summaryrefslogtreecommitdiffstats
path: root/src/vnet/ip/ip4_forward.c
AgeCommit message (Collapse)AuthorFilesLines
2020-09-23ip: use main heap for mtrie, part 2 (remove args)Damjan Marion1-26/+0
Type: improvement Change-Id: I8c28c845c75657852f1e513e2832771fad6b90b7 Signed-off-by: Damjan Marion <damarion@cisco.com>
2020-09-01ip: fix ip zero checksum verificationBenoît Ganne1-2/+2
In one's complement, there are two representations of zero: the all zero and the all one bit values, often referred to as +0 and -0. See RFC 1624 section 3 for more details. This used to be taken care of in ip4_header_checksum(), but it is no longer the case. The check ip->checksum == ip4_header_checksum (ip) is no longer correct in the -0 case. Always use ip4_header_checksum_is_valid() instead (which behaves correctly since 9a79a1ab931c3b5a7ae07d6f0fcfef7c4368a2c4). Type: fix Fixes: e5f0050c7a5d411f96af6401797529d58825e2af Change-Id: Iacc6b60645a834287b085aecb9e3fdb4554cf0cf Signed-off-by: Benoît Ganne <bganne@cisco.com>
2020-06-12ip: allocate ip4 mtrie pages in htlb memoryDave Barach1-0/+3
No change in default behavior. To use htlb pages for the ip4 mtrie, use the "ip" command-line option "mtrie-hugetlb". Type: improvement Signed-off-by: Dave Barach <dave@barachs.net> Change-Id: I5497e426a47200edff2c7e15563ed6a42af12e7f
2020-06-08vxlan: Fixed checksum caclculation offsetVladimir Isaev1-8/+4
VXLAN uses csum_offload for IPv6 packets. But without gso node we have csum calculated only for inner packet. This patch adds support for outer header csum calculation. Checksum for inner packet should be calculated before interface-output node (for example in vxlan node). Type: fix Signed-off-by: Mohsin Kazmi <sykazmi@cisco.com> Signed-off-by: Vladimir Isaev <visaev@netgate.com> Change-Id: Ica68429ede4426293769207cd83c791ebe72fe56
2020-05-27ethernet: fix DMAC check and skip unnecessary ones (VPP-1868)John Lo1-0/+7
Fix and optimize DMAC check in ethernet-input node to utilize NIC or driver which support L3 DMAC-filtering mode so that DMAC check can be bypassed safely for interfaces/sub-interfaces in L3 mode. Checking of interface in L3-DMAC-filtering state to avoid DMAC check require the following: a) Fix interface driver init sequence for devices which supports L3 DMAC-filtering to indicate its capability and initialize interface to L3 DMAC-filtering state. b) Fix ethernet_set_flags() function and its associated callback flags_change() functions registered by various drivers in interface infra to provide proper L3 DMAC filtering status. Maintain interface/sub-interface L3 config count so DMAC checks can be bypassed if L3 forwarding is not setup on any main/sub-interfaces. Type: fix Ticket: VPP-1868 Signed-off-by: John Lo <loj@cisco.com> Change-Id: I204d90459c13e9e486cfcba4e64e3d479bc9f2ae
2020-05-21ip: Dual loop error in midchain chksumNeale Ranns1-1/+1
Type: fix Change-Id: Idf7c80b7d81f796bd0512bca4276bcfcf2af241a Signed-off-by: Neale Ranns <nranns@cisco.com>
2020-05-14ip: fix interface ip address del sw_if_index checkyedg1-1/+4
Type: fix Signed-off-by: Ye donggang <yedg@wangsu.com> Change-Id: Ia9f72ff2be455ecd4ff3d16e884c5a50f9df69fe
2020-05-04fib: midchain adjacency optimisationsNeale Ranns1-31/+55
