Age | Commit message (Collapse) | Author | Files | Lines |
|
This also changes the behavior of the nat44-ei hairpinning feature.
Rather then enabling the feature on every nat interface, it is enabled
only on local0.
Type: improvement
Signed-off-by: Filip Varga <fivarga@cisco.com>
Signed-off-by: Florin Coras <fcoras@cisco.com>
Change-Id: I4e16a83c9e328aa75fc61df508b620ef743ca775
|
|
Add API to disable full reassembly of "forus" packets. Mark packets
passing through ip[4|6]-local nodes with a new buffer flag and check for
that flag in reassembly.
Enable IP6 "forus" full reassembly by default to be consistent with
existing IP4 setting.
Type: improvement
Change-Id: I7067792fcd4304182654237968e4c4d9293c6143
Signed-off-by: Klement Sekera <ksekera@cisco.com>
|
|
On interface delete we were not removing
the lock taken by a previous ip_table_bind()
call thus preventing the VRFs to be removed.
Type: fix
Change-Id: I11abbb51a09b45cd3390b23d5d601d029c5ea485
Signed-off-by: Nathan Skrzypczak <nathan.skrzypczak@gmail.com>
|
|
Type: improvement
Signed-off-by: Florin Coras <fcoras@cisco.com>
Change-Id: I43f6bfa028ee37227f27a2fe0303662bf2631b10
|
|
Type: improvement
This adds a new ip[46]-receive node, sibling
of ip[46]-local. Its goal is to set
vnet_buffer (b)->ip.rx_sw_if_index to the
sw_if_index of the local interface.
In dependant nodes further down the line (e.g.
hoststack) we then set sw_if_idx[rx] to this
value. So that we know which local interface
did receive the packet.
The TCP issue this fixes is that :
On accepts, we were setting tc->sw_if_index
to the source sw_if_index. We should use
the dest sw_if_index, so that packets
coming back on this connection have the
right source sw_if_index. And also setting
it in the tx-ed packet.
Change-Id: I569ed673e15c21e71f365c3ad45439b05bd14a9f
Signed-off-by: Nathan Skrzypczak <nathan.skrzypczak@gmail.com>
|
|
Type: fix
A subinterface that does not have exact match enabled cannot have
an IP address configured on it. When this is validated in the functions
which add an interface IP address for IPv4 and IPv6, a clib_error_t * is
returned but api_errno is not set. The API handler uses the value of
vnet_main.api_errno to set the return value in it's reply. Since it was
not set, the API reports the operation succeeded.
Set vnet_main.api_errno if vnet_sw_interface_supports_addressing() returns
a non-null value when adding/deleting an interface IP address.
Change-Id: I257a30d21788986102a2a719235e714ff16a24e8
Signed-off-by: Matthew Smith <mgsmith@netgate.com>
|
|
Type: improvement
Signed-off-by: Mohsin Kazmi <sykazmi@cisco.com>
Change-Id: Ic0fa4f83048a280a7d1b04198c0f903798562d2d
|
|
Type: fix
The init of fib_index_by_sw_if_index wasn't
setting default value to 0. Which we now
need for setting interfaces unnumbered
Change-Id: Ie5be9b5e5373ef055557a871ad4d1c45fbfc1dee
Signed-off-by: Nathan Skrzypczak <nathan.skrzypczak@gmail.com>
|
|
Type: fix
Creating a sub-int without exact-match set, and subsequently adding an
IPv4 or IPv6 address will crash VPP. This fix catches this situation and
refuses to allow the caller to add an IPv4 or IPv6 address on an
ethernet sub-int that does not have exact-match set.
TESTED:
Before this change, the following crashes VPP:
```
DBGvpp# cre sub TenGigabitEthernet3/0/0 1 dot1q 10
TenGigabitEthernet3/0/0.1
DBGvpp# set interface ip address TenGigabitEthernet3/0/0.1 2001:db8::1/64
<crash>
```
After the change, VPP refuses to act:
```
DBGvpp# cre sub TenGigabitEthernet3/0/0 1 dot1q 10
TenGigabitEthernet3/0/0.1
DBGvpp# set interface ip address TenGigabitEthernet3/0/0.1 192.0.2.1/30
set interface ip address: sub-interface without exact-match doesn't support IP addressing
DBGvpp# set interface ip address TenGigabitEthernet3/0/0.1 2001:db8:1/64
set interface ip address: sub-interface without exact-match doesn't support IP addressing
```
Signed-off-by: Pim van Pelt <pim@ipng.nl>
Change-Id: I42997db314225cd186ebb54013b5717ace7f7bd6
|
|
Type: refactor
as opposed to wrtiing out the mtrie steps one by one each time.
