-7/+32
The first translated ICMPv6 packet of a fragmented ICMP message does not have a IPv6 fragment header. All subsequent have. With this commit, add a IPv6 fragment header to the first translated ICMPv6 packet. Type: fix Change-Id: Id89409ce7273cbeed801e2e18a09d3e7c3c4e4bc Signed-off-by: Alexander Chernavin <achernavin@netgate.com>
2020-01-30map: Add several more MAP-T BR testsJon Loeliger1-8/+294
Add several more MAP-T BR tests for normal packet flow. Type: test Change-Id: Ica880dd23c923795279e9d08dca2796f2925069a Signed-off-by: Jon Loeliger <jdl@netgate.com>
2020-01-30map: Prevent IPv4 prefix spoofing during IPv6 -> IPv4Jon Loeliger2-2/+279
Prevent malicious packets with spoofed embedded IPv4 addresses by limiting the IPv6 ingress packets to known MAP-T domains. Drop spoofed packets. Add several tests that ensure spoofing isn't allowed. Type: fix Fixes: fc7344f9be Change-Id: I80a5dd10d5fe7492e3a1b04de389d649a78065e2 Signed-off-by: Jon Loeliger <jdl@netgate.com>
2020-01-30map: handle ip4 ttl=1 packets in map-tAlexander Chernavin3-10/+20
With this commit, ICMP Time Exceeded is sent to sender when TTL expires at MAP BR. Type: fix Change-Id: I8effe163beab32596883127b819308cc355512c3 Signed-off-by: Alexander Chernavin <achernavin@netgate.com>
2020-01-29tests: add map-t fragmentation verificationsAlexander Chernavin1-10/+36
Type: test Change-Id: I5522e88ee178d0563c246895393e835d125f1b81 Signed-off-by: Alexander Chernavin <achernavin@netgate.com>
2020-01-28map: ip4-map-t more RFC compliantVladimir Ratnikov1-8/+20
When MTU is not set, ignore_df and mtu check always returns true and packets are dropped. This patch puts MTU checks after it was compared with 0 and set to maximum if not set. Added trace node. If MTU is less than the total length value of the IPv4 packet plus 20, the translator MUST send an ICMPv4 "Fragmentation Needed" error message to the IPv4 source address Type: fix Fixes: 87663cdf644fb7c94c0fec9460829b7e4e7c35ca Signed-off-by: Vladimir Ratnikov <vratnikov@netgate.com> Change-Id: I35b99bc2648984cdbf5b6a57ddec91c586b15bef
2020-01-27map: api: fix tag overflow and leakBenoît Ganne2-4/+6
The 'tag' parameter is expected to be a NULL-terminated C-string in callees: - make sure it is null-terminated in both API and CLI cases - do not allocate & copy the string into a non-NULL-terminated vector in API case - fix leak in CLI case Type: fix Change-Id: I221a489a226240548cdeb5e3663bbfb94eee4600 Signed-off-by: Benoît Ganne <bganne@cisco.com>
2020-01-10docs: Edit FEATURE.yaml files so they can be publishedJohn DeNisco1-2/+2
Type: docs Signed-off-by: John DeNisco <jdenisco@cisco.com> Change-Id: I7280e5c5ad10a66c0787a5282291a2ef000bff5f
2020-01-03map: fix ip4-map-t DF behaviorVladimir Ratnikov1-11/+12
ip4_is_fragment(header) or ip4_is_first_fragment(header) didn't changed when packet with fragmentation needed arrives. This patch checks DF flag and MTU with packet length and if DF is set and length > MTU, packet is dropped. In case if ignore_df is set, DF flag makes no sense. Type: fix Fixes: d6d50cebde647f9a5ee7251a7fef977506f315d7 Signed-off-by: Vladimir Ratnikov <vratnikov@netgate.com> Change-Id: I720e25167c19a0b13ac5fdfb41b12c0bbdc00d09
2020-01-03nat: use SVRKlement Sekera2-17/+20
