summaryrefslogtreecommitdiffstats
path: root/src/vnet/ip/ip6_forward.c
AgeCommit message (Collapse)AuthorFilesLines
2018-03-29ip6: fix ip6-local urpf checkingFlorin Coras1-4/+7
Use sw_if_index[VLIB_TX] if set as fib index when doing the urpf check. Change-Id: I5ec3e7f7a54c6782704d91e9a5614fd0f7f9e3de Signed-off-by: Florin Coras <fcoras@cisco.com>
2018-03-21reassembly: feature/concurrencyKlement Sekera1-1/+0
This change makes ip reassembly an interface feature, while adding concurrency support. Due to this, punt is no longer needed to test reassembly. Change-Id: I467669514ec33283ce935be0f1dd08f07684f0c7 Signed-off-by: Klement Sekera <ksekera@cisco.com>
2018-03-18Remove unnumbered configuration on interface deleteNeale Ranns1-1/+2
Change-Id: Iae5532c3d53e208831f3b2782242d9e59d367087 Signed-off-by: Neale Ranns <nranns@cisco.com>
2018-03-05IP6 link-local tableNeale Ranns1-3/+4
- IPv6 link local table is a per-SW interface array of IPv6 unicast FIBs - the per-interface ocst is sizeof(fib_table_t) which is small, w.r.t. the cost of an interface - FE80::/10 in the 'global' table points to a DPO that performs a lookup in the input interface's LL fib. Change-Id: Ice834b25ebeeacb2e929d7c864d7ec8c09918cbe Signed-off-by: Neale Ranns <neale.ranns@cisco.com>
2018-03-016RD: Rewritten 6RD RFC5969 support.Ole Troan1-1/+2
Change-Id: Ic30fbcb2630f39e45345d7215babf5d7ed4b33a0 Signed-off-by: Ole Troan <ot@cisco.com>
2018-02-08ip: move lookup inline functions to header fileVijayabhaskar Katamreddy1-276/+1
Needed to allow other code paths to reuse them. Change-Id: I9e469527c6b2e9a6fec7af5f17d8b400a2e85826 Signed-off-by: Vijayabhaskar Katamreddy <vkatamre@cisco.com>
2018-02-07classifier-based ACL: refactor + add output ACLAndrew Yourtchenko1-0/+6
For implementation of MACIP ACLs enhancement (VPP-1088), an outbound classifier-based ACL would be needed. There was an existing incomplete code for outbound ACLs, it looked almost exact copy of input ACLs, minus the various enhancements, trying to sync that code seemed error-prone and cumbersome to maintain in the longer run. This change refactors the input+output ACLs processing into a unified routine (thus any changes will have effect on both), and also adds the API to set the output interface ACL, with the same format and semantics as the existing input one (except working on output ACL of course). WARNING: IP outbound ACL in L3 mode clobbers the ip.* fields in the vnet_buffer_opaque_t, since the code is using l2_classify.* The net_buffer (p0)->ip.save_rewrite_length is rescued into l2_classify.pad.l2_len, and used to rewind the header in case of drop, so that ipX_drop prints something sensible. Change-Id: I62f814f1e3650e504474a3a5359edb8a0a8836ed Signed-off-by: Andrew Yourtchenko <ayourtch@gmail.com>
2018-02-01IPv4/6 reassemblyKlement Sekera1-0/+2
Change-Id: Ic5dcadd13c88b8a5e7896dab82404509c081614a Signed-off-by: Klement Sekera <ksekera@cisco.com>
2018-01-31Improved tracing for the IP[46] not-enabled case.Neale Ranns1-10/+10
now we get 00:00:03:665501: pg-input ... 00:00:03:665681: ethernet-input ... 00:00:03:665691: ip6-input UDP: 2001::1 -> ffef::1 tos 0x00, flow label 0x0, hop limit 64, payload length 108 UDP: 1234 -> 1234 length 108, checksum 0x7b25 00:00:03:665695: ip6-not-enabled UDP: 2001::1 -> ffef::1 tos 0x00, flow label 0x0, hop limit 64, payload length 108 UDP: 1234 -> 1234 length 108, checksum 0x7b25 00:00:03:665706: error-drop ethernet-input: no error Same goes for IPv4 Change-Id: Ia360df39b43281d3a0aa1b686f04b73cfa37c546 Signed-off-by: Neale Ranns <nranns@cisco.com>
