summaryrefslogtreecommitdiffstats
path: root/src/vnet/ip/ip6_forward.c
AgeCommit message (Collapse)AuthorFilesLines
2021-12-03ip: extension header parsing fails for fragment headerOle Troan1-8/+5
Refactor and improve boundary checking on IPv6 extension header handling. Limit parsing of IPv6 extension headers to a maximum of 4 headers and a depth of 256 bytes. Type: fix Signed-off-by: Ole Troan <ot@cisco.com> Change-Id: Ide40aaa2b482ceef7e92f02fa0caeadb3b8f7556 Signed-off-by: Ole Troan <ot@cisco.com>
2021-11-23ip: unlock_fib on if deleteNathan Skrzypczak1-0/+9
On interface delete we were not removing the lock taken by a previous ip_table_bind() call thus preventing the VRFs to be removed. Type: fix Change-Id: I11abbb51a09b45cd3390b23d5d601d029c5ea485 Signed-off-by: Nathan Skrzypczak <nathan.skrzypczak@gmail.com>
2021-11-10ip: always set ip rx_sw_if_indexFlorin Coras1-3/+6
Type: improvement Signed-off-by: Florin Coras <fcoras@cisco.com> Change-Id: I43f6bfa028ee37227f27a2fe0303662bf2631b10
2021-10-21ip: Add ip46-local node for local swif[rx]Nathan Skrzypczak1-13/+48
Type: improvement This adds a new ip[46]-receive node, sibling of ip[46]-local. Its goal is to set vnet_buffer (b)->ip.rx_sw_if_index to the sw_if_index of the local interface. In dependant nodes further down the line (e.g. hoststack) we then set sw_if_idx[rx] to this value. So that we know which local interface did receive the packet. The TCP issue this fixes is that : On accepts, we were setting tc->sw_if_index to the source sw_if_index. We should use the dest sw_if_index, so that packets coming back on this connection have the right source sw_if_index. And also setting it in the tx-ed packet. Change-Id: I569ed673e15c21e71f365c3ad45439b05bd14a9f Signed-off-by: Nathan Skrzypczak <nathan.skrzypczak@gmail.com>
2021-09-24ip: set error number on failed intf addrMatthew Smith1-1/+4
Type: fix A subinterface that does not have exact match enabled cannot have an IP address configured on it. When this is validated in the functions which add an interface IP address for IPv4 and IPv6, a clib_error_t * is returned but api_errno is not set. The API handler uses the value of vnet_main.api_errno to set the return value in it's reply. Since it was not set, the API reports the operation succeeded. Set vnet_main.api_errno if vnet_sw_interface_supports_addressing() returns a non-null value when adding/deleting an interface IP address. Change-Id: I257a30d21788986102a2a719235e714ff16a24e8 Signed-off-by: Matthew Smith <mgsmith@netgate.com>
2021-09-13interface: fix init fib_index_by_sw_if_indexNathan Skrzypczak1-9/+9
Type: fix The init of fib_index_by_sw_if_index wasn't setting default value to 0. Which we now need for setting interfaces unnumbered Change-Id: Ie5be9b5e5373ef055557a871ad4d1c45fbfc1dee Signed-off-by: Nathan Skrzypczak <nathan.skrzypczak@gmail.com>
2021-08-14ip: Fix crash in ip address add on sub-int without exact-matchPim van Pelt1-6/+3
Type: fix Creating a sub-int without exact-match set, and subsequently adding an IPv4 or IPv6 address will crash VPP. This fix catches this situation and refuses to allow the caller to add an IPv4 or IPv6 address on an ethernet sub-int that does not have exact-match set. TESTED: Before this change, the following crashes VPP: ``` DBGvpp# cre sub TenGigabitEthernet3/0/0 1 dot1q 10 TenGigabitEthernet3/0/0.1 DBGvpp# set interface ip address TenGigabitEthernet3/0/0.1 2001:db8::1/64 <crash> ``` After the change, VPP refuses to act: ``` DBGvpp# cre sub TenGigabitEthernet3/0/0 1 dot1q 10 TenGigabitEthernet3/0/0.1 DBGvpp# set interface ip address TenGigabitEthernet3/0/0.1 192.0.2.1/30 set interface ip address: sub-interface without exact-match doesn't support IP addressing DBGvpp# set interface ip address TenGigabitEthernet3/0/0.1 2001:db8:1/64 set interface ip address: sub-interface without exact-match doesn't support IP addressing ``` Signed-off-by: Pim van Pelt <pim@ipng.nl> Change-Id: I42997db314225cd186ebb54013b5717ace7f7bd6
