summaryrefslogtreecommitdiffstats
path: root/src/vnet/api_errno.h
AgeCommit message (Collapse)AuthorFilesLines
2020-03-21ikev2: add support for custom ipsec-over-udp portFilip Tehlar1-1/+3
Type: feature Change-Id: Ifee2b3dca85ea915067b9285e3636802bf0c19a8 Signed-off-by: Filip Tehlar <ftehlar@cisco.com>
2020-03-17ip: ip_address_t uses ip46_address_tNeale Ranns1-1/+1
Type: improvement type re-use. Signed-off-by: Neale Ranns <nranns@cisco.com> Change-Id: Ic2a2e6babf9ae66a1e53aec53a6cd157e1893dc8
2019-12-17ip: Protocol Independent IP NeighborsNeale Ranns1-1/+2
Type: feature - ip-neighbour: generic neighbour handling; APIs, DBs, event handling, aging - arp: ARP protocol implementation - ip6-nd; IPv6 neighbor discovery implementation; separate ND, MLD, RA - ip6-link; manage link-local addresses - l2-arp-term; events separated from IP neighbours, since they are not the same. vnet retains just enough education to perform ND/ARP packet construction. arp and ip6-nd to be moved to plugins soon. Change-Id: I88dedd0006b299344f4c7024a0aa5baa6b9a8bbe Signed-off-by: Neale Ranns <nranns@cisco.com>
2019-11-07session: ckpair store & crypto engine as mq paramsNathan Skrzypczak1-1/+2
Type: feature This patch adds the logic to pass to connect & listen msg in the mq the following parameters * ckpair index * crypto engine (for now only used in quic) Change-Id: I7213d8b581cb4532a9a6b18c4b3fe021287b7733 Signed-off-by: Nathan Skrzypczak <nathan.skrzypczak@gmail.com>
2019-10-07mactime: add a "top" command to watch device statsDave Barach1-1/+3
Include a binary API change NOT suitable for cherry-picking into 19.08 Type: feature Signed-off-by: Dave Barach <dave@barachs.net> Change-Id: Id369514a3085f5e4bcee34819c55c4636df9b518
2019-07-08map gbp papi: match endianess of f64Paul Vinciguerra1-2/+2
clib_net_to_host_f64, clib_host_to_net_f64 are now implemented as '=', https://gerrit.fd.io/r/#/c/20406/ set papi to match. - all f64 api references are now wrapped with clib_net_to_host_f64 or clib_host_to_net_f64. IEEE f64 endianess is not defined. If clib_net_to_host_f64 and clib_host_to_net_f64 are later defined in VPP as big-endian, it is a single character change in the papi vpp_serializer. Note: This breaks the api in a manner that would not be detected by the flag day initiative. The scope is small. This only impacts map.api, which applied the u64 transformation, while the gbp api uses '='. The implementation of "=" raises issues for the papi socket implementation if used between systems of differing endianess. See Vratko's comments. - Added get_f64_endian_value() to api to allow client to verify endianess of f64's. Type: fix Depends-on: https://gerrit.fd.io/r/#/c/20484/ Change-Id: I00fc64a6557ba0190398df211aa0ea5c7eb101df Signed-off-by: Paul Vinciguerra <pvinci@vinciconsulting.com>
2019-06-19api: fix typos in api error descriptionsPaul Vinciguerra1-7/+7
Type: style Change-Id: I81c281c7277dbaea499f3072e01e7f59bf646825 Signed-off-by: Paul Vinciguerra <pvinci@vinciconsulting.com>
2019-06-18fib: fib api updatesNeale Ranns1-2/+3
