summaryrefslogtreecommitdiffstats
path: root/src/vnet/adj
AgeCommit message (Collapse)AuthorFilesLines
2024-04-09fib: fix off-by-one error in rewrite length checkBenoît Ganne1-2/+2
The rewrite string can be up to max_size, and max_size can be up to VNET_REWRITE_TOTAL_BYTES. Don't waste the last byte. Type: fix Change-Id: I2fb7e9873b6b4c1e6a55b172c7f753f3c5910802 Signed-off-by: Benoît Ganne <bganne@cisco.com>
2024-04-02fib: coverity 335348 out-of-bounds accessDave Wallace1-2/+6
- also fix memory leak in adj_glean_walk_proto() Type: fix Change-Id: I3cd72b14506e6bfc9d8d77a65d7b9b2703992367 Signed-off-by: Dave Wallace <dwallacelf@gmail.com>
2024-03-21ip: add support for buffer offload metadata in ip midchainArthur de Kerhor1-14/+28
The offload should be handled by gso node or by the NIC if the latter has the relevant capabilities. But ip midchain is missing the support for buffer offload metadata in case of GSO packet. This patch adds the relevant support to add the buffer metadata if the packet is GSO/IPIP to be handled accordingly. Type: improvement Change-Id: I17f5d71bf4c5f43a85ca3f2fbebfa1426b42ef69 Signed-off-by: Arthur de Kerhor <arthurdekerhor@gmail.com> Signed-off-by: Mohsin Kazmi <sykazmi@cisco.com>
2024-03-12misc: remove GNU Indent directivesDamjan Marion3-6/+0
Type: refactor Change-Id: I5235bf3e9aff58af6ba2c14e8c6529c4fc9ec86c Signed-off-by: Damjan Marion <damarion@cisco.com>
2023-06-23fib: walk over adj glean per tableStanislav Zaikin1-24/+33
Type: fix Signed-off-by: Stanislav Zaikin <stanislav.zaikin@46labs.com> Change-Id: I07f54bb643c24b1839a2d0e93acc593d13a43fed
2023-02-02fib: keep AddressSanitizer happyBenoît Ganne1-3/+2
adj_delegate_remove() makes 'ad' invalid, invalidate it only after its use. Type: fix Change-Id: I6908d3dd2962ebd3fdf37e946cb19dae727bda09 Signed-off-by: Benoît Ganne <bganne@cisco.com>
2022-10-05fib: only invoke adj delegate create callback on mcast adj createPeter Morrow1-2/+2
adj_delegate_adj_created() is incorrectly called when an existing adj is found and returned. This can lead to crashes in some cases in the pmtu delegate: (gdb) bt 0 0x00007f2aa8fc9ce1 in raise () from /lib/x86_64-linux-gnu/libc.so.6 1 0x00007f2aa8fb3537 in abort () from /lib/x86_64-linux-gnu/libc.so.6 2 0x0000564361b5403a in os_exit (code=code@entry=1) at ./src/vpp/vnet/main.c:437 3 0x00007f2aa9271a3e in unix_signal_handler (signum=11, si=<optimized out>, uc=<optimized out>) at ./src/vlib/unix/main.c:188 4 <signal handler called> 5 0x00007f2aa9970d5a in fib_table_get_table_id_for_sw_if_index (proto=FIB_PROTOCOL_IP4, sw_if_index=<optimized out>) at ./src/vnet/fib/fib_table.c:1156 6 0x00007f2aa964aebf in ip_pmtu_adj_delegate_adj_created (ai=8) at ./src/vnet/ip/ip_path_mtu.c:197 7 0x00007f2aa9993ee5 in adj_delegate_adj_created (ai=ai@entry=8) at ./src/vnet/adj/adj_delegate.c:166 8 0x00007f2aa998dbde in adj_mcast_add_or_lock (proto=proto@entry=FIB_PROTOCOL_IP6, link_type=link_type@entry=VNET_LINK_IP6, sw_if_index=sw_if_index@entry=7) at ./src/vnet/adj/adj_mcast.c:95 9 0x00007f2aa95c7b3e in ip6_link_enable (sw_if_index=7, link_local_addr=link_local_addr@entry=0x0) at ./src/vnet/ip/ip6_link.c:217 10 0x00007f2aa9621587 in vl_api_sw_interface_ip_enable_disable_t_handler (mp=0x7f2a4fa5ad10) at ./src/vnet/ip/ip_api.c:108 11 0x00007f2aaa3b7e44 in msg_handler_internal (free_it=0, do_it=1, trace_it=<optimized out>, msg_len=<optimized out>, the_msg=0x7f2a4fa5ad10, am=0x7f2aaa3cc020 <api_global_main>) at ./src/vlibapi/api_shared.c:593 12 vl_msg_api_handler_no_free (the_msg=0x7f2a4fa5ad10, msg_len=<optimized out>) at ./src/vlibapi/api_shared.c:810 13 0x00007f2aaa3a1702 in vl_socket_process_api_msg (rp=<optimized out>, input_v=<optimized out>) at ./src/vlibmemory/socket_api.c:208 14 0x00007f2aaa3a95d8 in vl_api_clnt_process (vm=<optimized out>, node=<optimized out>, f=<optimized out>) at ./src/vlibmemory/memclnt_api.c:429 15 0x00007f2aa9226f37 in vlib_process_bootstrap (_a=<optimized out>) at ./src/vlib/main.c:1235 16 0x00007f2aa91824a8 in clib_calljmp () at /builds/graphiant/graphnos/vpp/debian/output/source_dir/src/vppinfra/longjmp.S:123 17 0x00007f2a47cf5d60 in ?? () 18 0x00007f2aa922853f in vlib_process_startup (f=0x0, p=0x7f2a494dc000, vm=0x7f2a489ed680) at ./src/vlib/main.c:1260 19 dispatch_process (vm=0x7f2a489ed680, p=0x7f2a494dc000, last_time_stamp=<optimized out>, f=0x0) at ./src/vlib/main.c:1316 20 0x0000000000000000 in ?? () (gdb) Type: fix Change-Id: I2d3c041e0be8284471771c7882c89f743baab0e5 Signed-off-by: Peter Morrow <pdmorrow@gmail.com>
2022-08-17fib: support "midchain delegate" removalAlexander Chernavin2-0/+31
Type: improvement Currently, once an adjacency is stacked on a FIB entry via adj_midchain_delegate_stack(), "midchain delegate" is created for the adjacency and the FIB index is stored there. And all further calls to adj_midchain_delegate_stack() even passing another FIB index will cause the function to still use the stored one. In other words, there is currently no way to stack an adjacency on another FIB index if "midchain delegate" already exists for it. Being able to stack on another FIB index is needed for the wireguard plugin. As per the protocol, peers can roam between different external endpoints. When an authenticated packet is received and it was sent from a different endpoint than currently stored, the endpoint needs to be updated and all futher communication needs to happen with that endpoint. Thus, the corresponding to that peer adjacencies need to be stacked on the FIB entry that corresponds to the new endpoint. With this change, add adj_midchain_delegate_remove() that removes "midchain delegate". When stacking on another FIB entry is needed, existing "midchain delegate" can be removed and then, a new one created with a new FIB index via adj_midchain_delegate_stack(). Signed-off-by: Alexander Chernavin <achernavin@netgate.com> Change-Id: Ibc1c99b248a5ef8ef64867f39f494fab627a1741
2022-03-22fib: refetech the adj after the walk in case the pool realloc'dVladislav Grishenko1-3/+15
Follow e3aeb38fa82b77ae84643f5140d9674056b6b5ca Type: fix Signed-off-by: Vladislav Grishenko <themiron@yandex-team.ru> Change-Id: I743911cacc026af5da392d26eaf47ab83ea1de99
2022-03-18vppinfra: refactor *_will_expand() functionsDamjan Marion1-3/+1
Type: refactor Change-Id: I3625eacf9e04542ca8778df5d46075a8654642c7 Signed-off-by: Damjan Marion <damarion@cisco.com>
2022-02-22fib: fix adj_get crashRajith P R1-1/+1
adj_get() crashed in worker thread. The index is valid but was freed. 0x00007fba5fb07921 in __GI_abort () at abort.c:79 0x00007fba528de7c3 in os_panic () at /development/libvpp/src/vpp/vnet/main.c:618 0x00007fba506f2a19 in debugger () at /development/libvpp/src/vppinfra/error.c:84 0x00007fba506f2797 in _clib_error (how_to_die=2, function_name=0x0, line_number=0, fmt=0x7fba521cecd9 "%s:%d (%s) assertion `%s' fails") at /development/libvpp/src/vppinfra/error.c:143 0x00007fba51d88254 in adj_get (adj_index=79) at /development/libvpp/src/vnet/adj/adj.h:472 0x00007fba51d87642 in icmp6_neighbor_solicitation_or_advertisement (vm=0x7fb9f19a0580, node=0x7fb9bb820340, frame=0x7fb9b718bc40, is_solicitation=0) at /development/libvpp/src/vnet/ip6-nd/ip6_nd.c:134 0x00007fba51d8f479 in icmp6_neighbor_advertisement (vm=0x7fb9f19a0580, node=0x7fb9bb820340, frame=0x7fb9b718bc40) at /development/libvpp/src/vnet/ip6-nd/ip6_nd.c:348 Type: fix Signed-off-by: Rajith P R <rajith@rtbrick.com> Change-Id: Ibe29854137ee9680f7947450eb7e256b8c0ade31