Remove NAT's implementation of shallow virtual reassembly with corresponding CLIs, APIs & tests. Replace with standalone shallow virtual reassembly provided by ipX-sv-reass* nodes. Type: refactor Change-Id: I7e6c7487a5a500d591f6871474a359e0993e59b6 Signed-off-by: Klement Sekera <ksekera@cisco.com>
2019-12-14tests: changes for scapy 2.4.3 migrationsnaramre1-1/+2
Type: fix Change-Id: I7e041b666dabd90df23a920a1f1d99db4c10ddfe Signed-off-by: snaramre <snaramre@cisco.com>
2019-12-07map: use explicit types in apiOle Troan1-2/+3
Type: fix Signed-off-by: Ole Troan <ot@cisco.com> Change-Id: I8f01f9e71c788fbca989d43d5b87da9c33fba0b1
2019-12-05map: fix MAP-T ip6 port checkMatthew Smith2-5/+60
Type: fix Ticket: VPP-1804 Fix a regression introduced by 640edcd90. The port set ID on received IPv6 packets for MAP-T was being checked against the destination port. It should be checked against the source port. Added a new unit test to verify that a v6 packet with a good source port is translated and forwarded and a v6 packet with a bad source port is dropped. The important part of the test which will prevent similar future regressions is that the source port and destination port are not equal. The existing unit test used the same source and destination port which is why it did not fail when the regression was introduced. Change-Id: Idc144ea509722bb9e0f80b3887d220384a04e6d6 Signed-off-by: Matthew Smith <mgsmith@netgate.com>
2019-12-04map: Fix a coverity MAP dead-code issue.Jon Loeliger1-3/+0
Type: fix Change-Id: I5467bbe3b25b1ea3fb44157abe6e7bfb3f191e77 Signed-off-by: Jon Loeliger <jdl@netgate.com>
2019-12-03map: Avoid null dereference in 'map show' and 'map del'Jon Loeliger1-12/+22
If a map domain is created without a tag name, inspecting the map data will segfault looking for an unset name in the so-called "domain extras" vector. Enhance "show map domain" to show all map domains. Type: fix Change-Id: Ic55662b84eec58221816da270b2ef9e89c3a31c3 Signed-off-by: Jon Loeliger <jdl@netgate.com>
2019-11-26map: Fix inverted 'map security check enable' CLI flag.Jon Loeliger1-2/+2
Type: fix Fixes: 5a2e278a09726be627b8310e03f0522d60aafedf Change-Id: Ibdc2f0be44e382bfa4a8f3e16be8d6239d7a0ec1 Signed-off-by: Jon Loeliger <jdl@netgate.com>
2019-11-19map: fix coverity issue 205684Andrew Yourtchenko1-2/+2
ip4_map_get_domain returns d0 = 0 in case of no domain, and sets error MAP_ERROR_NO_DOMAIN. Rearrange the clauses in the logical check that relies on dereferencing d0 such that boolean shortcutting takes care of not referencing the null pointer. Change-Id: I378adc120836ea920fc530808ac3c1f98ab8d593 Type: fix Signed-off-by: Andrew Yourtchenko <ayourtch@gmail.com>
2019-11-19map: Fix TCP MSS clamping for MAP-E traffic.Jon Loeliger2-2/+84
Original MSS clamp patch by Vladimir Ratnikov. Modified to apply only to TCP packets. Type: fix Test: Wrote new unit test to ensure MAP-E TCP MSS clamping. Change-Id: I77c69714a2e3cc3b7473aa12b645243bb595c2a2 Signed-off-by: Vladimir Ratnikov <vratnikov@netgate.com> Signed-off-by: Jon Loeliger <jdl@netgate.com>
2019-11-15tests: Remove the unrequired VPP IP address/prefix class wrappersNeale Ranns1-1/+0
Type: refactor Change-Id: I204f3f8eebc5f5d5a377e91262f91c615fd00168 Signed-off-by: Neale Ranns <nranns@cisco.com>