aboutsummaryrefslogtreecommitdiffstats
path: root/src/vnet/ip/ip4_forward.c
AgeCommit message (Collapse)AuthorFilesLines
2019-11-11ip: functional interface to ip fragmentationOle Troan1-8/+8
This provides a functional interface to IP fragmentation. Allowing external features to fragment. Supports arbitrary encap size, for e.g. MPLS or inner fragmentation of tunnels. This also removed dual loop in MAP that was fundamentally broken. Type: fix Signed-off-by: Ole Troan <ot@cisco.com> Change-Id: Ia89ecec8ee3cbe2416edbe87630fdb714898c2a8 Signed-off-by: Ole Troan <ot@cisco.com>
2019-11-05ip: Fragmentation fixesNeale Ranns1-96/+121
Type: fix if the packet is about to be fragmented, then don't call any of the actions that expect the rewrite to have been written. 1) don't double count packets thru the adjacency (original & fragments) 2) don't double decrement the TTL for fragments 3) return to ip4-midchain post ip-frag if that's where we started. 4) only run midchain/mcast fixups if not fragmenting (if no errors) Change-Id: Ib2866787a42713ee5871b87b597d8f74b901044b Signed-off-by: Neale Ranns <nranns@cisco.com>
2019-10-10tcp: custom checksum calculations for Ipv4/Ipv6Srikanth A1-43/+3
Type: feature Based on the configuration, we can disable checksum offload capability and calculate checksum while pushing the TCP & IP header. This saves some cycles when VPP stack is used in legacy hardware devices. Signed-off-by: Srikanth A <srakula@cisco.com> Change-Id: Ic1b3fcf3040917e47ee65263694ebf7437ac5668 (cherry picked from commit 3642782a2748503f5b5ccf89d1575c1d489948ef)
2019-09-25ip: refactor reassemblyKlement Sekera1-1/+1
this is a preparation step for introducing other reassembly types Type: refactor Change-Id: I197e299dbd729b00eead31667913b8ceff915d63 Signed-off-by: Klement Sekera <ksekera@cisco.com>
2019-09-16api: autogenerate api trace print/endianOle Troan1-1/+3
In addition to the external vppapitrace tool, VPP itself supports dumping of API trace files. In two formats, "custom-dump" and "dump". "dump" gives a human friendly list, and "custom-dump" is meant to give a list of commands that can be fed to VAT. This patch only deals with "dump". Prior to this fix, auto-generation was only done for the basic types. This fix adds support for any type, including lists, and supports pretty-printing of enums, strings, IP addresses, MAC addresses and so on. Usage: api trace dump <api-trace-file> For example Change-Id: I4e485680e6dcfce7489299ae6cf31d835071ac40 ---------- trace 48 ----------- vl_api_sw_interface_set_flags_t: _vl_msg_id: 75 client_index: 0 context: 10 sw_if_index: 1 flags: IF_STATUS_API_FLAG_ADMIN_UP ---------- trace 49 ----------- vl_api_sw_interface_add_del_address_t: _vl_msg_id: 88 client_index: 0 context: 11 sw_if_index: 1 is_add: 1 del_all: 0 prefix: 172.16.1.1/24 ---------- trace 51 ----------- vl_api_cli_inband_t: _vl_msg_id: 819 client_index: 0 context: 13 cmd: packet-generator capture pg0 pcap /tmp/vpp-unittest-TestMAP-YhcmDX/pg0_out.pcap disable ---------- trace 58 ----------- vl_api_ip_neighbor_add_del_t: _vl_msg_id: 199 client_index: 0 context: 20 is_add: 1 neighbor: sw_if_index: 2 flags: IP_API_NEIGHBOR_FLAG_NONE mac_address: 0202.0000.ff02 ip_address: fd01:2::2 Signed-off-by: Ole Troan <ot@cisco.com> Change-Id: I5556d06008de2762e7c2d35a8b0963ae670b3db1 Type: fix Signed-off-by: Ole Troan <ot@cisco.com> Signed-off-by: Ole Troan <ot@cisco.com> Signed-off-by: Ole Troan <ot@cisco.com> Signed-off-by: Ole Troan <ot@cisco.com> Signed-off-by: Ole Troan <ot@cisco.com> Signed-off-by: Ole Troan <ot@cisco.com> Signed-off-by: Ole Troan <ot@cisco.com> Signed-off-by: Ole Troan <ot@cisco.com>
2019-09-11ip: apply dual loop unrolling in ip4_rewriteLijian.Zhang1-0/+131