2022-02-18fib: Use the VLIB logger for adjacency debuggingNeale Ranns2-13/+13
Type: improvement remove the [un]lock logs, they are not useful. Signed-off-by: Neale Ranns <neale@graphiant.com> Change-Id: I903d3088b8ed9831f931208aeb6b6862a945550c
2022-02-16fib: Use the same adjacency that BFD is usingNeale Ranns1-29/+22
Type: improvement When the adj subsystem is notified of a BFD session, it attempts to find the appropriate adjacency from the session's key. This could lead to a mismatch between the adj used by BFD and that of FIB. The BFD session stores the adj it is using, so FIB uses that instead. Since adj is now using the same adj as BFD, it does not need to maintain its own locks. In BFD it is necessary to initialise the adj index used in INVALID and ensure it is not unlock before listeners are notified of the session delete. Signed-off-by: Neale Ranns <neale@graphiant.com> Change-Id: I9630867b10bb18969475299a0c754942a8df0f44
2021-12-31fib: Refetech the adj after the walk in case the pool realloc'dNeale Ranns1-1/+1
Type: fix Signed-off-by: Neale Ranns <neale@graphiant.com> Change-Id: I8734c72cf15533d6614fbeb53b95c824dbd251a9
2021-11-19fib: Don't use [midchain] adjacencies to change an interface's feature arcNeale Ranns5-90/+81
Type: fix Using the adjacency to modify the interface's feature arc doesn't work, since there are potentially more than one adj per-interface. Instead have the interface, when it is created, register what the end node of the feature arc is. This end node is then also used as the interface's tx node (i.e. it is used as the adjacency's next-node). rename adj-midhcain-tx as 'tunnel-output', that's a bit more intuitive. There's also a fix in config string handling to: 1- prevent false sharing of strings when the end node of the arc is different. 2- call registered listeners when the end node is changed For IPSec the consequences are that one cannot provide per-adjacency behaviour using different end-nodes - this was previously done for the no-SA and an SA with no protection. These cases are no handled in the esp-encrypt node. Signed-off-by: Neale Ranns <neale@graphiant.com> Change-Id: If3a83d03a3000f28820d9a9cb4101d244803d084
2021-11-15fib: re-evaluate the import/export state of a prefix.Neale Ranns1-1/+59
Type: fix re-evaluate the import/export state of a prefix when the interface it is attached to rebinds to a different table. Only attached routes have import/export requirements, so we can back walk from the glean adjacency when the interface rebinds tables. There are two cases to consider. 1. the rebind may change the prefix from/to import 2. the import VRF may change Signed-off-by: Neale Ranns <neale@graphiant.com> Change-Id: I25b6af43b3b2d8f701dfbe7a08710dc56b3f5778
2021-11-02fib: allow vnet rewrite max size to be smaller the pre_dataBenoît Ganne1-2/+2
There is no reason to enforce vnet rewrite size to be equal to pre_data. Moreover, since vnet rewrite size is now saved as u8, this limits pre_data to 192 bytes. Type: fix Fixes: 7dbf9a1a4fff5c3b20ad972289e49e3f88e82f2d Change-Id: I3f848aa905ea4a794f3b4aa62c929a481261a3f1 Signed-off-by: Benoît Ganne <bganne@cisco.com>