Enhance the route add/del APIs to take a set of paths rather than just one. Most unicast routing protocols calcualte all the available paths in one run of the algorithm so updating all the paths at once is beneficial for the client. two knobs control the behaviour: is_multipath - if set the the set of paths passed will be added to those that already exist, otherwise the set will replace them. is_add - add or remove the set is_add=0, is_multipath=1 and an empty set, results in deleting the route. It is also considerably faster to add multiple paths at once, than one at a time: vat# ip_add_del_route 1.1.1.1/32 count 100000 multipath via 10.10.10.11 100000 routes in .572240 secs, 174751.80 routes/sec vat# ip_add_del_route 1.1.1.1/32 count 100000 multipath via 10.10.10.12 100000 routes in .528383 secs, 189256.54 routes/sec vat# ip_add_del_route 1.1.1.1/32 count 100000 multipath via 10.10.10.13 100000 routes in .757131 secs, 132077.52 routes/sec vat# ip_add_del_route 1.1.1.1/32 count 100000 multipath via 10.10.10.14 100000 routes in .878317 secs, 113854.12 routes/sec vat# ip_route_add_del 1.1.1.1/32 count 100000 multipath via 10.10.10.11 via 10.10.10.12 via 10.10.10.13 via 10.10.10.14 100000 routes in .900212 secs, 111084.93 routes/sec Change-Id: I416b93f7684745099c1adb0b33edac58c9339c1a Signed-off-by: Neale Ranns <neale.ranns@cisco.com> Signed-off-by: Ole Troan <ot@cisco.com> Signed-off-by: Paul Vinciguerra <pvinci@vinciconsulting.com>
2019-06-05IPSEC: some CLI fixesNeale Ranns1-1/+2
Change-Id: I45618347e37440263270baf07b2f82f653f754a5 Signed-off-by: Neale Ranns <nranns@cisco.com>
2019-05-15Remove unused function nat44_ha_resync() and error IN_PROGRESS.Jon Loeliger1-1/+0
The unused function nat44_ha_resync() was the only function that used the error message VNET_API_ERROR_IN_PROGRESS. The error was the only error code that was positive, and didn't really play well with the other error codes. Change-Id: I7d03c2ee915094b635f6efdca7427f71e4d19f2b Signed-off-by: Jon Loeliger <jdl@netgate.com>
2019-04-25IPSEC; dpdk backend for tunnel interface encryptionNeale Ranns1-1/+2
Change-Id: Ide2a9df18db371c8428855d7f12f246006d7c04c Signed-off-by: Neale Ranns <nranns@cisco.com>
2019-03-26IPSEC: more expressive API errorsNeale Ranns1-1/+3
Change-Id: I517a7bdae03abfea58451819e7854974397d77f8 Signed-off-by: Neale Ranns <nranns@cisco.com>
2018-11-12IPv6: Make link-local configurable per-interface (VPP-1446)Juraj Sloboda1-1/+1
Remove old nonfunctional code for setting link-local addresses. Use common API for setting all IPv6 addresses. Change-Id: I562329df86341f81ef2441510a9eefbbf710f6e0 Signed-off-by: Juraj Sloboda <jsloboda@cisco.com> Signed-off-by: Matus Fabian <matfabia@cisco.com>
2018-09-26Modify return values of L2 bridge API handlersAlexander Chernavin1-1/+3
Change-Id: Ie6a6dde1fdc0e4fa8560682072a69876867a88d3 Signed-off-by: Alexander Chernavin <achernavin@netgate.com>
2018-09-24Network delay simulator pluginDave Barach1-0/+1
Change-Id: I4a70c7df8f0cb368a4e1cb16f30eeef5c6058c79 Signed-off-by: Dave Barach <dave@barachs.net>
2018-03-22acl-plugin: implement ACL lookup contexts for "ACL as a service" use by ↵Andrew Yourtchenko1-1/+2
other plugins This code implements the functionality required for other plugins wishing to perform ACL lookups in the contexts of their choice, rather than only in the context of the interface in/out. The lookups are the stateless ACLs - there is no concept of "direction" within the context, hence no concept of "connection" either. The plugins need to include the The file acl_lookup_context.md has more info. Change-Id: I91ba97428cc92b24d1517e808dc2fd8e56ea2f8d Signed-off-by: Andrew Yourtchenko <ayourtch@gmail.com>
2018-03-16stats: allow configuring poller delayKlement Sekera1-0/+28
This introduces a startup config option for configuring stats poller delay. Use `stats { interval <seconds> }` to configure the delay at startup. The default value remains unchanged - 10 seconds. Change-Id: If12cb1f7f6f1f8ecfa461561bc77847cdf260388 Signed-off-by: Klement Sekera <ksekera@cisco.com>