Too many prefetches within loop unrollings induce bottleneck and performance degradation on some CPUs which have less cache line fill buffers, e.g, Arm Cortex-A72. Apply dual loop unrolling and tune prefetches manually to remove hot-spot with prefetch instructions, to get throughput improvement. It brings about 7% throughput improvement and saves 28% clocks with ip4_rewrite nodes on Cortex-A72 CPUs. Type: feature Change-Id: I0d35ef19faccbd7a5a4647f50bc369bfcb01a20d Signed-off-by: Lijian Zhang <Lijian.Zhang@arm.com>
2019-09-07ip: fix udp/tcp checksum corner casesDave Barach1-3/+15
When checksumming chained buffers with odd lengths: insert a NULL byte, or the calculation fails. Type: fix Signed-off-by: Dave Barach <dave@barachs.net> Signed-off-by: John Lo <loj@cisco.com> Change-Id: I380f7c42897bdb28c8c29aa1c4cdaaa849cc9ecc
2019-08-19ip: leverage existing vlib_buffer_advanceZhiyong Yang1-6/+3
The function ip4_rewrite_inline_with_gso can leverage the existing vlib_buffer_advance to simplify code. Type: fix Change-Id: I25d943dc78aba2f67654385cf3f693eb01e0210e Signed-off-by: Zhiyong Yang <zhiyong.yang@intel.com>
2019-08-12ip: allow addrs from the same prefix on intfMatthew Smith1-79/+234
Type: feature Adding a prefix to an interface was not permitted if it overlapped with another prefix on an interface which used the same FIB. Loosen the restriction. Allow 2 or more addresses from the same prefix on a single interface. Reference count the prefix to figure out when a glean/connected route for the prefix needs to be added or removed. Added unit tests to check that the route is only removed when all addresses in the prefix are removed from the interface. Change-Id: I1a962ecb5e1ee65fc6d41f98a4cc097a51a55321 Signed-off-by: Matthew Smith <mgsmith@netgate.com>
2019-08-03ip: fix ip6/udp checksum for pkts using buffer chainingJohn Lo1-0/+3
Fix ip6_tcp_udp_icmp_compute_checksum to work properly for packets with multiple buffers. Fix ip4_tcp_udp_compute_checksum to exit upon detecting error. Type: fix Signed-off-by: John Lo <loj@cisco.com> Change-Id: I673547f4479d72cd60757383343fc562cff10265
2019-07-19ip: admin change affects intf IPv4 addr routesMatthew G Smith1-7/+53
Type: feature When admin status is changed on an interface, add or delete the routes for the IPv4 addresses configured on that interface. This is already being done for IPv6 interface addresses. Change-Id: Ib1e7dc49c499921dd287e075640243520ffa5589 Signed-off-by: Matthew Smith <mgsmith@netgate.com>
2019-07-08ip: retain local interface address adjacencyMatthew Smith1-6/+24
Type: feature ip4_local_check_src() was overwriting vnet buffer opaque data on the adjacency for packets with "local" (dpo-receive) destination addresses. Retain the dpo receive index in vnet_buffer()->adj_index[VLIB_TX]. This can allow a graph node to distinguish the interface where the destination address is configured from the interface where the packet was received. This can be useful in correctly handling packets that have been sent to an address configured on a loopback interface. Change-Id: I52a942e85b5302b338a2d0404a37c5ea1a99e89f Signed-off-by: Matthew Smith <mgsmith@netgate.com>
2019-06-28ip: ip-lookup - remove the dead codeNeale Ranns1-4/+1
Type: refactor Change-Id: I791cc63e989df049104420faf74fc28f965b6648 Signed-off-by: Neale Ranns <nranns@cisco.com>
2019-06-04Punt: specify packets by IP protocol TypeNeale Ranns1-2/+12
Change-Id: I0c2d6fccd95146e52bb88ca4a6e84554d5d6b2ed Signed-off-by: Neale Ranns <nranns@cisco.com>
2019-06-03ARP: add feature arcNeale Ranns1-0/+6
- arp-input, registered with the ethernet protocol dispatcher, performs basic checks and starts the arc - arp-reply; first feature on the arc replies to requests and learns from responses (no functional change) - arp-proxy; checks against the proxy DB arp-reply and arp-proxy are enabled when the interface is appropriately configured. Change-Id: I7d1bbabdb8c8b8187cac75e663daa4a5a7ce382a Signed-off-by: Neale Ranns <nranns@cisco.com>