2018-01-30Allow the provider of a midchain adjacency to pass context data that is ↵Neale Ranns1-3/+6
returned in the fixup function Change-Id: I458e6e03b03e27775df33a2fd302743126d6ac44 Signed-off-by: Neale Ranns <nranns@cisco.com>
2018-01-09DVR: run L3 output featuresNeale Ranns1-1/+1
- rename l2_bridged to is_dvr. Including on the ip.api this was new in the 18.01 release so no compatability issues. - steal the free space in vnet_buffer_opaque_t for use with flags. - run the ipX-output feature arc from the DVR DPO Change-Id: I040e5976d1dbe076fcdda3a40a7804f56337ce3f Signed-off-by: Neale Ranns <nranns@cisco.com>
2017-12-15Fix icmp/udp/tcp punt/drop pathsVijayabhaskar Katamreddy1-3/+3
Send packets to ip4/6_punt/drop nodes instead of error-drop/punt nodes dbarach: clean up an annoying checkstyle issue: indent 2.2.10 (OpenSUSE version) and indent 2.2.11 (Ubuntu / CentOS versions) had an artistic disagreement about ip_frag.c. Change-Id: I660bee28a064af9c6c70371363081e941d1c3a94 Signed-off-by: Vijayabhaskar Katamreddy <vkatamre@cisco.com> Signed-off-by: Dave Barach <dave@barachs.net>
2017-12-13Separate heap for IPv4 mtriesNeale Ranns1-8/+3
Change-Id: I497e9f6489dd35219bcf2b51ac992467aac4c8eb Signed-off-by: Neale Ranns <nranns@cisco.com>
2017-11-07vnet: ip4/6_local-> don't drop TCP/UCP marked for cksum calc fixJakub Grajciar1-6/+6
Change-Id: Id14826eefe43168747c8ba69b3b600441a7d4047 Signed-off-by: Jakub Grajciar <Jakub.Grajciar@pantheon.tech>
2017-11-03vnet: ip4/6_local->don't drop packet if marked for TCP/UDP offload cksum ↵Jakub Grajciar1-3/+12
calculation Change-Id: I62f625a93e5d818caef382316035cd5447bd8fef Signed-off-by: Jakub Grajciar <Jakub.Grajciar@pantheon.tech>
2017-10-10session: add support for application namespacingFlorin Coras1-0/+26
Applications are now provided the option to select the namespace they are to be attached to and the scope of their attachement. Application namespaces are meant to: 1) constrain the scope of communication through the network by association with source interfaces and/or fib tables that provide the source ips to be used and limit the scope of routing 2) provide a namespace local scope to session layer communication, as opposed to the global scope provided by 1). That is, sessions can be established without assistance from transport and network layers. Albeit, zero/local-host ip addresses must still be provided in session establishment messages due to existing application idiosyncrasies. This mode of communication uses shared-memory fifos (cut-through sessions) exclusively. If applications request no namespace, they are assigned to the default one, which at its turn uses the default fib. Applications can request access to both local and global scopes for a namespace. If no scope is specified, session layer defaults to the global one. When a sw_if_index is provided for a namespace, zero-ip (INADDR_ANY) binds are converted to binds to the requested interface. Change-Id: Ia0f660bbf7eec7f89673f75b4821fc7c3d58e3d1 Signed-off-by: Florin Coras <fcoras@cisco.com>
2017-10-10punt and drop features:Neale Ranns1-71/+2
- new IPv4 and IPv6 feature arcs on the punt and drop nodes - new features: - redirect punted traffic to an interface and nexthop - police punted traffic. Change-Id: I53be8bf4e06545add8a3619e462de5ffedd0a95c Signed-off-by: Neale Ranns <nranns@cisco.com>