2018-02-15Optimize GRE Tunnel and add support for ERSPAN encapJohn Lo1-1/+2
Change GRE tunnel to use the interface type where the same encap node is used as output node for all GRE tunnels, instead of having dedicated output and tx node for each tunnel. This allows for more efficient tunnel creation and deletion at scale tested at 1000's of GRE tunnels. Add support for ERSPAN encap as another tunnel type, in addition to the existing L3 and TEB types. The GRE ERSPAN encap supported is type 2 thus GRE encap need to include sequence number and GRE- ERSPAN tunnel can be created with user secified ERSPAN session ID. The GRE tunnel lookup hash key is updated to inclue tunnel type and session ID, in addition to SIP/DIP and FIB index. Thus, GRE-ERSPAN tunnel can be created, with the appropriate session ID, to be used as output interface for SPAN config to send mirrored packets. Change interface naming so that all GRE tunnels, irrespective of tunnel type, uses "greN" where N is the instance number. Removed interface reuse on tunnel creation and deletion to enable unfied tunnel interface name. Add support of user specified instance on GRE tunnel creation. Thus, N in the "greN" interface name can optionally be specified by user via CLI/API. Optimize GRE tunnel encap DPO stacking to bypass load-balance DPO node since packet output on GRE tunnel always belong to the same flow after 5-tupple hash. Change-Id: Ifa83915744a1a88045c998604777cc3583f4da52 Signed-off-by: John Lo <loj@cisco.com>
2018-02-07VXLAN: Allow user to specify a custom vxlan tunnel instance id.Jon Loeliger1-1/+2
If one is not selected by the user, the next available id will be allocated, thus maintaining backward compatibility. Change-Id: I4691ed0638b8072f9cfa9f20b9fe4f981e708800 Signed-off-by: Jon Loeliger <jdl@netgate.com>
2018-02-06BIER: fix support for longer bit-string lengthsNeale Ranns1-1/+2
Change-Id: I2421197b76be58099e5f8ed5554410adff202109 Signed-off-by: Neale Ranns <neale.ranns@cisco.com>
2018-01-25session: add support for memfd segmentsFlorin Coras1-1/+1
- update segment manager and session api to work with both flavors of ssvm segments - added generic ssvm slave/master init and del functions - cleanup/refactor tcp_echo - fixed uses of svm fifo pool as vector Change-Id: Ieee8b163faa407da6e77e657a2322de213a9d2a0 Signed-off-by: Florin Coras <fcoras@cisco.com>
2017-12-02tap_v2: multiple improvementsDamjan Marion1-3/+3
- add support for assigning tap interface to the bridge - add support for assigning tap interface host side ip4 and ip6 address - host namespace can be specified as PID (pid:12345) or full path to file - automatically bring linux interface up Change-Id: I1cf7c3cad9a740e430cc1b9c2bb0aad0ba4cc8d8 Signed-off-by: Damjan Marion <damarion@cisco.com>
2017-11-30virtio: fast TAP interfaces with vhost-net backendDamjan Marion1-1/+3
Change-Id: Ided667356d5c6fb9648eb34685aabd6b16a598b7 Signed-off-by: Damjan Marion <damarion@cisco.com> Signed-off-by: Steven Luong <sluong@cisco.com>
2017-11-11ACLs: Use better error return codes than "-1" everywhere.Jon Loeliger1-1/+3
Added two new errors: ACL_IN_USE_INBOUND ACL_IN_USE_OUTBOUND Update ACL tests to expect new, precise return values. Change-Id: I644861a18aa5b70cce5f451dd6655641160c7697 Signed-off-by: Jon Loeliger <jdl@netgate.com>
2017-11-09session: lookup/rules table improvements and cleanupFlorin Coras1-1/+2
Change-Id: I5217364220023df34d5bee071cb750df1661b093 Signed-off-by: Florin Coras <fcoras@cisco.com>
2017-10-13VPP-1027: DNS name resolverDave Barach1-0/+8