2021-07-15misc: replace CLIB_PREFETCH with clib_prefetch_{load,store}Damjan Marion1-2/+2
Type: refactor Change-Id: Id10cbf52e8f2dd809080a228d8fa282308be84ac Signed-off-by: Damjan Marion <damarion@cisco.com>
2021-06-07pg: Reduce the inclusion of pg.hNeale Ranns1-0/+1
Type: style reduce the number of files recompiled after changing pg.h from 1110 to 102. Signed-off-by: Neale Ranns <neale@graphiant.com> Change-Id: I50611eba818eeb3a2dffd437a3c72c77766bed80
2021-05-06vlib: fix the offload flags sizeMohsin Kazmi1-2/+2
Type: fix Change-Id: I433fe3799975fe3ba00fa30226f6e8dae34e88fc Signed-off-by: Mohsin Kazmi <sykazmi@cisco.com>
2021-05-05vlib: move offload flags to 1st cacheline in vlib_buffer_tMohsin Kazmi1-3/+3
Type: improvement Some tests i.e. ipsec see performance regression when offload flags are moved to 2nd cacheline. This patch moves them back to 1st cacheline. Change-Id: I6ead45ff6d2c467b0d248f409e27c2ba31758741 Signed-off-by: Mohsin Kazmi <sykazmi@cisco.com>
2021-02-15vlib: refactor checksum offload supportMohsin Kazmi1-32/+30
Type: refactor This patch refactors the offload flags in vlib_buffer_t. There are two main reasons behind this refactoring. First, offload flags are insufficient to represent outer and inner headers offloads. Second, room for these flags in first cacheline of vlib_buffer_t is also limited. This patch introduces a generic offload flag in first cacheline. And detailed offload flags in 2nd cacheline of the structure for performance optimization. Change-Id: Icc363a142fb9208ec7113ab5bbfc8230181f6004 Signed-off-by: Mohsin Kazmi <sykazmi@cisco.com>
2021-02-05ip: Remove unused include fileNeale Ranns1-1/+0
Type: refactor Signed-off-by: Neale Ranns <neale@graphiant.com> Change-Id: Iae135cbca372def29b1dd5e9f29b7db546ef1a3e
2021-01-21ip: use IPv6 flowlabel in flow hash computationAhmed Abdelsalam1-25/+10
extends ip6_compute_flow_hash() to include IPv6 flowlabel in flowhash computation Type: improvement Signed-off-by: Ahmed Abdelsalam <ahabdels@cisco.com> Signed-off-by: Neale Ranns <neale.ranns@cisco.com> Change-Id: Id1aaa20c9dac729c22b714eea1cdd6e9e4d1f75e
2021-01-21ip: set correct error in ip6-localBenoît Ganne1-3/+3
Type: fix Change-Id: Ib23f823e46494f80d9d857ddde88f4939bf2b3d1 Signed-off-by: Benoît Ganne <bganne@cisco.com>
2020-12-27ip: Use full reassembly for fragments in ip6-localNeale Ranns1-1/+1
Type: fix shallow was the default, but probably by accident as it depended on module load order. full assembly is the v4 behaviour. using proper types allows gdb to print enum names. Signed-off-by: Neale Ranns <neale@graphiant.com> Change-Id: If157c5b83614c7adbd7a15a8227a68f8caf4e92c Signed-off-by: Neale Ranns <nranns@cisco.com>
2020-12-14misc: move to new pool_foreach macrosDamjan Marion1-3/+3
Type: refactor Change-Id: Ie67dc579e88132ddb1ee4a34cb69f96920101772 Signed-off-by: Damjan Marion <damarion@cisco.com>
2020-11-20ip-neighbor: Use ip_address_t rather than ip46_address_tNeale Ranns1-1/+4
Type: improvement Change-Id: Ica5f395075677bda5f38d28e704f65350af88610 Signed-off-by: Neale Ranns <nranns@cisco.com>
2020-10-19ip: Move the IP6 fib into ip6_[m]fib.cNeale Ranns1-46/+0
Type: improvement reduce the compile time by moving the bihash includes out of ip[46].h Signed-off-by: Neale Ranns <nranns@cisco.com> Change-Id: I6b9216e10aff1013071f9238b3e1ebbdd205bd80