Type: improvement - inline some common encap fixup functions into the midchain rewrite node so we don't incur the cost of the virtual function call - change the copy 'guess' from ethernet_header (which will never happen) to an ip4 header - add adj-midchain-tx to multiarch sources - don't run adj-midchain-tx as a feature, instead put this node as the adj's next and at the end of the feature arc. - cache the feature arc config index (to save the cache miss going to fetch it) - don't check if features are enabled when taking the arc (since we know they are) the last two changes will also benefit normal adjacencies taking the arc (i.e. for NAT, ACLs, etc) for IPSec: - don't run esp_encrypt as a feature, instead when required insert this node into the adj's next and into the end of the feature arc. this implies that encrypt is always 'the last feature' run, which is symmetric with decrypt always being the first. - esp_encrpyt for tunnels has adj-midchain-tx as next node Change-Id: Ida0af56a704302cf2d7797ded5f118a781e8acb7 Signed-off-by: Neale Ranns <nranns@cisco.com>
2020-04-23ip: Replace Sematics for Interface IP addressesNeale Ranns1-15/+80
Type: feature - replace functions for prefixes attached to interfaces - add ip_interface.[ch] to consoldate the functions Signed-off-by: Neale Ranns <nranns@cisco.com> Change-Id: I9c0c39c09dbf80ea1aadefee02c9bd16f094b6ad
2020-04-15misc: refactor calc_checksumsDave Barach1-4/+12
Merge two mildly incompatible static inlines, and rename the results vnet_calc_checksums_inline (...). The resulting inline has three additional parameters: int is_ip4, int is_ip6, and int with_gso. All calls manage to pass one or more as compile-time constants, which causes a certain amount of code to disappear in each instantiation. Type: refactor Signed-off-by: Dave Barach <dave@barachs.net> Change-Id: I1a2a0e353b9a7bca20bc81318e8c915617261e1a
2020-04-14urpf: Unicast reverse Path Forwarding (plugin)Neale Ranns1-14/+0
Type: feature - move the IP4 code to plugin - add ip6 support - add suport for uRPF on TX - add tests Change-Id: I074c2debc486d3e79c12fad4b8dbd72c41e841a0 Signed-off-by: Neale Ranns <nranns@cisco.com>
2020-04-08ip: do not clear the locally-originated flagNeale Ranns1-8/+2
Type: fix - doing so in MTU dec, means mtu_inc is broken - there's no need to. if a packet encounters ipX-rewrite a second time then it went through a tunnel the first time and is still locally originated. Change-Id: I0f279c2837b608c1677485fe93f63398ab2737b3 Signed-off-by: Neale Ranns <nranns@cisco.com>
2020-03-17fib: Always install all routers mcast addressesNeale Ranns1-0/+3
Type: improvement Signed-off-by: Neale Ranns <nranns@cisco.com> Change-Id: Ia8dff15855a81cf29729bdaa3ff28fbe3254fa97
2020-02-11ip: fix ip-local errorsFlorin Coras1-1/+3
Type: fix Signed-off-by: Florin Coras <fcoras@cisco.com> Change-Id: Ie8bc5c9a03e858487cf565b4e9b520e6b496337a
2020-01-14classify: Reduce the include dependencies on vnet_classify.hNeale Ranns1-0/+1
Type: refactor currently vnet_classify.h is included in ip.h where it's not required. Change-Id: Id55682637601655aa2edda681536a979c8e323bd Signed-off-by: Neale Ranns <nranns@cisco.com>
2020-01-11ip: avoid fib lookup for consecutive pkts having same source IPNitin Saxena1-5/+5
Type: fix Fixes: be2286b0 This patch does following: - If terminating frame has consecutive packets with same source IP, this patch avoids fib lookup for those packets in ip4-local node. This drops cycle count for ip4-local node on both ARM and x86. It being done by enabling dead code in else {} case of ip4_local_check_src_x2() and ip4_local_check_src() functions. - In case all packets in terminating frame have unique source IP (e.g: incrementing), ip4-local is costlier by 2 cycles (broadwell) Change-Id: I472ddc324716cec8bfe601568b8aeb7565f97ab3 Signed-off-by: Nitin Saxena <nsaxena@marvell.com>
2019-12-17ip: Protocol Independent IP NeighborsNeale Ranns1-343/+0
