Age | Commit message (Collapse) | Author | Files | Lines |
|
This patch adds some fixes and improvements:
Fixes bug where save_rewrite_length gets overwritten on reassembly
handoff.
Fixes bug where duplicate fragments could cause a reassembly context
to be lost, because the race losing thread would remove bihash entry
created by winning thread.
Improves tracing by adding more events.
Adds extended shallow reassembly. This is a toggleable option, which if
turned on will cause reassembly to wait for both first and last
fragments to calculate total IP payload length. Furthermore it'll store
a local copy of first fragment and necessary data to retrieve it in
vnet_buffer2. This allows downstream features to access full L3/L4
headers when dealing with fragments.
Type: fix
Change-Id: I81695070533410c5815291dbc65ea71c87e3ae05
Signed-off-by: Klement Sekera <klement.sekera@gmail.com>
|
|
Update to the MAP rule lookup (in IPv6) based on the rule's source
prefix instead of DMR
Type: improvement
Per RFC, the DMR is allowed to serve multiple MAP Basic Mapping Rules, but this
capability was prevented by the above logic.
Updates to the code include populating a new hash table based on the MAP rule
ip6 prefix and length, changing several functions to reference this new table,
and slight alterations to a few functions regarding pre-lookup bitmasking.
All changes are commented with [dgeist] and are in need of peer review,
especially the bitmask alterations.
An attempt was made at generating an additonal MAP rule in the test_map_br test
harness, but the coding appears very much oriented towards testing just one
rule. I would appreciate suggestions on how to test multi-rule cases.
Issue: VPP-2111
Change-Id: Id1fea280eba625e23cd893575d9b63aac7f48405
Signed-off-by: Dan Geist <dan@polter.net>
|
|
Type: refactor
Change-Id: I5235bf3e9aff58af6ba2c14e8c6529c4fc9ec86c
Signed-off-by: Damjan Marion <damarion@cisco.com>
|
|
- Package update performed by
1. updating pip, pip-tools, setuptools
2. 'make test-refresh-deps' on ubuntu 22.04
3. fixing 'make test' and 'make docs' issues
on ubuntu 22.04
4. 'make test-refresh-deps' on ubuntu 20.04
- Add dependency for 'make test-refresh-deps'
to insure python venv is set up.
- Update of python formatter, black,
caused reformating of 41 python code
files.
Type: make
Change-Id: I7cafdf4b5189065ac57cb6b254937f6e0897a924
Signed-off-by: Dave Wallace <dwallacelf@gmail.com>
|
|
Drop pycodestyle for code style checking in favor of black. Black is
much faster, stable PEP8 compliant code style checker offering also
automatic formatting. It aims to be very stable and produce smallest
diffs. It's used by many small and big projects.
Running checkstyle with black takes a few seconds with a terse output.
Thus, test-checkstyle-diff is no longer necessary.
Expand scope of checkstyle to all python files in the repo, replacing
test-checkstyle with checkstyle-python.
Also, fixstyle-python is now available for automatic style formatting.
Note: python virtualenv has been consolidated in test/Makefile,
test/requirements*.txt which will eventually be moved to a central
location. This is required to simply the automated generation of
docker executor images in the CI.
Type: improvement
Change-Id: I022a326603485f58585e879ac0f697fceefbc9c8
Signed-off-by: Klement Sekera <klement.sekera@gmail.com>
Signed-off-by: Dave Wallace <dwallacelf@gmail.com>
|
|
Thanks to Ben McKeegan <ben@netservers.co.uk> for the report.
Type: fix
Change-Id: I8170dda572c326b6b1823fd330dbd5e961fdad74
Signed-off-by: Benoît Ganne <bganne@cisco.com>
|
|
Type: improvement
Change-Id: I7e821cce1feae229e1be4baeed249b9cca658135
Signed-off-by: Nathan Skrzypczak <nathan.skrzypczak@gmail.com>
|
|
Type: improvement
Change-Id: Ib7e2f5f314144064de7b6be0fade3db2f9c943fe
Signed-off-by: Nathan Skrzypczak <nathan.skrzypczak@gmail.com>
|
|
- Generate copyright year and version
instead of using hard-coded data
Type: refactor
Signed-off-by: Dave Wallace <dwallacelf@gmail.com>
Change-Id: I6058f5025323b3aa483f5df4a2c4371e27b5914e
|
|
Type: fix
Signed-off-by: Ole Troan <ot@cisco.com>
Change-Id: Id3ad783a7b0321a8fa37b4e606c0c4551ca4edd4
|
|
Type: improvement
Signed-off-by: Ole Troan <ot@cisco.com>
Change-Id: I9e65c94a5a05047a5104e9361ea36eac77b40442
Signed-off-by: Ole Troan <ot@cisco.com>
|
|
Type: improvement
the empty pool chekc is always required, so make it alwayd happen.