Signed-off-by: Neale Ranns <neale@graphiant.com>
Change-Id: I1248861350f9189f9a67ac6e68940813af279e03
|
|
Type: fix
There's no such thing as a conflict between the FIB and adj tables. This
is code that should have been removed way back in 16.04.
Signed-off-by: Neale Ranns <neale@graphiant.com>
Change-Id: I4524e7921b03b89106dd1f35aa1171d0945367cf
|
|
Type: refactor
Change-Id: Id10cbf52e8f2dd809080a228d8fa282308be84ac
Signed-off-by: Damjan Marion <damarion@cisco.com>
|
|
Type: style
reduce the number of files recompiled after changing pg.h from 1110 to
102.
Signed-off-by: Neale Ranns <neale@graphiant.com>
Change-Id: I50611eba818eeb3a2dffd437a3c72c77766bed80
|
|
Type: improvement
Some tests i.e. ipsec see performance regression when offload flags
are moved to 2nd cacheline. This patch moves them back to 1st cacheline.
Change-Id: I6ead45ff6d2c467b0d248f409e27c2ba31758741
Signed-off-by: Mohsin Kazmi <sykazmi@cisco.com>
|
|
Type: refactor
Change-Id: Ifbaf42ef88a7e0f1715b7b5e342af790e3b6acd9
Signed-off-by: Damjan Marion <damarion@cisco.com>
|
|
Type: refactor
This patch refactors the offload flags in vlib_buffer_t.
There are two main reasons behind this refactoring.
First, offload flags are insufficient to represent outer
and inner headers offloads. Second, room for these flags
in first cacheline of vlib_buffer_t is also limited.
This patch introduces a generic offload flag in first
cacheline. And detailed offload flags in 2nd cacheline
of the structure for performance optimization.
Change-Id: Icc363a142fb9208ec7113ab5bbfc8230181f6004
Signed-off-by: Mohsin Kazmi <sykazmi@cisco.com>
|
|
extends ip6_compute_flow_hash() to include IPv6 flowlabel in flowhash computation
Type: improvement
Signed-off-by: Ahmed Abdelsalam <ahabdels@cisco.com>
Signed-off-by: Neale Ranns <neale.ranns@cisco.com>
Change-Id: Id1aaa20c9dac729c22b714eea1cdd6e9e4d1f75e
|
|
Type: refactor
Change-Id: Ie67dc579e88132ddb1ee4a34cb69f96920101772
Signed-off-by: Damjan Marion <damarion@cisco.com>
|
|
Type: improvement
ip4_rewrite_inline_with_gso() did vlib_prefetch_buffer_header() for all nodes.
However it is not necessary for ip-rewrite, it is only needed by ip-midchain.
This patch makes ip4-rewrite prefetches less buffers to save cycles.
Signed-off-by: PiotrX Kleski <piotrx.kleski@intel.com>
Change-Id: Ib82dcb0eda4a2d1d7b8d664f2224d49b72aef50f
|
|
Type: feature
Signed-off-by: Neale Ranns <neale.ranns@cisco.com>
Change-Id: I964afd9266645de5c87d49c58ce6b48c2c18f97f
|
|
Type: feature
Use the FIB to provide SAS (in so far as it is today)
- Use the glean adjacency as the record of the connected prefixes
= there's a glean per-{interface, protocol, connected-prefix}
- Keep the glean up to date with whatever the recieve host prefix is
(since it can change)
Signed-off-by: Neale Ranns <neale.ranns@cisco.com>
Change-Id: I0f3dd1edb1f3fc965af1c7c586709028eb9cdeac
|
|
Type: improvement
Change-Id: I8c28c845c75657852f1e513e2832771fad6b90b7
Signed-off-by: Damjan Marion <damarion@cisco.com>
|
|
In one's complement, there are two representations of zero: the all
zero and the all one bit values, often referred to as +0 and -0. See
RFC 1624 section 3 for more details.
This used to be taken care of in ip4_header_checksum(), but it is no
longer the case. The check ip->checksum == ip4_header_checksum (ip) is
no longer correct in the -0 case.