This patch is a plausible first-cut, suitable for initial testing by vcl (host stack client library). Main features; - recursive name resolution - multiple ip4/ip6 name servers - cache size limit enforcement - currently limited to 65K - ttl / aging - static mapping support - show / clear / debug CLI commands Binary APIs provided for the following: - add/delete name servers - enable/disable the name cache - resolve a name To Do list: - Respond to ip4/ip6 client DNS requests (vs. binary API requests) - Perf / scale tuning - map pending transaction ids to pool indices, so the cache can (greatly) exceed 65K entries - Security improvements - Use unpredictable dns transaction IDs, related to previous item - Make sure that response-packet src ip addresses match the server - Add binary APIs - deliver raw response data to clients - control recursive name resolution - Documentation Change-Id: I48c373d5c05d7108ccd814d4055caf8c75ca10b7 Signed-off-by: Dave Barach <dave@barachs.net>
2017-10-10session: add support for application namespacingFlorin Coras1-2/+7
Applications are now provided the option to select the namespace they are to be attached to and the scope of their attachement. Application namespaces are meant to: 1) constrain the scope of communication through the network by association with source interfaces and/or fib tables that provide the source ips to be used and limit the scope of routing 2) provide a namespace local scope to session layer communication, as opposed to the global scope provided by 1). That is, sessions can be established without assistance from transport and network layers. Albeit, zero/local-host ip addresses must still be provided in session establishment messages due to existing application idiosyncrasies. This mode of communication uses shared-memory fifos (cut-through sessions) exclusively. If applications request no namespace, they are assigned to the default one, which at its turn uses the default fib. Applications can request access to both local and global scopes for a namespace. If no scope is specified, session layer defaults to the global one. When a sw_if_index is provided for a namespace, zero-ip (INADDR_ANY) binds are converted to binds to the requested interface. Change-Id: Ia0f660bbf7eec7f89673f75b4821fc7c3d58e3d1 Signed-off-by: Florin Coras <fcoras@cisco.com>
2017-10-03Propagate duplicate IF addr add/del error up to API.Jon Loeliger1-1/+2
Identify and complain when the same IP prefix is assigned to two different SW interfaces: vpp# set int ip address TenGigabitEthernet6/0/0 1.2.3.4/32 vpp# set int ip address TenGigabitEthernet6/0/1 1.2.3.4/32 set interface ip address: Prefix 1.2.3.4/32 already found on interface TenGigabitEthernet6/0/0 Change-Id: I1aee1b6a7ddd00d3109a53d8e1b6ce97bf45e372 Signed-off-by: Jon Loeliger <jdl@netgate.com>
2017-09-07Devices: Set interface rx-mode may cause SIGSEGV with nonexistent queueSteven1-1/+2
When I type in set interface rx-mode with a nonexistent queue, I got a crash with the following traceback. It looks like the vm is NULL when vlib_node_get_runtime is called. DBGvpp# sh int rx Thread 0 (vpp_main): node dpdk-input: TenGigabitEthernet5/0/0 queue 0 (polling) TenGigabitEthernet5/0/1 queue 0 (polling) TenGigabitEthernet7/0/0 queue 0 (polling) TenGigabitEthernet7/0/1 queue 0 (polling) node vhost-user-input: VirtualEthernet0/0/2 queue 0 (adaptive) DBGvpp# set interface rx-mode VirtualEthernet0/0/2 queue 1 polling Thread 1 "vpp_main" received signal SIGSEGV, Segmentation fault. 