2017-10-04[aarch64] Fixes CLI crashes on dpaa2 platform.Christophe Fontaine1-3/+3
- always use 'va_args' as pointer in all format_* functions - u32 for all 'indent' params as it's declaration was inconsistent Change-Id: Ic5799309a6b104c9b50fec309cba789c8da99e79 Signed-off-by: Christophe Fontaine <christophe.fontaine@enea.com>
2017-10-03Repair vlib API socket serverDave Barach1-0/+8
- Teach vpp_api_test to send/receive API messages over sockets - Add memfd-based shared memory - Add api messages to create memfd-based shared memory segments - vpp_api_test supports both socket and shared memory segment connections - vpp_api_test pivot from socket to shared memory API messaging - add socket client support to libvlibclient.so - dead client reaper sends ping messages, container-friendly - dead client reaper falls back to kill (<pid>, 0) live checking if e.g. a python app goes silent for tens of seconds - handle ping messages in python client support code - teach show api ring about pairwise shared-memory segments - fix ip probing of already resolved destinations (VPP-998) We'll need this work to implement proper host-stack client isolation Change-Id: Ic23b65f75c854d0393d9a2e9d6b122a9551be769 Signed-off-by: Dave Barach <dave@barachs.net> Signed-off-by: Dave Wallace <dwallacelf@gmail.com> Signed-off-by: Florin Coras <fcoras@cisco.com>
2017-09-20Add ip6-local feature arcPierre Pfister1-6/+91
ip4-local feature arc existed but not ip6-local one. This patch also adds node name to the 'show ip local' command and fixes a minor include issue in vnet/ip/ip4.h file. Change-Id: I9bb8a7159917d58f89afcce974680de20d946a70 Signed-off-by: Pierre Pfister <ppfister@cisco.com>
2017-09-11FIB table add/delete APINeale Ranns1-99/+4
part 2; - this adds the code to create an IP and MPLS table via the API. - but the enforcement that the table must be created before it is used is still missing, this is so that CSIT can pass. Change-Id: Id124d884ade6cb7da947225200e3bb193454c555 Signed-off-by: Neale Ranns <nranns@cisco.com>
2017-08-16tcp: fix v6 sessionsroot1-54/+64
Change-Id: Ia6dd5e948b17b2f3866fe70838eabb09e35415e1 Signed-off-by: Dave Barach <dbarach@cisco.com> Signed-off-by: Florin Coras <fcoras@cisco.com>
2017-08-08L2 over MPLSNeale Ranns1-2/+2
[support for VPWS/VPLS] - switch to using dpo_proto_t rather than fib_protocol_t in fib_paths so that we can describe L2 paths - VLIB nodes to handle pop/push of MPLS labels to L2 Change-Id: Id050d06a11fd2c9c1c81ce5a0654e6c5ae6afa6e Signed-off-by: Neale Ranns <nranns@cisco.com>
2017-08-02Fix vpp crash sending arp or probing neighb (VPP-917)Pavel Kotucek1-0/+15
VPP crash when trying to send arp message or to probe neighbor over interface with IP address but without hw address (local0 and tunnels - vxlan, gre, ...) Change-Id: I08a1c97d3ea913fc11b2886cf73b2ccc31356664 Signed-off-by: Pavel Kotucek <pkotucek@cisco.com>
2017-07-14vnet_buffer_t flags cleanupDamjan Marion1-19/+25
Change-Id: I123eccea98abafeb31f25d2a162501e2eded60d4 Signed-off-by: Damjan Marion <damarion@cisco.com>
2017-07-14Introduce l{2,3,4}_hdr_offset fields in the buffer metadataDamjan Marion1-3/+3