Type: feature - ip-neighbour: generic neighbour handling; APIs, DBs, event handling, aging - arp: ARP protocol implementation - ip6-nd; IPv6 neighbor discovery implementation; separate ND, MLD, RA - ip6-link; manage link-local addresses - l2-arp-term; events separated from IP neighbours, since they are not the same. vnet retains just enough education to perform ND/ARP packet construction. arp and ip6-nd to be moved to plugins soon. Change-Id: I88dedd0006b299344f4c7024a0aa5baa6b9a8bbe Signed-off-by: Neale Ranns <nranns@cisco.com>
2019-12-04gso: remove the interface countMohsin Kazmi1-15/+7
Type: refactor Change-Id: I51405b9d09fb6fb03d08569369fdd4e11c647908 Signed-off-by: Mohsin Kazmi <sykazmi@cisco.com>
2019-12-03fib: constify the adjacency in the rewrite nodesNeale Ranns1-1/+1
Type: refactor Signed-off-by: Neale Ranns <nranns@cisco.com> Change-Id: I3aad20b35d89fc541fdf185096d71ca12b09a6e2
2019-11-11ip: functional interface to ip fragmentationOle Troan1-8/+8
This provides a functional interface to IP fragmentation. Allowing external features to fragment. Supports arbitrary encap size, for e.g. MPLS or inner fragmentation of tunnels. This also removed dual loop in MAP that was fundamentally broken. Type: fix Signed-off-by: Ole Troan <ot@cisco.com> Change-Id: Ia89ecec8ee3cbe2416edbe87630fdb714898c2a8 Signed-off-by: Ole Troan <ot@cisco.com>
2019-11-05ip: Fragmentation fixesNeale Ranns1-96/+121
Type: fix if the packet is about to be fragmented, then don't call any of the actions that expect the rewrite to have been written. 1) don't double count packets thru the adjacency (original & fragments) 2) don't double decrement the TTL for fragments 3) return to ip4-midchain post ip-frag if that's where we started. 4) only run midchain/mcast fixups if not fragmenting (if no errors) Change-Id: Ib2866787a42713ee5871b87b597d8f74b901044b Signed-off-by: Neale Ranns <nranns@cisco.com>
2019-10-10tcp: custom checksum calculations for Ipv4/Ipv6Srikanth A1-43/+3
Type: feature Based on the configuration, we can disable checksum offload capability and calculate checksum while pushing the TCP & IP header. This saves some cycles when VPP stack is used in legacy hardware devices. Signed-off-by: Srikanth A <srakula@cisco.com> Change-Id: Ic1b3fcf3040917e47ee65263694ebf7437ac5668 (cherry picked from commit 3642782a2748503f5b5ccf89d1575c1d489948ef)
2019-09-25ip: refactor reassemblyKlement Sekera1-1/+1
this is a preparation step for introducing other reassembly types Type: refactor Change-Id: I197e299dbd729b00eead31667913b8ceff915d63 Signed-off-by: Klement Sekera <ksekera@cisco.com>
2019-09-16api: autogenerate api trace print/endianOle Troan1-1/+3
In addition to the external vppapitrace tool, VPP itself supports dumping of API trace files. In two formats, "custom-dump" and "dump". "dump" gives a human friendly list, and "custom-dump" is meant to give a list of commands that can be fed to VAT. This patch only deals with "dump". Prior to this fix, auto-generation was only done for the basic types. This fix adds support for any type, including lists, and supports pretty-printing of enums, strings, IP addresses, MAC addresses and so on. Usage: api trace dump <api-trace-file> For example Change-Id: I4e485680e6dcfce7489299ae6cf31d835071ac40 ---------- trace 48 ----------- vl_api_sw_interface_set_flags_t: _vl_msg_id: 75 client_index: 0 context: 10 sw_if_index: 1 flags: IF_STATUS_API_FLAG_ADMIN_UP ---------- trace 49 ----------- vl_api_sw_interface_add_del_address_t: _vl_msg_id: 88 client_index: 0 context: 11 sw_if_index: 1 is_add: 1 del_all: 0 prefix: 172.16.1.1/24 ---------- trace 51 ----------- vl_api_cli_inband_t: _vl_msg_id: 819 client_index: 0 context: 13 cmd: packet-generator capture pg0 pcap /tmp/vpp-unittest-TestMAP-YhcmDX/pg0_out.pcap disable ---------- trace 58 ----------- vl_api_ip_neighbor_add_del_t: _vl_msg_id: 199 client_index: 0 context: 20 is_add: 1 neighbor: sw_if_index: 2 flags: IP_API_NEIGHBOR_FLAG_NONE mac_address: 0202.0000.ff02 ip_address: fd01:2::2 Signed-off-by: Ole Troan <ot@cisco.com> Change-Id: I5556d06008de2762e7c2d35a8b0963ae670b3db1 Type: fix Signed-off-by: Ole Troan <ot@cisco.com> Signed-off-by: Ole Troan <ot@cisco.com> Signed-off-by: Ole Troan <ot@cisco.com> Signed-off-by: Ole Troan <ot@cisco.com> Signed-off-by: Ole Troan <ot@cisco.com> Signed-off-by: Ole Troan <ot@cisco.com> Signed-off-by: Ole Troan <ot@cisco.com> Signed-off-by: Ole Troan <ot@cisco.com>