0x00007ffff6d4e0bc in vlib_node_get_runtime (vm=0x0, node_index=125) at /home/sluong/vpp/build-data/../src/vlib/node_funcs.h:92 92 vlib_node_t *n = vec_elt (nm->nodes, node_index); (gdb) where at /home/sluong/vpp/build-data/../src/vlib/node_funcs.h:92 at /home/sluong/vpp/build-data/../src/vlib/node_funcs.h:112 vnm=0x6f0fa0 <vnet_main>, hw_if_index=7, queue_id=1, mode=0x7fffb62099e8) at /home/sluong/vpp/build-data/../src/vnet/devices/devices.c:307 hw_if_index=7, queue_id=1, mode=VNET_HW_INTERFACE_RX_MODE_POLLING) at /home/sluong/vpp/build-data/../src/vnet/interface_cli.c:1192 vm=0x7ffff7b9d440 <vlib_global_main>, input=0x7fffb6209ef0, cmd=0x7fffb61d5d14) at /home/sluong/vpp/build-data/../src/vnet/interface_cli.c:1288 vm=0x7ffff7b9d440 <vlib_global_main>, cm=0x7ffff7b9d630 <vlib_global_main+496>, input=0x7fffb6209ef0, parent_command_index=18) at /home/sluong/vpp/build-data/../src/vlib/cli.c:588 vm=0x7ffff7b9d440 <vlib_global_main>, cm=0x7ffff7b9d630 <vlib_global_main+496>, input=0x7fffb6209ef0, parent_command_index=12) The fix is to add a check for vec_len(hw->input_node_thread_index_by_queue) and vec_len (hw->rx_mode_by_queue) to reject the command if the queue_id is out of bound. While at it, I notice inputting queue_id=-1 is being interpreted as all queues. An easy fix is to not overload the queue_id variable with -1 to mean something else. Change-Id: Id70ec3e7d06ccc67635e6d28ef53420bdac4a988 Signed-off-by: Steven <sluong@cisco.com>
2017-08-03Add support for API client to receive L2 MAC eventsJohn Lo1-2/+3
Added APIs want_l2_macs_events and l2_macs_event to allow an API client to receive notification events from VPP for MAC learned or aged in L2FIB. Only one API client is allowed for L2 MAC events. The want_l2_macs_events API allow caller to specify MAC learn limit, event scan delay and max number of MACs that can be included in a event message. These parameters should be choosen properly as to not have too many MAC events sent by VPP and overwhelm the API share memory. They can all be left as 0's so VPP will setup reasonable defaults which are: 1000 learn limit, 100 msec scan delay and 100 MACs per event message. If want_l2_macs_events is never called, VPP learning and aging should behave as before except that MAC entries provisioned by API or CLI will not be aged, even if it is not set as static_mac. These non static MACs, however, can be overwritten by MAC learning on a MAC move as a leared MAC. Only learned MACs are subject to aging. Change-Id: Ia3757a80cf8adb2811a089d2eafbd6439461285c Signed-off-by: John Lo <loj@cisco.com>
2017-08-01P2P EthernetPavel Kotucek1-1/+2
Change-Id: Idb97e573961b3bc2acdeef77582314590795f8c3 Signed-off-by: Pavel Kotucek <pkotucek@cisco.com>
2017-05-19Enforce Bridge Domain ID range to match 24-bit VNI rangeJohn Lo1-2/+3
Enforce bridge domain ID range to allow a maximum value of 16M which matches the range of 24-bit VNI used for virtual overlay network ID. Fix "show bridge-domain" output to allow full 16M BD ID range to be displayed using 8-digit spaces. Change-Id: I80d9c76ea7c001bcccd3c19df1f3e55d2970f01c Signed-off-by: John Lo <loj@cisco.com>
2017-05-02Prevent Bridge Domain operations on BD 0.Jon Loeliger1-1/+2
The default bridge domain, 0, is created automatically with static features. It should be modified by neither the CLI nor the API. So add tests for, and reject any operation on BD 0. The new API error message BD_NOT_MODIFIABLE is returned in such cases. Change-Id: Iaf3dd80c4f43cf41689ca55756a0a3525420cd12 Signed-off-by: Jon Loeliger <jdl@netgate.com>
2017-05-02Add interface rx mode commands, unify rx mode and placement CLIDamjan Marion1-1/+2