To save space in the first cacheline following is changed: - total_length_not_including_first_buffer moved to the 2nd cacheline. This field is used only when VLIB_BUFFER_TOTAL_LENGTH_VALID and VLIB_BUFFER_NEXT_PRESENT are both set. - free_list_index is now stored in 4bits inside flags, which allows up to 16 free lists. In case we need more we can store index in the 2nd cachelin Change-Id: Ic8521350819391af470d31d3fa1013e67ecb7681 Signed-off-by: Damjan Marion <damarion@cisco.com>
2017-06-23IP4/IP6 FIB: fix crash during interface deletePavel Kotucek1-0/+21
after deleting a sub interface with IP4/IP6 address vpp crash Change-Id: Ie768ca845b9e2394f61e2a8e9722a80a788746e7 Signed-off-by: Pavel Kotucek <pkotucek@cisco.com>
2017-06-01Fix 'ip probe' on /32Neale Ranns1-17/+22
Change-Id: Ib874ad93357500b2c425d75cf48834264b2183fc Signed-off-by: Neale Ranns <nranns@cisco.com>
2017-05-24IPv6 Performance bugsNeale Ranns1-18/+14
- inline the FIB lookup function; this requires access to the bihash, so for files that use more than one type this casues problems. those files that include ip6_fib.h unnecessarily have been updated - better use of the feature arcs. ip6-lookup and interface-output are now sentinels (end-node-index in the cm speak) rather than enabled features. Change-Id: I9d1375fee63f7dbb2d327da6124d8e60b63367ec Signed-off-by: Neale Ranns <nranns@cisco.com>
2017-05-11Validate ip6 interface fib tables early onFlorin Coras1-0/+5
This should avoid random crashes due to reception of packets (multicast in particular) before ip6 addresses are configured on the interfaces. Change-Id: Ibcf1a5a2ae2fa75f8b57da1b2f09f32c081210d7 Signed-off-by: Florin Coras <fcoras@cisco.com>
2017-04-26IP Flow Hash Config fixesNeale Ranns1-7/+5
- the flow hash config is (and was) cached on the load-balance object so the fib_table_t struct is not used a switch time. Therefore changes to the table's flow hash config need to be propagated to all load-balances and hance all FIB entries in the table. - enable API for setting the IPv6 table flow hash config - use only the hash config in the fib_table_t object and not on the ipX_fib_t - add tests. Change-Id: Ib804c11162c6d4972c764957562c372f663e05d4 Signed-off-by: Neale Ranns <nranns@cisco.com>
2017-04-24Improve Load-Balance MAPsNeale Ranns1-30/+74
- only build them for popular path-lists (where popular means more than 64 children) the reason to have a map is to improve convergence speed for recursive prefixes - if there are only a few this technique is not needed - only build them when there is at least one path that has recursive constraints, i.e. a path that can 'fail' in a PIC scenario. - Use the MAPS in the switch path. - PIC test cases for functionality (not convergence performance) Change-Id: I70705444c8469d22b07ae34be82cfb6a01358e10 Signed-off-by: Neale Ranns <nranns@cisco.com>
2017-04-11MPLS Mcast coverity fixesNeale Ranns1-1/+1
Change-Id: Ic07ec5d4c2560a414d5f4f7eb37e10faf591664a Signed-off-by: Neale Ranns <nranns@cisco.com>
2017-04-11Remove usued, redundant and deprecated code from lookup.hNeale Ranns1-15/+14
Change-Id: Ic16bc10d0b2877b2afdf052615f9334f31b9519f Signed-off-by: Neale Ranns <nranns@cisco.com>
2017-04-07MPLS McastNeale Ranns1-0/+23