Always use ip4_header_checksum_is_valid() instead (which behaves
correctly since 9a79a1ab931c3b5a7ae07d6f0fcfef7c4368a2c4).
Type: fix
Fixes: e5f0050c7a5d411f96af6401797529d58825e2af
Change-Id: Iacc6b60645a834287b085aecb9e3fdb4554cf0cf
Signed-off-by: Benoît Ganne <bganne@cisco.com>
|
|
No change in default behavior. To use htlb pages for the ip4 mtrie,
use the "ip" command-line option "mtrie-hugetlb".
Type: improvement
Signed-off-by: Dave Barach <dave@barachs.net>
Change-Id: I5497e426a47200edff2c7e15563ed6a42af12e7f
|
|
VXLAN uses csum_offload for IPv6 packets.
But without gso node we have csum calculated only for inner
packet.
This patch adds support for outer header csum calculation.
Checksum for inner packet should be calculated before
interface-output node (for example in vxlan node).
Type: fix
Signed-off-by: Mohsin Kazmi <sykazmi@cisco.com>
Signed-off-by: Vladimir Isaev <visaev@netgate.com>
Change-Id: Ica68429ede4426293769207cd83c791ebe72fe56
|
|
Fix and optimize DMAC check in ethernet-input node to utilize NIC or
driver which support L3 DMAC-filtering mode so that DMAC check can be
bypassed safely for interfaces/sub-interfaces in L3 mode.
Checking of interface in L3-DMAC-filtering state to avoid DMAC check
require the following:
a) Fix interface driver init sequence for devices which supports L3
DMAC-filtering to indicate its capability and initialize interface
to L3 DMAC-filtering state.
b) Fix ethernet_set_flags() function and its associated callback
flags_change() functions registered by various drivers in interface
infra to provide proper L3 DMAC filtering status.
Maintain interface/sub-interface L3 config count so DMAC checks can be
bypassed if L3 forwarding is not setup on any main/sub-interfaces.
Type: fix
Ticket: VPP-1868
Signed-off-by: John Lo <loj@cisco.com>
Change-Id: I204d90459c13e9e486cfcba4e64e3d479bc9f2ae
|
|
Type: fix
Change-Id: Idf7c80b7d81f796bd0512bca4276bcfcf2af241a
Signed-off-by: Neale Ranns <nranns@cisco.com>
|
|
Type: fix
Signed-off-by: Ye donggang <yedg@wangsu.com>
Change-Id: Ia9f72ff2be455ecd4ff3d16e884c5a50f9df69fe
|
|
Type: improvement
- inline some common encap fixup functions into the midchain
rewrite node so we don't incur the cost of the virtual function call
- change the copy 'guess' from ethernet_header (which will never happen) to an ip4 header
- add adj-midchain-tx to multiarch sources
- don't run adj-midchain-tx as a feature, instead put this node as the
adj's next and at the end of the feature arc.
- cache the feature arc config index (to save the cache miss going to fetch it)
- don't check if features are enabled when taking the arc (since we know they are)
the last two changes will also benefit normal adjacencies taking the arc (i.e. for NAT, ACLs, etc)
for IPSec:
- don't run esp_encrypt as a feature, instead when required insert this
node into the adj's next and into the end of the feature arc. this
implies that encrypt is always 'the last feature' run, which is
symmetric with decrypt always being the first.
- esp_encrpyt for tunnels has adj-midchain-tx as next node
Change-Id: Ida0af56a704302cf2d7797ded5f118a781e8acb7
Signed-off-by: Neale Ranns <nranns@cisco.com>
|
|
Type: feature
- replace functions for prefixes attached to interfaces
- add ip_interface.[ch] to consoldate the functions
Signed-off-by: Neale Ranns <nranns@cisco.com>
Change-Id: I9c0c39c09dbf80ea1aadefee02c9bd16f094b6ad
|
|
Merge two mildly incompatible static inlines, and rename the results
vnet_calc_checksums_inline (...).
The resulting inline has three additional parameters: int is_ip4, int
is_ip6, and int with_gso. All calls manage to pass one or more as
compile-time constants, which causes a certain amount of code to
disappear in each instantiation.