Change-Id: Ib506c3e9d66170f29e3266ad6dc4d32b829befba Signed-off-by: Damjan Marion <damarion@cisco.com>
2017-04-24BD:unify bridge domain creation codeEyal Bari1-1/+3
Change-Id: I29082e7a0c556069180a157e55b3698cf8cd38c7 Signed-off-by: Eyal Bari <ebari@cisco.com>
2017-04-13Session layer refactoringFlorin Coras1-1/+3
Major refactoring of the session layer api - Add attatch api for application binding to the the session layer - Simplify listen/connect calls - Update application CLI - Add transport endpoint to accept callback - Associate segment manager to application and allow for multiple binds/connects per app Additional: - svm fifo cleanup - add fifo free, format fns - add fifo offset enqueue unit test Change-Id: Id93a65047de61afc2bf3d58c9b544339c02065af Signed-off-by: Florin Coras <fcoras@cisco.com> Signed-off-by: Dave Barach <dave@barachs.net>
2017-03-31ARP/API:protect against identical registrationsEyal Bari1-1/+2
Change-Id: Ia3acf87d3e07a7d41c047869de504e1972334b55 Signed-off-by: Eyal Bari <ebari@cisco.com>
2017-03-04Cleanup URI code and TCP bugfixingFlorin Coras1-1/+2
- Add CLI/API to enable session layer, by default it's disabled - Improve rcv wnd computation - Improvements to tx path - URI code cleanup - Builtin test tcp server - Improve src port allocation Change-Id: I2ace498e76a0771d4c31a8075cc14fe33d7dfa38 Signed-off-by: Florin Coras <fcoras@cisco.com>
2017-03-03Changing the IP table for an interface is an error if the interface already ↵Neale Ranns1-1/+2
has an address configured (VPP-601) Change-Id: I311fc264f73dd3b2b3ce9d7d1c33cd0515b36c4a Signed-off-by: Neale Ranns <nranns@cisco.com>
2017-03-02BFD: command line interfaceKlement Sekera1-1/+0
Implement command line interface to the BFD binary APIs. Add corresponding unit tests. Change-Id: Ia0542d0bc4c8d78e6f7b777a08fd94ebfe4d524f Signed-off-by: Klement Sekera <ksekera@cisco.com>
2017-03-01VPP-598: tcp stack initial commitDave Barach1-8/+13
Change-Id: I49e5ce0aae6e4ff634024387ceaf7dbc432a0351 Signed-off-by: Dave Barach <dave@barachs.net> Signed-off-by: Florin Coras <fcoras@cisco.com>
2017-02-27Add GPE CLI/API for setting encap modeFilip Tehlar1-1/+3
Change-Id: Id89e23fb5d275572b2356c073dfa0f55719e1a76 Signed-off-by: Filip Tehlar <ftehlar@cisco.com>
2017-02-08BFD: modify session parametersKlement Sekera1-1/+2
Change-Id: I666e5c0cc71a3693640960c93cdd1907f84fbe23 Signed-off-by: Klement Sekera <ksekera@cisco.com>
2017-02-07LISP: reject remote mappings that have as locators local IPsFilip Tehlar1-1/+2
Change-Id: Ifaf46554e45557ebf82009d9c46a9e905a46f884 Signed-off-by: Filip Tehlar <ftehlar@cisco.com>
2017-02-02BFD: SHA1 authenticationKlement Sekera1-2/+4
Add authentication support to BFD feature. Out of three existing authentication types, implement SHA1 (sole RFC requirement). Simple password is insecure and MD5 is discouraged by the RFC, so ignore those. Add/change APIs to allow configuring BFD authentication keys and their usage with BFD sessions. Change-Id: Ifb0fb5b19c2e72196d84c1cde919bd4c074ea415 Signed-off-by: Klement Sekera <ksekera@cisco.com>
2017-01-14Provision linux stack ip4 and ip6 addresses for tap interfacesDave Barach1-1/+1
To simplify system configuration. Converted existing code to use an argument structure, instead of [one or two too many] discrete parameters. Change-Id: I3eddfa74eeed918c1b04a6285fba494651594332 Signed-off-by: Dave Barach <dave@barachs.net>
2016-12-28Reorganize source tree to use single autotools instanceDamjan Marion1-0/+113
Change-Id: I7b51f88292e057c6443b12224486f2d0c9f8ae23 Signed-off-by: Damjan Marion <damarion@cisco.com>