2019-09-11ip: apply dual loop unrolling in ip4_rewriteLijian.Zhang1-0/+131
Too many prefetches within loop unrollings induce bottleneck and performance degradation on some CPUs which have less cache line fill buffers, e.g, Arm Cortex-A72. Apply dual loop unrolling and tune prefetches manually to remove hot-spot with prefetch instructions, to get throughput improvement. It brings about 7% throughput improvement and saves 28% clocks with ip4_rewrite nodes on Cortex-A72 CPUs. Type: feature Change-Id: I0d35ef19faccbd7a5a4647f50bc369bfcb01a20d Signed-off-by: Lijian Zhang <Lijian.Zhang@arm.com>
2019-09-07ip: fix udp/tcp checksum corner casesDave Barach1-3/+15
When checksumming chained buffers with odd lengths: insert a NULL byte, or the calculation fails. Type: fix Signed-off-by: Dave Barach <dave@barachs.net> Signed-off-by: John Lo <loj@cisco.com> Change-Id: I380f7c42897bdb28c8c29aa1c4cdaaa849cc9ecc
2019-08-19ip: leverage existing vlib_buffer_advanceZhiyong Yang1-6/+3
The function ip4_rewrite_inline_with_gso can leverage the existing vlib_buffer_advance to simplify code. Type: fix Change-Id: I25d943dc78aba2f67654385cf3f693eb01e0210e Signed-off-by: Zhiyong Yang <zhiyong.yang@intel.com>
2019-08-12ip: allow addrs from the same prefix on intfMatthew Smith1-79/+234
Type: feature Adding a prefix to an interface was not permitted if it overlapped with another prefix on an interface which used the same FIB. Loosen the restriction. Allow 2 or more addresses from the same prefix on a single interface. Reference count the prefix to figure out when a glean/connected route for the prefix needs to be added or removed. Added unit tests to check that the route is only removed when all addresses in the prefix are removed from the interface. Change-Id: I1a962ecb5e1ee65fc6d41f98a4cc097a51a55321 Signed-off-by: Matthew Smith <mgsmith@netgate.com>
2019-08-03ip: fix ip6/udp checksum for pkts using buffer chainingJohn Lo1-0/+3
Fix ip6_tcp_udp_icmp_compute_checksum to work properly for packets with multiple buffers. Fix ip4_tcp_udp_compute_checksum to exit upon detecting error. Type: fix Signed-off-by: John Lo <loj@cisco.com> Change-Id: I673547f4479d72cd60757383343fc562cff10265
2019-07-19ip: admin change affects intf IPv4 addr routesMatthew G Smith1-7/+53
Type: feature When admin status is changed on an interface, add or delete the routes for the IPv4 addresses configured on that interface. This is already being done for IPv6 interface addresses. Change-Id: Ib1e7dc49c499921dd287e075640243520ffa5589 Signed-off-by: Matthew Smith <mgsmith@netgate.com>
2019-07-08ip: retain local interface address adjacencyMatthew Smith1-6/+24
Type: feature ip4_local_check_src() was overwriting vnet buffer opaque data on the adjacency for packets with "local" (dpo-receive) destination addresses. Retain the dpo receive index in vnet_buffer()->adj_index[VLIB_TX]. This can allow a graph node to distinguish the interface where the destination address is configured from the interface where the packet was received. This can be useful in correctly handling packets that have been sent to an address configured on a loopback interface. Change-Id: I52a942e85b5302b338a2d0404a37c5ea1a99e89f Signed-off-by: Matthew Smith <mgsmith@netgate.com>