1 - interface-DPO Used in the Data-plane to change a packet's input interface 2 - MPLS multicast FIB entry Same as a unicast entry but it links to a replicate not a load-balance DPO 3 - Multicast MPLS tunnel Update MPLS tunnels to use a FIB path-list to describe the endpoint[s]. Use the path-list to generate the forwarding chain (DPOs) to link to . 4 - Resolve a path via a local label (of an mLDP LSP) For IP multicast entries to use an LSP in the replication list, we need to decribe the 'resolve-via-label' where the label is that of a multicast LSP. 5 - MPLS disposition path sets RPF-ID For a interface-less LSP (i.e. mLDP not RSVP-TE) at the tail of the LSP we still need to perform an RPF check. An MPLS disposition DPO performs the MPLS pop validation checks and sets the RPF-ID in the packet. 6 - RPF check with per-entry RPF-ID An RPF-ID is used instead of a real interface SW if index in the case the IP traffic arrives from an LSP that does not have an associated interface. Change-Id: Ib92e177be919147bafeb599729abf3d1abc2f4b3 Signed-off-by: Neale Ranns <nranns@cisco.com>
2017-04-06Use thread local storage for thread indexDamjan Marion1-12/+12
This patch deprecates stack-based thread identification, Also removes requirement that thread stacks are adjacent. Finally, possibly annoying for some folks, it renames all occurences of cpu_index and cpu_number with thread index. Using word "cpu" is misleading here as thread can be migrated ti different CPU, and also it is not related to linux cpu index. Change-Id: I68cdaf661e701d2336fc953dcb9978d10a70f7c1 Signed-off-by: Damjan Marion <damarion@cisco.com>
2017-03-29Mtrie optimisationsNeale Ranns1-6/+0
1 - make the default route non-special, i.e. like any other less specific route. Consequently, all buckets have a valid valid index of either a leaf or a ply. Checks for special indeices in the data-path can thus be removed. 2 - since all leaves are now 'real' i.e. they represent a real load-balance object, to tell if a ply slot is 'empty' requeirs chekcing that the prefix length of the leaf occupying the slot is slot than the minium value for that ply. 3 - when removing a leaf find the cover first, then recurse down the ply and replace the old leaf with the cover. This saves us a ply walk. Change-Id: Idd523019e8bb1b6ef527b1f5279a5e24bcf18332 Signed-off-by: Neale Ranns <nranns@cisco.com>
2017-03-27Mcast rewrite no memcpyNeale Ranns1-3/+3
use a 32bit mask in the adjacency to AND with the IP address and OR into the rewrite. Change-Id: I80b0f246c18fd74f3e43c5d49e25833412f34665 Signed-off-by: Neale Ranns <nranns@cisco.com>
2017-03-17Cache a 'has-features' flag on the adjacency for faster access. Reclaim the ↵Neale Ranns1-8/+13
node_index memeber from the rewrite for space - this is only used for formtting before: ip4-rewrite * * * * 2.66e1 256.00 after: ip4-rewrite * * * * 2.40e1 256.00 Change-Id: Ic397150727cad38811564777419ad6bd26b8a3a6 Signed-off-by: Neale Ranns <nranns@wasa-ucs-11.cisco.com>
2017-03-07In-band OAM active probe (VPP-471)AkshayaNadahalli1-28/+4
Change-Id: Icf0ddf76ba1c8b588c79387284cd0349ebc6e45f Signed-off-by: AkshayaNadahalli <anadahal@cisco.com>
2017-03-07make per-adj counters configurableNeale Ranns1-16/+32
Change-Id: Ifdd2b204ecf7d855f1269c11224b9c825311904d Signed-off-by: Neale Ranns <nranns@cisco.com>
2017-03-07Fixing loadbalancing over ECMP for recursive routesAkshayaNadahalli1-6/+5
Change-Id: Ibe1734aeb94bc17cd8d8bc6f35ca7b780aaa9599 Signed-off-by: AkshayaNadahalli <anadahal@cisco.com>
2017-03-06ioam: manycast using iOAM and SR (VPP-628)Shwetha Bhandari1-74/+44
Change-Id: I6d2afda991d771fb4a89fc3f6544f8e940a9b9f0 Signed-off-by: Shwetha Bhandari <shwethab@cisco.com>
2017-03-03Changing the IP table for an interface is an error if the interface already ↵Neale Ranns1-10/+29
has an address configured (VPP-601) Change-Id: I311fc264f73dd3b2b3ce9d7d1c33cd0515b36c4a Signed-off-by: Neale Ranns <nranns@cisco.com>