Type: refactor
Signed-off-by: Dave Barach <dave@barachs.net>
Change-Id: I1a2a0e353b9a7bca20bc81318e8c915617261e1a
|
|
Type: feature
- move the IP4 code to plugin
- add ip6 support
- add suport for uRPF on TX
- add tests
Change-Id: I074c2debc486d3e79c12fad4b8dbd72c41e841a0
Signed-off-by: Neale Ranns <nranns@cisco.com>
|
|
Type: fix
- doing so in MTU dec, means mtu_inc is broken
- there's no need to. if a packet encounters ipX-rewrite a second time then it went through a tunnel the first time and is still locally originated.
Change-Id: I0f279c2837b608c1677485fe93f63398ab2737b3
Signed-off-by: Neale Ranns <nranns@cisco.com>
|
|
Type: improvement
Signed-off-by: Neale Ranns <nranns@cisco.com>
Change-Id: Ia8dff15855a81cf29729bdaa3ff28fbe3254fa97
|
|
Type: fix
Signed-off-by: Florin Coras <fcoras@cisco.com>
Change-Id: Ie8bc5c9a03e858487cf565b4e9b520e6b496337a
|
|
Type: refactor
currently vnet_classify.h is included in ip.h where it's not required.
Change-Id: Id55682637601655aa2edda681536a979c8e323bd
Signed-off-by: Neale Ranns <nranns@cisco.com>
|
|
Type: fix
Fixes: be2286b0
This patch does following:
- If terminating frame has consecutive packets with same source IP, this patch
avoids fib lookup for those packets in ip4-local node. This drops cycle count
for ip4-local node on both ARM and x86. It being done by enabling dead code in
else {} case of ip4_local_check_src_x2() and ip4_local_check_src() functions.
- In case all packets in terminating frame have unique source IP (e.g:
incrementing), ip4-local is costlier by 2 cycles (broadwell)
Change-Id: I472ddc324716cec8bfe601568b8aeb7565f97ab3
Signed-off-by: Nitin Saxena <nsaxena@marvell.com>
|
|
Type: feature
- ip-neighbour: generic neighbour handling; APIs, DBs, event handling,
aging
- arp: ARP protocol implementation
- ip6-nd; IPv6 neighbor discovery implementation; separate ND,
MLD, RA
- ip6-link; manage link-local addresses
- l2-arp-term; events separated from IP neighbours, since they are not
the same.
vnet retains just enough education to perform ND/ARP packet
construction.
arp and ip6-nd to be moved to plugins soon.
Change-Id: I88dedd0006b299344f4c7024a0aa5baa6b9a8bbe
Signed-off-by: Neale Ranns <nranns@cisco.com>
|
|
Type: refactor
Change-Id: I51405b9d09fb6fb03d08569369fdd4e11c647908
Signed-off-by: Mohsin Kazmi <sykazmi@cisco.com>
|
|
Type: refactor
Signed-off-by: Neale Ranns <nranns@cisco.com>
Change-Id: I3aad20b35d89fc541fdf185096d71ca12b09a6e2
|
|
This provides a functional interface to IP fragmentation.
Allowing external features to fragment. Supports
arbitrary encap size, for e.g. MPLS or inner fragmentation
of tunnels.
This also removed dual loop in MAP that was fundamentally broken.
Type: fix
Signed-off-by: Ole Troan <ot@cisco.com>
Change-Id: Ia89ecec8ee3cbe2416edbe87630fdb714898c2a8
Signed-off-by: Ole Troan <ot@cisco.com>
|
|
Type: fix
if the packet is about to be fragmented, then don't call any of the
actions that expect the rewrite to have been written.
1) don't double count packets thru the adjacency (original & fragments)
2) don't double decrement the TTL for fragments
3) return to ip4-midchain post ip-frag if that's where we started.
4) only run midchain/mcast fixups if not fragmenting (if no errors)
Change-Id: Ib2866787a42713ee5871b87b597d8f74b901044b
Signed-off-by: Neale Ranns <nranns@cisco.com>
|
|
Type: feature
Based on the configuration, we can disable checksum offload capability
and calculate checksum while pushing the TCP & IP header.
This saves some cycles when VPP stack is used in legacy hardware devices.
Signed-off-by: Srikanth A <srakula@cisco.com>
Change-Id: Ic1b3fcf3040917e47ee65263694ebf7437ac5668
(cherry picked from commit 3642782a2748503f5b5ccf89d1575c1d489948ef)
|
|
this is a preparation step for introducing other reassembly types
Type: refactor
Change-Id: I197e299dbd729b00eead31667913b8ceff915d63
Signed-off-by: Klement Sekera <ksekera@cisco.com>
|
|
In addition to the external vppapitrace tool, VPP itself supports dumping of API trace files.