2019-05-31VPP-1692: move NULL pointer checkDave Barach1-5/+5
TBH, this looks like merge damage or some such. Perfectly fine NULL pointer check, about three lines after it was needed. Change-Id: I52831062e30533a59fb76b644ee5ae389676d2ae Signed-off-by: Dave Barach <dave@barachs.net>
2019-05-30IP load-balance; perf improvement using the usual reciepeNeale Ranns1-137/+106
before and after: ip4-load-balance 1.54e1 ip4-load-balance 1.36e1 p.s. Quad loops were not beneficial Change-Id: I7bc01fc26288f0490af74db2b1b7993526c3d982 Signed-off-by: Neale Ranns <nranns@cisco.com>
2019-05-06ip4_load_balance: leverage vlib_get_buffersZhiyong Yang1-13/+11
vlib_get_buffers can save 1.2 clocks/pkt from 16.1 to 14.9 clocks/pkt on Skylake. Change-Id: I79d8b58b192280af5e5a5f73562b6301e1821cec Signed-off-by: Zhiyong Yang <zhiyong.yang@intel.com>
2019-04-10Make tcp/udp/icmp compute checksum safer for buffer-chain caseJohn Lo1-1/+1
Change-Id: I046e481a67fbeffdaa8504c8d77d232b986a61ee Signed-off-by: John Lo <loj@cisco.com>
2019-04-08fixing typosJim Thompson1-2/+2
Change-Id: I215e1e0208a073db80ec6f87695d734cf40fabe3 Signed-off-by: Jim Thompson <jim@netgate.com>
2019-03-28IPSEC: run encrpyt as a feautre on the tunnelNeale Ranns1-8/+19
Change-Id: I6527e3fd8bbbca2d5f728621fc66b3856b39d505 Signed-off-by: Neale Ranns <nranns@cisco.com>
2019-03-26ip6-rewrite: bug fix buffer->error in dual loopKingwel Xie1-3/+12
error should be recorded in buffer so that process-error-punt can handle them correctly Per Damjan's comments, move counter to under else clause of last error0==NONE check. Both v4 and v6 are changed. Change-Id: I707c7877ccb12589337155173fc4a5200b42ee93 Signed-off-by: Kingwel Xie <kingwel.xie@ericsson.com>
2019-02-19tap gso: experimental supportAndrew Yourtchenko1-7/+37
This commit adds a "gso" parameter to existing "create tap..." CLI, and a "no-gso" parameter for the compatibility with the future, when/if defaults change. It makes use of the lowest bit of the "tap_flags" field in the API call in order to allow creation of GSO interfaces via API as well. It does the necessary syscalls to enable the GSO and checksum offload support on the kernel side and sets two flags on the interface: virtio-specific virtio_if_t.gso_enabled, and vnet_hw_interface_t.flags & VNET_HW_INTERFACE_FLAG_SUPPORTS_GSO. The first one, if enabled, triggers the marking of the GSO-encapsulated packets on ingress with VNET_BUFFER_F_GSO flag, and setting vnet_buffer2(b)->gso_size to the desired L4 payload size. VNET_HW_INTERFACE_FLAG_SUPPORTS_GSO determines the egress packet processing in interface-output for such packets: When the flag is set, they are sent out almost as usual (just taking care to set the vnet header for virtio). When the flag is not enabled (the case for most interfaces), the egress path performs the re-segmentation such that the L4 payload of the transmitted packets equals gso_size. The operations in the datapath are enabled only when there is at least one GSO-compatible interface in the system - this is done by tracking the count in interface_main.gso_interface_count. This way the impact of conditional checks for the setups that do not use GSO is minimized. "show tap" CLI shows the state of the GSO flag on the interface, and the total count of GSO-enabled interfaces (which is used to enable the GSO-related processing in the packet path). This commit lacks IPv6 extension header traversal support of any kind - the L4 payload is assumed to follow the IPv6 header. Also it performs the offloads only for TCP (TSO - TCP segmentation offload). The UDP fragmentation offload (UFO) is not part of it. For debug purposes it also adds the debug CLI: "set tap gso {<interface> | sw_if_index <sw_idx>} <enable|disable>" Change-Id: Ifd562db89adcc2208094b3d1032cee8c307aaef9 Signed-off-by: Andrew Yourtchenko <ayourtch@gmail.com>