2021-10-06docs: vnet comment nitfixesNathan Skrzypczak1-1/+1
Type: improvement Change-Id: Iac01d7830b53819ace8f199554be10ab89ecdb97 Signed-off-by: Nathan Skrzypczak <nathan.skrzypczak@gmail.com>
2021-09-13ip-neighbor: Handle local MAC address change for incomplete adjacenciesNeale Ranns3-8/+50
Type: fix When the local MAC address of an interface changes the rewrite strings of all adjacency types need to be updated - this patch fixes the missing case of incomplete adjacencies. I moved the update of all adj types into the adj module, since if the complete adjs were done by the ip-neighbour module and incomplete ones by adj module, that would mean two walks of the adj DB, as it is not possible to walk only a specific type. UT is updated to include the missing case. Signed-off-by: Neale Ranns <neale@graphiant.com> Signed-off-by: Ivan Shvedunov <ivan4th@gmail.com> Change-Id: I36af94976c645bdd0d4d3bc0093b24d7d077e9d7
2021-06-08fib: make sure adj is valid during walkBenoît Ganne1-0/+3
The adj can be deleted during fib_walk_sync(), make sure it can happen only after clearing the SYNC_WALK_ACTIVE flag. Type: fix Change-Id: I68be00e9602e2783d9dced71c51547c38b7e8a00 Signed-off-by: Benoît Ganne <bganne@cisco.com>
2021-04-01fib: Move the adjacency midchain nodes into a separate fileNeale Ranns4-232/+249
Type: refactor It's only the nodes that require compiling for each arch, Signed-off-by: Neale Ranns <neale@graphiant.com> Change-Id: Ibb2bfc756001735cc10ef0fd8db7e8b8358cf8e2
2021-03-05fib: format function for adjacency flagsNeale Ranns2-0/+18
Type: improvement Signed-off-by: Neale Ranns <neale@graphiant.com> Change-Id: Ib01ed3231321f0f38c4b1deb885c4cf718cc0147
2021-02-24fib: fix sa selection for fib routed destinationsJúlius Milan1-4/+14
The move from ip4(6)_src_address_for_packet to fib_sas4(6)_get changed the behavior, so that the new looked only to adjacent gleans. This caused a problem for destinations routed according to FIB table. To reproduce: vpp# create tap vpp# set interface state tap0 up vpp# set interface ip address tap0 192.168.11.1/24 vpp# ip route add 192.168.20.0/24 via 192.168.11.2 linux$ sudo ip addr add 192.168.20.1/24 dev lo linux$ sudo ip link set tap0 up linux$ sudo ip addr add 192.168.11.2/24 dev tap0 vpp# ping 192.168.20.1 Failed: no source address for egress interface Type: fix Signed-off-by: Július Milan <julius.milan@pantheon.tech> Signed-off-by: Neale Ranns <neale@graphiant.com> Change-Id: I22899f4dbbf8c1c85ccce72f801b92c183195b5d
2021-02-15ip: Path MTUNeale Ranns8-1/+63
Type: feature Support setting the MTU for a peer on an interface. The minimum value of the path and interface MTU is used at forwarding time. the path MTU is specified for a given peer, by address and table-ID. In the forwarding plane the MTU is enfored either: 1 - if the peer is attached, then the MTU is set on the peer's adjacency 2 - if the peer is not attached, it is remote, then a DPO is added to the peer's FIB entry to perform the necessary fragmentation. Signed-off-by: Neale Ranns <neale@graphiant.com> Change-Id: I8b9ea6a07868b50e97e2561f18d9335407dea7ae
2021-02-15fib: Always honour flow hash flagNeale Ranns2-1/+18
Type: fix Signed-off-by: Neale Ranns <neale@graphiant.com> Change-Id: Id7b27edf3712aaa3c277e752b9ca78bb91d184a1
2020-12-14misc: move to new pool_foreach macrosDamjan Marion1-3/+3
Type: refactor Change-Id: Ie67dc579e88132ddb1ee4a34cb69f96920101772 Signed-off-by: Damjan Marion <damarion@cisco.com>