2019-06-28ip: ip-lookup - remove the dead codeNeale Ranns1-4/+1
Type: refactor Change-Id: I791cc63e989df049104420faf74fc28f965b6648 Signed-off-by: Neale Ranns <nranns@cisco.com>
2019-06-04Punt: specify packets by IP protocol TypeNeale Ranns1-2/+12
Change-Id: I0c2d6fccd95146e52bb88ca4a6e84554d5d6b2ed Signed-off-by: Neale Ranns <nranns@cisco.com>
2019-06-03ARP: add feature arcNeale Ranns1-0/+6
- arp-input, registered with the ethernet protocol dispatcher, performs basic checks and starts the arc - arp-reply; first feature on the arc replies to requests and learns from responses (no functional change) - arp-proxy; checks against the proxy DB arp-reply and arp-proxy are enabled when the interface is appropriately configured. Change-Id: I7d1bbabdb8c8b8187cac75e663daa4a5a7ce382a Signed-off-by: Neale Ranns <nranns@cisco.com>
2019-05-31VPP-1692: move NULL pointer checkDave Barach1-5/+5
TBH, this looks like merge damage or some such. Perfectly fine NULL pointer check, about three lines after it was needed. Change-Id: I52831062e30533a59fb76b644ee5ae389676d2ae Signed-off-by: Dave Barach <dave@barachs.net>
2019-05-30IP load-balance; perf improvement using the usual reciepeNeale Ranns1-137/+106
before and after: ip4-load-balance 1.54e1 ip4-load-balance 1.36e1 p.s. Quad loops were not beneficial Change-Id: I7bc01fc26288f0490af74db2b1b7993526c3d982 Signed-off-by: Neale Ranns <nranns@cisco.com>
2019-05-06ip4_load_balance: leverage vlib_get_buffersZhiyong Yang1-13/+11
vlib_get_buffers can save 1.2 clocks/pkt from 16.1 to 14.9 clocks/pkt on Skylake. Change-Id: I79d8b58b192280af5e5a5f73562b6301e1821cec Signed-off-by: Zhiyong Yang <zhiyong.yang@intel.com>
2019-04-10Make tcp/udp/icmp compute checksum safer for buffer-chain caseJohn Lo1-1/+1
Change-Id: I046e481a67fbeffdaa8504c8d77d232b986a61ee Signed-off-by: John Lo <loj@cisco.com>
2019-04-08fixing typosJim Thompson1-2/+2
Change-Id: I215e1e0208a073db80ec6f87695d734cf40fabe3 Signed-off-by: Jim Thompson <jim@netgate.com>
2019-03-28IPSEC: run encrpyt as a feautre on the tunnelNeale Ranns1-8/+19
Change-Id: I6527e3fd8bbbca2d5f728621fc66b3856b39d505 Signed-off-by: Neale Ranns <nranns@cisco.com>
2019-03-26ip6-rewrite: bug fix buffer->error in dual loopKingwel Xie1-3/+12
error should be recorded in buffer so that process-error-punt can handle them correctly Per Damjan's comments, move counter to under else clause of last error0==NONE check. Both v4 and v6 are changed. Change-Id: I707c7877ccb12589337155173fc4a5200b42ee93 Signed-off-by: Kingwel Xie <kingwel.xie@ericsson.com>
2019-02-19tap gso: experimental supportAndrew Yourtchenko1-7/+37
This commit adds a "gso" parameter to existing "create tap..." CLI, and a "no-gso" parameter for the compatibility with the future, when/if defaults change. It makes use of the lowest bit of the "tap_flags" field in the API call in order to allow creation of GSO interfaces via API as well. It does the necessary syscalls to enable the GSO and checksum offload support on the kernel side and sets two flags on the interface: virtio-specific virtio_if_t.gso_enabled, and vnet_hw_interface_t.flags & VNET_HW_INTERFACE_FLAG_SUPPORTS_GSO. The first one, if enabled, triggers the marking of the GSO-encapsulated packets on ingress with VNET_BUFFER_F_GSO flag, and setting vnet_buffer2(b)->gso_size to the desired L4 payload size. VNET_HW_INTERFACE_FLAG_SUPPORTS_GSO determines the egress packet processing in interface-output for such packets: When the flag is set, they are sent out almost as usual (just taking care to set the vnet header for virtio). When the flag is not enabled (the case for most interfaces), the egress path