2019-02-14Add -fno-common compile optionBenoît Ganne1-0/+2
-fno-common makes sure we do not have multiple declarations of the same global symbol across compilation units. It helps debug nasty linkage bugs by guaranteeing that all reference to a global symbol use the same underlying object. It also helps avoiding benign mistakes such as declaring enum as global objects instead of types in headers (hence the minor fixes scattered across the source). Change-Id: I55c16406dc54ff8a6860238b90ca990fa6b179f1 Signed-off-by: Benoît Ganne <bganne@cisco.com>
2019-01-30Use IP and MAC API types for neighborsNeale Ranns1-9/+3
use address_t and mac_address_t for IPv6 and ARP entries and all other API calls in ip.api aprat from the route ones, that will follow in a separate commit Change-Id: I67161737c2184d3f8fc1e79ebd2b55121c5b0191 Signed-off-by: Neale Ranns <nranns@cisco.com>
2019-01-10ARP/ND: copy opaque2 persistent fields to new packetNeale Ranns1-1/+4
Change-Id: Ic65f686aaccaf8450732d88d7471b587faccaa9d Signed-off-by: Neale Ranns <nranns@cisco.com>
2018-12-13ip4_rewrite_inline: fix variable errorZhiyong Yang1-2/+2
Change-Id: I0470b4b13095583fe018f565f100342fab45715e Signed-off-by: Zhiyong Yang <zhiyong.yang@intel.com>
2018-12-12Change ipsec feature node namesPierre Pfister1-4/+4
ipsec4-output and ipsec6-output were conflicting with ipsec interface names ("ipsec<id>") and vnet/interface.c autogenerated output node ("<ifname>-output"). Changing feature names seems to be the less invasive option. This patch also changes "input" feature names for consistency. Change-Id: I4ba10d07e9ba09df20aa2500104252b06b55f8f7 Signed-off-by: Pierre Pfister <ppfister@cisco.com>
2018-12-10IP-local: any IP can appear as the source (VPP-1522)Neale Ranns1-3/+15
Change-Id: Ib0d9b533d72c899b77c9a7bd1daa9b4a55b7221c Signed-off-by: Neale Ranns <nranns@cisco.com>
2018-11-28Remove useless prefetch in ip4-rewrite nodeSimon Zhang1-1/+1
Prefetching first 2 packets' header is useless cause of the prefetching action is not done before using the packets. There's no performance drop in Xeon platform and slightly performance gain in Atom platform after rmoving the prefetch. Change-Id: Ib4b074af20d7cd5053aecc7147b162141aec31f5 Signed-off-by: Simon Zhang <yuwei1.zhang@intel.com>
2018-11-26Add a feature arc consistency checkDave Barach1-0/+4
Verify that last node in the computed feature order matches reality. This check doesn't make sense in all cases, so we skip it if the newly-added vnet_feature_arc_registration_t ".last_in_arc" datum is a NULL pointer. Change-Id: Ia99c3e2b2da2e4780a7d5bc71670c5742a66fef2 Signed-off-by: Dave Barach <dave@barachs.net>
2018-11-14Remove c-11 memcpy checks from perf-critical codeDave Barach1-12/+12
Change-Id: Id4f37f5d4a03160572954a416efa1ef9b3d79ad1 Signed-off-by: Dave Barach <dave@barachs.net>
2018-11-08IP load-balance; trace at the end of the node so the flow hash used is displayedNeale Ranns1-3/+3
Change-Id: Idbce0393fc9e6e8dbb2765ed164ba7f90d1ffccc Signed-off-by: Neale Ranns <nranns@cisco.com>
2018-11-02arp:add error counters for all failure casesEyal Bari1-98/+82
Change-Id: Ided6c661edc9e2035fd7b472c312e2380d3f9c0b Signed-off-by: Eyal Bari <ebari@cisco.com>
2018-10-29Use throttle_t for ND throttlingNeale Ranns1-2/+6
Change-Id: I93c6b7bccd1a1ab71625ae29c99c974581186c4d Signed-off-by: Neale Ranns <nranns@cisco.com>
2018-10-23c11 safe string handling supportDave Barach1-3/+3
Change-Id: Ied34720ca5a6e6e717eea4e86003e854031b6eab Signed-off-by: Dave Barach <dave@barachs.net>
2018-10-22ipsec: split ipsec nodes into ip4/ip6 nodesKlement Sekera1-4/+4
Change-Id: Ic6b27659f1fe9e8df39e80a0441305e4e952195a Signed-off-by: Klement Sekera <ksekera@cisco.com>
2018-10-04Support reassembly for fragments coming to ip4-local nodeJuraj Sloboda1-0/+7
Change-Id: I3aa4708c1c3cdda344f282d56b617677080eaaa1 Signed-off-by: Juraj Sloboda <jsloboda@cisco.com>