2020-12-08fib: Adjacency flag for midchain to perfom flow hash (on inner packet)Neale Ranns4-27/+74
Type: feature Signed-off-by: Neale Ranns <neale.ranns@cisco.com> Change-Id: I964afd9266645de5c87d49c58ce6b48c2c18f97f
2020-12-08fib: Source Address SelectionNeale Ranns5-75/+269
Type: feature Use the FIB to provide SAS (in so far as it is today) - Use the glean adjacency as the record of the connected prefixes = there's a glean per-{interface, protocol, connected-prefix} - Keep the glean up to date with whatever the recieve host prefix is (since it can change) Signed-off-by: Neale Ranns <neale.ranns@cisco.com> Change-Id: I0f3dd1edb1f3fc965af1c7c586709028eb9cdeac
2020-10-28misc: Break the big IP header files to improve compile timeNeale Ranns1-0/+2
Type: refactor Signed-off-by: Neale Ranns <neale.ranns@cisco.com> Change-Id: Id1801519638a9b97175847d7ed58824fb83433d6
2020-09-02fib: fix ADJ_NBR_ITF_OK param erroryedg1-1/+1
Type: fix Signed-off-by: yedonggang <yedg@wangsu.com> Change-Id: I3bf67070ed01df40626f3b90f2762158b6c3ce05
2020-09-01fib: detect wrong adj neighbour bugsBenoît Ganne1-0/+23
Type: improvement Change-Id: Ie063ee0a0c59a9ad632200ce2b23703bc0d936e6 Signed-off-by: Benoît Ganne <bganne@cisco.com>
2020-08-06misc: harmonize namesDave Barach3-7/+7
Type: fix Signed-off-by: Dave Barach <dave@barachs.net> Change-Id: Ibad744788e200ce012ad88ff59c2c34920742454
2020-06-05fib: fix adj pool expand casesDave Barach1-1/+24
adj_alloc (...) is not thread safe when the adj pool or combined counter vectors expand. Type: fix Signed-off-by: Dave Barach <dave@barachs.net> Change-Id: I55710de6ecc083b7434e11798659cca9250c9131
2020-05-29fib: Safe adj walkNeale Ranns1-8/+15
Type: fix the hash walk does not give the same guarantees as the bihash so walk in a safe manner. Change-Id: Idfe48c3a84ab3a341d887f7d196bc81ba34ae8b0 Signed-off-by: Neale Ranns <nranns@cisco.com>
2020-05-26fib: Use basic hash for adjacency neighbour tableNeale Ranns1-82/+42
Type: improvement a bihash per-interface used too much memory. Change-Id: I447bb66c0907e1632fa5d886a3600e518663c39e Signed-off-by: Neale Ranns <nranns@cisco.com>
2020-05-13feature: Config end nodes are user specificNeale Ranns1-5/+5
Type: fix it is possible for a user to change the end node of a feature arc, but this change should only apply to that 'instnace' of the arc, not all arcs. for example, if a tunnel has its ipx-output end node changed to adj-midchain-tx, this shouldn't affect all ipx-output arcs. obviously... Signed-off-by: Neale Ranns <nranns@cisco.com> Change-Id: I41daea7ba6907963e42140307d065c8bcfdcb585
2020-05-04fib: midchain adjacency optimisationsNeale Ranns12-345/+483
Type: improvement - inline some common encap fixup functions into the midchain rewrite node so we don't incur the cost of the virtual function call - change the copy 'guess' from ethernet_header (which will never happen) to an ip4 header - add adj-midchain-tx to multiarch sources - don't run adj-midchain-tx as a feature, instead put this node as the adj's next and at the end of the feature arc. - cache the feature arc config index (to save the cache miss going to fetch it) - don't check if features are enabled when taking the arc (since we know they are) the last two changes will also benefit normal adjacencies taking the arc (i.e. for NAT, ACLs, etc) for IPSec: - don't run esp_encrypt as a feature, instead when required insert this node into the adj's next and into the end of the feature arc. this implies that encrypt is always 'the last feature' run, which is symmetric with decrypt always being the first. - esp_encrpyt for tunnels has adj-midchain-tx as next node Change-Id: Ida0af56a704302cf2d7797ded5f118a781e8acb7 Signed-off-by: Neale Ranns <nranns@cisco.com>