performs the re-segmentation such that the L4 payload of the transmitted packets equals gso_size. The operations in the datapath are enabled only when there is at least one GSO-compatible interface in the system - this is done by tracking the count in interface_main.gso_interface_count. This way the impact of conditional checks for the setups that do not use GSO is minimized. "show tap" CLI shows the state of the GSO flag on the interface, and the total count of GSO-enabled interfaces (which is used to enable the GSO-related processing in the packet path). This commit lacks IPv6 extension header traversal support of any kind - the L4 payload is assumed to follow the IPv6 header. Also it performs the offloads only for TCP (TSO - TCP segmentation offload). The UDP fragmentation offload (UFO) is not part of it. For debug purposes it also adds the debug CLI: "set tap gso {<interface> | sw_if_index <sw_idx>} <enable|disable>" Change-Id: Ifd562db89adcc2208094b3d1032cee8c307aaef9 Signed-off-by: Andrew Yourtchenko <ayourtch@gmail.com>
2019-02-14Add -fno-common compile optionBenoît Ganne1-0/+2
-fno-common makes sure we do not have multiple declarations of the same global symbol across compilation units. It helps debug nasty linkage bugs by guaranteeing that all reference to a global symbol use the same underlying object. It also helps avoiding benign mistakes such as declaring enum as global objects instead of types in headers (hence the minor fixes scattered across the source). Change-Id: I55c16406dc54ff8a6860238b90ca990fa6b179f1 Signed-off-by: Benoît Ganne <bganne@cisco.com>
2019-01-30Use IP and MAC API types for neighborsNeale Ranns1-9/+3
use address_t and mac_address_t for IPv6 and ARP entries and all other API calls in ip.api aprat from the route ones, that will follow in a separate commit Change-Id: I67161737c2184d3f8fc1e79ebd2b55121c5b0191 Signed-off-by: Neale Ranns <nranns@cisco.com>
2019-01-10ARP/ND: copy opaque2 persistent fields to new packetNeale Ranns1-1/+4
Change-Id: Ic65f686aaccaf8450732d88d7471b587faccaa9d Signed-off-by: Neale Ranns <nranns@cisco.com>
2018-12-13ip4_rewrite_inline: fix variable errorZhiyong Yang1-2/+2
Change-Id: I0470b4b13095583fe018f565f100342fab45715e Signed-off-by: Zhiyong Yang <zhiyong.yang@intel.com>
2018-12-12Change ipsec feature node namesPierre Pfister1-4/+4
ipsec4-output and ipsec6-output were conflicting with ipsec interface names ("ipsec<id>") and vnet/interface.c autogenerated output node ("<ifname>-output"). Changing feature names seems to be the less invasive option. This patch also changes "input" feature names for consistency. Change-Id: I4ba10d07e9ba09df20aa2500104252b06b55f8f7 Signed-off-by: Pierre Pfister <ppfister@cisco.com>
2018-12-10IP-local: any IP can appear as the source (VPP-1522)Neale Ranns1-3/+15
Change-Id: Ib0d9b533d72c899b77c9a7bd1daa9b4a55b7221c Signed-off-by: Neale Ranns <nranns@cisco.com>
2018-11-28Remove useless prefetch in ip4-rewrite nodeSimon Zhang1-1/+1
Prefetching first 2 packets' header is useless cause of the prefetching action is not done before using the packets. There's no performance drop in Xeon platform and slightly performance gain in Atom platform after rmoving the prefetch. Change-Id: Ib4b074af20d7cd5053aecc7147b162141aec31f5 Signed-off-by: Simon Zhang <yuwei1.zhang@intel.com>
2018-11-26Add a feature arc consistency checkDave Barach1-0/+4
Verify that last node in the computed feature order matches reality. This check doesn't make sense in all cases, so we skip it if the newly-added vnet_feature_arc_registration_t ".last_in_arc" datum is a NULL pointer. Change-Id: Ia99c3e2b2da2e4780a7d5bc71670c5742a66fef2 Signed-off-by: Dave Barach <dave@barachs.net>