Signed-off-by: Neale Ranns <neale@graphiant.com>
Change-Id: I3879e752036a7dd49fff7e16dc6d9ea02563aa7a
|
|
.api files
Type: feature
Make the auto-endian nature explicit, rather than hidden in the x_api.c
file.
Signed-off-by: Neale Ranns <neale@graphiant.com>
Change-Id: Ibe647117ceeaf6f99a38a96576a5a41a3cbb1615
|
|
Type: refactor
Change-Id: I077110e1a422722e20aa546a6f3224c06ab0cde5
Signed-off-by: Damjan Marion <damarion@cisco.com>
|
|
Type: refactor
Change-Id: Ie67dc579e88132ddb1ee4a34cb69f96920101772
Signed-off-by: Damjan Marion <damarion@cisco.com>
|
|
Type: fix
Change-Id: I26c3640d9fe82d4cf22f19935eeca1411f9a1c3b
Signed-off-by: Paul Vinciguerra <pvinci@vinciconsulting.com>
|
|
VAT2: A completely auto-generated replacement of VAT.
Reads input message in JSON from stdin and outputs received messages in JSON.
A VAT2 plugin is automatically built for a .api file.
There no longer a need for a separate _test.c.
Example:
vat2 show_version {}
{
"_msgname": "show_version_reply",
"retval": 0,
"program": "vpe",
"version": "21.01-rc0~411-gf6eb348a6",
"build_date": "2020-11-19T09:49:25",
"build_directory": "/vpp/autogen3"
}
vat2 sw_interface_dump '{"sw_if_index": -1,
"name_filter_valid": 0,
"name_filter": ""}'
[{
"_msgname": "sw_interface_details",
"sw_if_index": 0,
"sup_sw_if_index": 0,
"l2_address": "00:00:00:00:00:00",
"flags": "Invalid ENUM",
"type": "IF_API_TYPE_HARDWARE",
"link_duplex": "LINK_DUPLEX_API_UNKNOWN",
"link_speed": 0,
"link_mtu": 0,
"mtu": [0, 0, 0, 0],
"sub_id": 0,
"sub_number_of_tags": 0,
"sub_outer_vlan_id": 0,
"sub_inner_vlan_id": 0,
"sub_if_flags": "Invalid ENUM",
"vtr_op": 0,
"vtr_push_dot1q": 0,
"vtr_tag1": 0,
"vtr_tag2": 0,
"outer_tag": 0,
"b_dmac": "00:00:00:00:00:00",
"b_smac": "00:00:00:00:00:00",
"b_vlanid": 0,
"i_sid": 0,
"interface_name": "local0",
"interface_dev_type": "local",
"tag": ""
}]
This is the first phase and vat2 is not integrated in packaging yet.
Type: feature
Signed-off-by: Ole Troan <ot@cisco.com>
Change-Id: Ib45ddeafb180ea7da8c5dc274a9274d7a4edc876
Signed-off-by: Ole Troan <ot@cisco.com>
|
|
This adds a new data model for counters.
Specifying the errors severity and unit.
A later patch will update vpp_get_stats to take advantage of this.
Only the map plugin is updates as an example.
New .api language:
A new "counters" keyword to define counter sets.
counters map {
none {
severity info;
type counter64;
units "packets";
description "valid MAP packets";
};
bad_protocol {
severity error;
type counter64;
units "packets";
description "bad protocol";
};
};
Each counter has 4 keywords. severity, which is one of error, info or warn.
A type, which is one of counter64 or gauge64.
units, which is a text field using units from YANG.
paths {
"/err/ip4-map" "map";
"/err/ip6-map" "map";
"/err/ip4-t-map" "map";
"/err/ip6-t-map" "map";
};
A new paths keyword that maps the counter-set to a path in the stats segment KV store.