2020-04-10fib: fix adjacency cli command issueShivaShankarK1-3/+1
Type: fix Signed-off-by: ShivaShankarK <shivaashankar1204@gmail.com> Change-Id: I193023705003e664c50487fdfaa42b813604a078
2020-02-21ipsec: IPSec protection for multi-point tunnel interfacesNeale Ranns2-4/+3
Type: feature Signed-off-by: Neale Ranns <nranns@cisco.com> Change-Id: Iaba2ab11bfaa1c8db4023434e3043ac39500f938
2020-02-20fib: adjacency midchain teardown (VPP-1841)Neale Ranns3-5/+40
Type: fix Change-Id: I57f8bfbce4feed9d2775875cb8b1b729a47900a4 Signed-off-by: Neale Ranns <nranns@cisco.com> (cherry picked from commit 24064d02aa9810ebc64c16dc778a179bb0ef5483)
2020-02-03fib: invalid check for adj types.Neale Ranns1-1/+1
Type: fix coverity found invalid logic. Change-Id: Ic9144ac805a4e5a18aa299794fedda044dcb65fe Signed-off-by: Neale Ranns <nranns@cisco.com>
2020-02-03fib: refresh adj pointer after fib_walk_sync due to possible reallocSteven Luong1-0/+6
fib_walk_sync may call adj_alloc which may cause adj_pool to expand. When that happens, any previous frame which still use the old adj pointer needs to refresh. Failure to do so may access or update to the old adj memory unintentionally and crash mysteriously. Type: fix Ticket: VPPSUPP-54 Signed-off-by: Steven Luong <sluong@cisco.com> Change-Id: I173dec4c5ce81c6e26c4fe011b894a7345901b24
2020-01-30fib: fix typos in doxygenPaul Vinciguerra1-10/+10
cleaned up some trivial typo's while reading through adj.h Type: docs Change-Id: I1b6cd815dc10ed3da8db2024b3e015e076235d50 Signed-off-by: Paul Vinciguerra <pvinci@vinciconsulting.com>
2020-01-27ipip: Multi-point interfaceNeale Ranns4-18/+33
Type: feature plus fixes for gre Signed-off-by: Neale Ranns <nranns@cisco.com> Change-Id: I0eca5f94b8b8ea0fcfb058162cafea4491708db6
2020-01-27fib: Reload the adj after possible realloc (VPP-1822)Neale Ranns1-0/+1
Type: fix Fixes: 418b225931634f6d113d2971cb9550837d69929d Change-Id: Ia5f4ea24188c4f3de87e06a7fd07b40bcb47cfc1 Signed-off-by: Neale Ranns <nranns@cisco.com>
2020-01-22fib: Adjacency realloc during rewrite update walk (VPP-1822)Neale Ranns1-4/+4
Type: fix Change-Id: I0e826284c50713d322ee7943d87fd3363cfbdfbc Signed-off-by: Neale Ranns <nranns@cisco.com>
2020-01-09misc: fix feature description spellingOle Troan1-2/+1
Type: docs Signed-off-by: Ole Troan <ot@cisco.com> Change-Id: I46856db81d42c3f10c03a7bf9a245cc998cd8a01
2020-01-03fib: add adjacency feature.yamlNeale Ranns1-0/+24
Type: docs Change-Id: I6cdfbae5a0eab8a69dfa2ae054945c510a3c63f6 Signed-off-by: Neale Ranns <nranns@cisco.com> Signed-off-by: Paul Vinciguerra <pvinci@vinciconsulting.com>
2019-12-17ip: Protocol Independent IP NeighborsNeale Ranns5-15/+24
Type: feature - ip-neighbour: generic neighbour handling; APIs, DBs, event handling, aging - arp: ARP protocol implementation - ip6-nd; IPv6 neighbor discovery implementation; separate ND, MLD, RA - ip6-link; manage link-local addresses - l2-arp-term; events separated from IP neighbours, since they are not the same. vnet retains just enough education to perform ND/ARP packet construction. arp and ip6-nd to be moved to plugins soon. Change-Id: I88dedd0006b299344f4c7024a0aa5baa6b9a8bbe Signed-off-by: Neale Ranns <nranns@cisco.com>
2019-12-17fib: Adjacency walk fix for IPv6Neale Ranns1-1/+1
Type: fix Change-Id: Id3a1950e49d5eb1883af06a14df97e98f55162a8 Signed-off-by: Neale Ranns <nranns@cisco.com>