In two formats, "custom-dump" and "dump". "dump" gives a human friendly list,
and "custom-dump" is meant to give a list of commands that can be fed to VAT.
This patch only deals with "dump".
Prior to this fix, auto-generation was only done for the basic types.
This fix adds support for any type, including lists, and supports pretty-printing
of enums, strings, IP addresses, MAC addresses and so on.
Usage: api trace dump <api-trace-file>
For example
Change-Id: I4e485680e6dcfce7489299ae6cf31d835071ac40
---------- trace 48 -----------
vl_api_sw_interface_set_flags_t:
_vl_msg_id: 75
client_index: 0
context: 10
sw_if_index: 1
flags: IF_STATUS_API_FLAG_ADMIN_UP
---------- trace 49 -----------
vl_api_sw_interface_add_del_address_t:
_vl_msg_id: 88
client_index: 0
context: 11
sw_if_index: 1
is_add: 1
del_all: 0
prefix: 172.16.1.1/24
---------- trace 51 -----------
vl_api_cli_inband_t:
_vl_msg_id: 819
client_index: 0
context: 13
cmd: packet-generator capture pg0 pcap /tmp/vpp-unittest-TestMAP-YhcmDX/pg0_out.pcap disable
---------- trace 58 -----------
vl_api_ip_neighbor_add_del_t:
_vl_msg_id: 199
client_index: 0
context: 20
is_add: 1
neighbor:
sw_if_index: 2
flags: IP_API_NEIGHBOR_FLAG_NONE
mac_address: 0202.0000.ff02
ip_address: fd01:2::2
Signed-off-by: Ole Troan <ot@cisco.com>
Change-Id: I5556d06008de2762e7c2d35a8b0963ae670b3db1
Type: fix
Signed-off-by: Ole Troan <ot@cisco.com>
Signed-off-by: Ole Troan <ot@cisco.com>
Signed-off-by: Ole Troan <ot@cisco.com>
Signed-off-by: Ole Troan <ot@cisco.com>
Signed-off-by: Ole Troan <ot@cisco.com>
Signed-off-by: Ole Troan <ot@cisco.com>
Signed-off-by: Ole Troan <ot@cisco.com>
Signed-off-by: Ole Troan <ot@cisco.com>
|
|
Too many prefetches within loop unrollings induce bottleneck and
performance degradation on some CPUs which have less cache line fill
buffers, e.g, Arm Cortex-A72.
Apply dual loop unrolling and tune prefetches manually to remove
hot-spot with prefetch instructions, to get throughput improvement.
It brings about 7% throughput improvement and saves 28% clocks with
ip4_rewrite nodes on Cortex-A72 CPUs.
Type: feature
Change-Id: I0d35ef19faccbd7a5a4647f50bc369bfcb01a20d
Signed-off-by: Lijian Zhang <Lijian.Zhang@arm.com>
|
|
When checksumming chained buffers with odd lengths: insert a
NULL byte, or the calculation fails.
Type: fix
Signed-off-by: Dave Barach <dave@barachs.net>
Signed-off-by: John Lo <loj@cisco.com>
Change-Id: I380f7c42897bdb28c8c29aa1c4cdaaa849cc9ecc
|
|
The function ip4_rewrite_inline_with_gso can leverage
the existing vlib_buffer_advance to simplify code.
Type: fix
Change-Id: I25d943dc78aba2f67654385cf3f693eb01e0210e
Signed-off-by: Zhiyong Yang <zhiyong.yang@intel.com>
|
|
Type: feature
Adding a prefix to an interface was not permitted if it overlapped
with another prefix on an interface which used the same FIB.
Loosen the restriction. Allow 2 or more addresses from the same
prefix on a single interface. Reference count the prefix to figure
out when a glean/connected route for the prefix needs to be added
or removed.
Added unit tests to check that the route is only removed when all
addresses in the prefix are removed from the interface.
Change-Id: I1a962ecb5e1ee65fc6d41f98a4cc097a51a55321
Signed-off-by: Matthew Smith <mgsmith@netgate.com>
|
|
Fix ip6_tcp_udp_icmp_compute_checksum to work properly for packets
with multiple buffers.
Fix ip4_tcp_udp_compute_checksum to exit upon detecting error.
Type: fix
Signed-off-by: John Lo <loj@cisco.com>
Change-Id: I673547f4479d72cd60757383343fc562cff10265
|