Updated VPP CLI to include severity so user can see error counter severity.
DBGvpp# show errors
Count Node Reason Severity
13 ethernet-input no error error
Type: feature
Signed-off-by: Ole Troan <ot@cisco.com>
Change-Id: Ib2177543f49d4c3aef4d7fa72476cff2068f7771
Signed-off-by: Ole Troan <ot@cisco.com>
|
|
The syntax of the deprecated flag has evolved.
Clean up usage to be "option deprecated;".
Type: fix
Signed-off-by: Ole Troan <ot@cisco.com>
Change-Id: If2b639f275eb8db58b36c457f9245fe35a4d8cb1
|
|
In one's complement, there are two representations of zero: the all
zero and the all one bit values, often referred to as +0 and -0. See
RFC 1624 section 3 for more details.
This used to be taken care of in ip4_header_checksum(), but it is no
longer the case. The check ip->checksum == ip4_header_checksum (ip) is
no longer correct in the -0 case.
Always use ip4_header_checksum_is_valid() instead (which behaves
correctly since 9a79a1ab931c3b5a7ae07d6f0fcfef7c4368a2c4).
Type: fix
Fixes: e5f0050c7a5d411f96af6401797529d58825e2af
Change-Id: Iacc6b60645a834287b085aecb9e3fdb4554cf0cf
Signed-off-by: Benoît Ganne <bganne@cisco.com>
|
|
Provide binary API compatibility support for the "cop" APIs until vpp
21.01.
Change the deprecation date in map.api to vpp 21.01.
Type: refactor
Signed-off-by: Dave Barach <dave@barachs.net>
Change-Id: I0e60d96de4ae9ae4448f134cf257934126f3b760
|
|
Add a new boolean to signal that the API infrastructure should performan any required
endian conversions for the API handler.
am->is_autoendian[mm->msg_id_base + VL_API_MAP_ADD_DOMAIN] = 1;
Similarly add new REPLY_ macros that perform endian conversion.
These changes do not change the on-the-wire encoding of the API messages, and therefore the API CRC is not changed.
Type: feature
Signed-off-by: Ole Troan <ot@cisco.com>
Change-Id: I7588f8ccb38b2d1e8d85ea17be99bac43f756267
Signed-off-by: Ole Troan <ot@cisco.com>
|
|
Instead of having to wrap dump/detail calls in control ping, send details messages in between a normal
reply / request pair. As expressed in the below service statement.
Example:
service {
rpc map_domains_gets returns map_domains_get_reply
stream map_domain_details;
};
define map_domains_get
{
u32 client_index;
u32 context;
u32 cursor;
};
define map_domains_get_reply
{
u32 context;
i32 retval;
u32 cursor;
};
To avoid blocking the main thread for too long, the replies are now sent in client message queue size
chunks. The reply message returns VNET_API_ERROR_EAGAIN when there is more to read.
The API handler must also include a "cursor" that is used to the next call to the get function.
API handler example:
REPLY_AND_DETAILS_MACRO (VL_API_MAP_DOMAINS_GET_REPLY, mm->domains,
({
send_domain_details (cursor, rp, mp->context);
}));
The macro starts from cursor and iterates through the pool
until vl_api_process_may_suspend() returns true or the iteration
reaches the end of the list.
Client Example:
cursor = 0
d = []
while True:
rv, details = map_domains_get(cursor=cursor)
d += details
if rv.retval == 0 or rv.retval != -165:
break
cursor = rv.cursor
or the convenience iterator:
for x in vpp.details_iter(vpp.api.map_domains_get):
pass
or
list(details_iter(map_domains_get))
Change-Id: Iad9f6b41b0ef886adb584c97708dd91cf552749e
Type: feature
Signed-off-by: Ole Troan <ot@cisco.com>
|
|
facilitates use of papi beyond the tests.
Type: improvement
Change-Id: I3d502d9130b81a7fb65ee69bb06fe55802b28a27
Signed-off-by: Paul Vinciguerra <pvinci@vinciconsulting.com>
|
|
Before this patch, packet was dropped in ip4-input,
but ip4-map-t node dropped response due to
'security check failed'
This patch checkes if hop_limit==1 and sets error
and next frame and sends icmp6 response correctly
Type: fix
Signed-off-by: Vladimir Ratnikov <vratnikov@netgate.com>
Change-Id: I85a6af58205b05754ef8c45a94817bb84f915c85
|
|
Translation of ICMPv6 error messages to ICMP error messages fails
because the sender port is not set that leads to securtiy check
failure.