2017-02-17Remove duplicate ip6 get interface address codeNeale Ranns1-6/+2
Change-Id: I5e0057b36bc4221e688a27fc1c0f602f78132991 Signed-off-by: Neale Ranns <nranns@cisco.com>
2017-02-13Out-of-tree Build Error fixAkshayaNadahalli1-0/+20
File vnet/fib/fib_urpf_list.h was included in vnet/fib/ip6_fib.h but was exported to be installed in /usr/include/vnet. So out-of-tree builds relying on an installed package was failing. Fix is to inlcude fib_urpf_list.h in source file rather than including it in header file. Change-Id: Iae39c1d9417dbd31ee67fa1bd2d1915d5e813c73 Signed-off-by: AkshayaNadahalli <anadahal@cisco.com>
2017-02-13VPP-632 : InBand OAM AnalyserAkshayaNadahalli1-0/+3
Refer to jira ticket for more details. Change-Id: I6facb9ef8553a21464f9a2e612706f152badbb68 Signed-off-by: AkshayaNadahalli <anadahal@cisco.com>
2017-02-08Fix source address reachability check for ip6 local packetsAkshayaNadahalli1-6/+3
Currently ip6 local check fails with error - source lookup miss if route to source of packet is over a dpo object such as load balance - recurssive route, tunnel adj - GRE, SR etc. So unless packet source is of a directly connected neibhor or has route with both interface and nexthop specified, it will be dropped. Fix is to check urpf list and if at least one link exists in the list, then allow packets to be processed, else drop. Change-Id: Id426311bb63bab506754a79409c602fdb6d0f190 Signed-off-by: AkshayaNadahalli <anadahal@cisco.com>
2017-01-31Add vxlan-bypass feature to IP6 forwarding pathJohn Lo1-1/+8
Add vxlan-bypass feature which can be enabled on the IP6 underlay interface which receive VXLAN packets to accelerate VXLAN decap processing. The CLI to enable/disable it is: set interface ip6 vxlan-bypass <interface> [del] The vxlan-bypass feature is already supported on the IP4 underlay interface. The CLI to enable/disable it is: set interface ip vxlan-bypass <interface> [del] Move vxlan-bypass API/CLI support code from decap.c to vxlan.c. Also fixed two issues in the VXLAN decap path in the vxlan-input node: 1. Add verification of VXLAN packet FIB index with the encap-vrf-id of the VXLAN tunnel. 2. Fix checking of VXLANoIPv6 packet mcast DIP against that of the IP6 mcast VXLAN tunnel. Change-Id: I2bad4074a468c48fbb8bb5ac64f6437190756ed2 Signed-off-by: John Lo <loj@cisco.com>
2017-01-27IP Multicast FIB (mfib)Neale Ranns1-28/+55
- IPv[46] mfib tables with support for (*,G/m), (*,G) and (S,G) exact and longest prefix match - Replication represented via a new replicate DPO. - RPF configuration and data-plane checking - data-plane signals sent to listening control planes. The functions of multicast forwarding entries differ from their unicast conterparts, so we introduce a new mfib_table_t and mfib_entry_t objects. However, we re-use the fib_path_list to resolve and build the entry's output list. the fib_path_list provides the service to construct a replicate DPO for multicast. 'make tests' is added to with two new suites; TEST=mfib, this is invocation of the CLI command 'test mfib' which deals with many path add/remove, flag set/unset scenarios, TEST=ip-mcast, data-plane forwarding tests. Updated applications to use the new MIFB functions; - IPv6 NS/RA. - DHCPv6 unit tests for these are undated accordingly. Change-Id: I49ec37b01f1b170335a5697541c8fd30e6d3a961 Signed-off-by: Neale Ranns <nranns@cisco.com>