2018-10-02ip4-local: classify protos that skip csum and src checkFlorin Coras1-13/+38
Makes it easy to add protocols that skip L4 checks. Change-Id: I80ff95685bfa17e29c5800d9c96153cdc7739be2 Signed-off-by: Florin Coras <fcoras@cisco.com>
2018-09-27IPIP and IPv6 fragmentationOle Troan1-1/+1
- Error where ICMPv6 error code doesn't reset VLIB_TX = -1 Leading to crash for ICMP generated on tunnelled packets - Missed setting VNET_BUFFER_F_LOCALLY_ORIGINATED, so IP in IPv6 packets never got fragmented. - Add support for fragmentation of buffer chains. - Remove support for inner fragmentation in frag code itself. Change-Id: If9a97301b7e35ca97ffa5c0fada2b9e7e7dbfb27 Signed-off-by: Ole Troan <ot@cisco.com>
2018-08-30Refactor the ARP throttle into a common type so it can be reusedNeale Ranns1-21/+3
Change-Id: Ic7f7af983d5b6d756748023aa0c650f53e9285cf Signed-off-by: Neale Ranns <neale.ranns@cisco.com>
2018-08-23ip4: rework rewrite node to use vlib_buffer_enqueue_to_next()Damjan Marion1-355/+270
- perf improvement is around 3 clock per packet - it properly prefetches ip header and rewrite area Credits to zhiyong.yang@intel.com for spotting that in some cases rewrite area is not prefetched. Change-Id: Ie02913de7bd7f42b7df2617fb5fa87c74ab53c23 Signed-off-by: Damjan Marion <damarion@cisco.com>
2018-08-17VPP-1392: VXLAN fails with IP fragmentationOle Troan1-1/+1
Not only is it wasteful to send all fragments back through ip4-lookup, but it doesn't work with tunnel mechanisms that don't have IP enabled on their payload side. Change-Id: Ic92d95982dddaa70969a2a6ea2f98edec7614425 Signed-off-by: Ole Troan <ot@cisco.com>
2018-08-13Multiarch for ip4 forwarding nodesDamjan Marion1-59/+49
Change-Id: I68b55fc641da9dacc3343628b3e0cf77d3533313 Signed-off-by: Damjan Marion <damarion@cisco.com>
2018-08-09Thread-safe ARP / ND throttlingDave Barach1-35/+20
Change-Id: I810d834c407bd404d5f0544cdec0674f0bb92d31 Signed-off-by: Dave Barach <dave@barachs.net> Signed-off-by: Dave Barach <dbarach@cisco.com>
2018-07-21fix IP directed broadcast node declarationsMatthew Smith1-1/+1
The dev build ('make build') was failing because ip4_rewrite_bcast() and ip6_rewrite_bcast() are declared static and were not referenced. The node functions that were set for directed broadcast rewrite: ip4_rewrite_bcast_node - ip4_rewrite() ip6_rewrite_bcast_node - ip6_rewrite() Changed to: ip4_rewrite_bcast_node - ip4_rewrite_bcast() ip6_rewrite_bcast_node - ip6_rewrite_bcast() The release build ('make build-release') succeeds because there is a VLIB_NODE_FUNCTION_MULTIARCH() call referencing the function. That macro is empty for dev builds. Change-Id: I2a05f00ca43d0eae8ff2e3026991e69917003fe1 Signed-off-by: Matthew Smith <mgsmith@netgate.com>
2018-07-20IP directed broadcastNeale Ranns1-6/+99
with ip direct broadcast enable a packet to the interface's subnet broadcast address with be sent L2 broadcast on the interface. dissabled, it will be dropped. it is disabled by default, which preserves current behaviour Change-Id: If154cb92e64834e97a541b32624354348a0eafb3 Signed-off-by: Neale Ranns <nranns@cisco.com>
2018-07-11avoid using thread local storage for thread indexDamjan Marion1-2/+2
It is cheaper to get thread index from vlib_main_t if available... Change-Id: I4582e160d06d9d7fccdc54271912f0635da79b50 Signed-off-by: Damjan Marion <damarion@cisco.com>
2018-06-26node functions cannot be always_inlineDamjan Marion1-1/+1
Thanks to gcc-8 for highlighting this... Change-Id: I53bfab631a40fd1b680c76a48b0307a33fa2b154 Signed-off-by: Damjan Marion <damarion@cisco.com>
2018-06-19Check get packet template allocation failure (VPP-1321)John Lo1-0/+3
After calling vlib_packet_template_get_packet(), make sure packet buffer is allocated before using it. Change-Id: Idb5199f4e2c9596137b2101e502d611f474a6ffe Signed-off-by: John Lo <loj@cisco.com>