With this commit, during ICMPv6 error messages translation, get the
sender port value from the inner packet.
Type: fix
Change-Id: I1ee295a3685fab4837172edfb629a699f49afbee
Signed-off-by: Alexander Chernavin <achernavin@netgate.com>
|
|
ICMP error messages are translated to ICMPv6 error messages with
erroneous destination address in the outer IPv6 header because sender
port is used instead of receiver port.
Both source and destination addresses in the inner IPv6 header are
translated erroneously because source and destination addresses of the
inner IPv4 header are getting zeroed during the translation.
With this commit, use receiver port for translation and save addresses
of the inner IPv4 header before translation of the inner header.
Type: fix
Change-Id: I1e93d54c1bbc154b401adcbb0fb661299655d01a
Signed-off-by: Alexander Chernavin <achernavin@netgate.com>
|
|
type should be used to get ICMP type instead of code.
Type: fix
Signed-off-by: Vladimir Isaev <visaev@netgate.com>
Change-Id: Iabf4ae38befde18309caff8efd9e1d956a2fde82
|
|
Without this patch offset for TCP/UDP headers was not calculated
correctly if there is one or more IPv6 extension headers.
Type: fix
Signed-off-by: Vladimir Isaev <visaev@netgate.com>
Change-Id: I04d6f5e42f8f072987192d6236085afbd74a4420
|
|
With this commit, forward the translated packet directly to the
specified next-hop if pre-resolve param is enabled in MAP-T.
Type: fix
Change-Id: Ie26080c7820318c7982599577a4af6e4d01a0574
Signed-off-by: Alexander Chernavin <achernavin@netgate.com>
|
|
With this commit, send ICMPv6 unreachable messages back if security
check fails and icmp6-unreachables param enabled in MAP-T.
Type: fix
Change-Id: I9a8869df7763c764a1672e3faa1fde8dc13ec85a
Signed-off-by: Alexander Chernavin <achernavin@netgate.com>
|
|
The first translated ICMPv6 packet of a fragmented ICMP message does
not have a IPv6 fragment header. All subsequent have.
With this commit, add a IPv6 fragment header to the first translated
ICMPv6 packet.
Type: fix
Change-Id: Id89409ce7273cbeed801e2e18a09d3e7c3c4e4bc
Signed-off-by: Alexander Chernavin <achernavin@netgate.com>
|
|
Add several more MAP-T BR tests for normal packet flow.
Type: test
Change-Id: Ica880dd23c923795279e9d08dca2796f2925069a
Signed-off-by: Jon Loeliger <jdl@netgate.com>
|
|
Prevent malicious packets with spoofed embedded IPv4 addresses
by limiting the IPv6 ingress packets to known MAP-T domains.
Drop spoofed packets.
Add several tests that ensure spoofing isn't allowed.
Type: fix
Fixes: fc7344f9be
Change-Id: I80a5dd10d5fe7492e3a1b04de389d649a78065e2
Signed-off-by: Jon Loeliger <jdl@netgate.com>
|
|
With this commit, ICMP Time Exceeded is sent to sender when TTL
expires at MAP BR.
Type: fix
Change-Id: I8effe163beab32596883127b819308cc355512c3
Signed-off-by: Alexander Chernavin <achernavin@netgate.com>
|
|
Type: test
Change-Id: I5522e88ee178d0563c246895393e835d125f1b81
Signed-off-by: Alexander Chernavin <achernavin@netgate.com>
|
|
When MTU is not set, ignore_df and mtu check
always returns true and packets are dropped.
This patch puts MTU checks after it was
compared with 0 and set to maximum if not set.
Added trace node.
If MTU is less than the total length value of
the IPv4 packet plus 20, the translator MUST
send an ICMPv4 "Fragmentation Needed" error message
to the IPv4 source address
Type: fix
Fixes: 87663cdf644fb7c94c0fec9460829b7e4e7c35ca
Signed-off-by: Vladimir Ratnikov <vratnikov@netgate.com>
Change-Id: I35b99bc2648984cdbf5b6a57ddec91c586b15bef
|
|
The 'tag' parameter is expected to be a NULL-terminated C-string in
callees:
- make sure it is null-terminated in both API and CLI cases
- do not allocate & copy the string into a non-NULL-terminated vector
in API case
- fix leak in CLI case
Type: fix
Change-Id: I221a489a226240548cdeb5e3663bbfb94eee4600
Signed-off-by: Benoît Ganne <bganne@cisco.com>
|
|
Type: docs
Signed-off-by: John DeNisco <jdenisco@cisco.com>
Change-Id: I7280e5c5ad10a66c0787a5282291a2ef000bff5f
|
|
ip4_is_fragment(header)
or ip4_is_first_fragment(header) didn't changed
when packet with fragmentation needed arrives.
This patch checks DF flag and MTU with packet
length and if DF is set and length > MTU, packet
is dropped. In case if ignore_df is set, DF flag
makes no sense.
Type: fix
Fixes: d6d50cebde647f9a5ee7251a7fef977506f315d7
Signed-off-by: Vladimir Ratnikov <vratnikov@netgate.com>
Change-Id: I720e25167c19a0b13ac5fdfb41b12c0bbdc00d09
|
|
Remove NAT's implementation of shallow virtual reassembly with
corresponding CLIs, APIs & tests. Replace with standalone shallow
virtual reassembly provided by ipX-sv-reass* nodes.
Type: refactor
Change-Id: I7e6c7487a5a500d591f6871474a359e0993e59b6
Signed-off-by: Klement Sekera <ksekera@cisco.com>
|
|
Type: fix
Change-Id: I7e041b666dabd90df23a920a1f1d99db4c10ddfe
Signed-off-by: snaramre <snaramre@cisco.com>
|
|
Type: fix
Signed-off-by: Ole Troan <ot@cisco.com>
Change-Id: I8f01f9e71c788fbca989d43d5b87da9c33fba0b1
|
|
Type: fix
Ticket: VPP-1804
Fix a regression introduced by 640edcd90.
The port set ID on received IPv6 packets for MAP-T was being
checked against the destination port. It should be checked
against the source port.
Added a new unit test to verify that a v6 packet with a good
source port is translated and forwarded and a v6 packet with
a bad source port is dropped. The important part of the test
which will prevent similar future regressions is that the
source port and destination port are not equal. The existing
unit test used the same source and destination port which is
why it did not fail when the regression was introduced.
Change-Id: Idc144ea509722bb9e0f80b3887d220384a04e6d6
Signed-off-by: Matthew Smith <mgsmith@netgate.com>
|
|
Type: fix
Change-Id: I5467bbe3b25b1ea3fb44157abe6e7bfb3f191e77
Signed-off-by: Jon Loeliger <jdl@netgate.com>
|
|
If a map domain is created without a tag name, inspecting
the map data will segfault looking for an unset name in
the so-called "domain extras" vector.
Enhance "show map domain" to show all map domains.
Type: fix
Change-Id: Ic55662b84eec58221816da270b2ef9e89c3a31c3
Signed-off-by: Jon Loeliger <jdl@netgate.com>
|
|
Type: fix
Fixes: 5a2e278a09726be627b8310e03f0522d60aafedf
Change-Id: Ibdc2f0be44e382bfa4a8f3e16be8d6239d7a0ec1
Signed-off-by: Jon Loeliger <jdl@netgate.com>
|
|
ip4_map_get_domain returns d0 = 0 in case of no domain,
and sets error MAP_ERROR_NO_DOMAIN. Rearrange the clauses
in the logical check that relies on dereferencing d0
such that boolean shortcutting takes care of not
referencing the null pointer.
Change-Id: I378adc120836ea920fc530808ac3c1f98ab8d593
Type: fix
Signed-off-by: Andrew Yourtchenko <ayourtch@gmail.com>
|
|
Original MSS clamp patch by Vladimir Ratnikov.
Modified to apply only to TCP packets.
Type: fix
Test: Wrote new unit test to ensure MAP-E TCP MSS clamping.
Change-Id: I77c69714a2e3cc3b7473aa12b645243bb595c2a2
Signed-off-by: Vladimir Ratnikov <vratnikov@netgate.com>
Signed-off-by: Jon Loeliger <jdl@netgate.com>
|
|
Type: refactor
Change-Id: I204f3f8eebc5f5d5a377e91262f91c615fd00168
Signed-off-by: Neale Ranns <nranns@cisco.com>
|