2020-10-05ipsec: Use bihash for tunnel lookupNeale Ranns1-0/+1
Type: improvement Change-Id: I0c82722dfce990345fe6eeecdb335678543367e0 Signed-off-by: Neale Ranns <nranns@cisco.com>
2020-06-08vxlan: Fixed checksum caclculation offsetVladimir Isaev1-6/+3
VXLAN uses csum_offload for IPv6 packets. But without gso node we have csum calculated only for inner packet. This patch adds support for outer header csum calculation. Checksum for inner packet should be calculated before interface-output node (for example in vxlan node). Type: fix Signed-off-by: Mohsin Kazmi <sykazmi@cisco.com> Signed-off-by: Vladimir Isaev <visaev@netgate.com> Change-Id: Ica68429ede4426293769207cd83c791ebe72fe56
2020-05-27ethernet: fix DMAC check and skip unnecessary ones (VPP-1868)John Lo1-0/+7
Fix and optimize DMAC check in ethernet-input node to utilize NIC or driver which support L3 DMAC-filtering mode so that DMAC check can be bypassed safely for interfaces/sub-interfaces in L3 mode. Checking of interface in L3-DMAC-filtering state to avoid DMAC check require the following: a) Fix interface driver init sequence for devices which supports L3 DMAC-filtering to indicate its capability and initialize interface to L3 DMAC-filtering state. b) Fix ethernet_set_flags() function and its associated callback flags_change() functions registered by various drivers in interface infra to provide proper L3 DMAC filtering status. Maintain interface/sub-interface L3 config count so DMAC checks can be bypassed if L3 forwarding is not setup on any main/sub-interfaces. Type: fix Ticket: VPP-1868 Signed-off-by: John Lo <loj@cisco.com> Change-Id: I204d90459c13e9e486cfcba4e64e3d479bc9f2ae
2020-05-14ip: fix interface ip address del sw_if_index checkyedg1-1/+4
Type: fix Signed-off-by: Ye donggang <yedg@wangsu.com> Change-Id: Ia9f72ff2be455ecd4ff3d16e884c5a50f9df69fe
2020-05-04fib: midchain adjacency optimisationsNeale Ranns1-13/+24
Type: improvement - inline some common encap fixup functions into the midchain rewrite node so we don't incur the cost of the virtual function call - change the copy 'guess' from ethernet_header (which will never happen) to an ip4 header - add adj-midchain-tx to multiarch sources - don't run adj-midchain-tx as a feature, instead put this node as the adj's next and at the end of the feature arc. - cache the feature arc config index (to save the cache miss going to fetch it) - don't check if features are enabled when taking the arc (since we know they are) the last two changes will also benefit normal adjacencies taking the arc (i.e. for NAT, ACLs, etc) for IPSec: - don't run esp_encrypt as a feature, instead when required insert this node into the adj's next and into the end of the feature arc. this implies that encrypt is always 'the last feature' run, which is symmetric with decrypt always being the first. - esp_encrpyt for tunnels has adj-midchain-tx as next node Change-Id: Ida0af56a704302cf2d7797ded5f118a781e8acb7 Signed-off-by: Neale Ranns <nranns@cisco.com>
2020-04-24ip: Setting the Link-Local address from the API enables IPv6 on theNeale Ranns1-2/+4
interface Type: fix Signed-off-by: Neale Ranns <nranns@cisco.com> Change-Id: I0b7c189006e30a357cd6be4f3c9c61fded4157cb
2020-04-23ip: Replace Sematics for Interface IP addressesNeale Ranns1-19/+81
Type: feature - replace functions for prefixes attached to interfaces - add ip_interface.[ch] to consoldate the functions Signed-off-by: Neale Ranns <nranns@cisco.com> Change-Id: I9c0c39c09dbf80ea1aadefee02c9bd16f094b6ad
2020-04-15urpf: Allow locally generated packets on TXNeale Ranns1-4/+0
Type: fix Change-Id: I87d301aec20b9f5b34997b394493c796188fce14 Signed-off-by: Neale Ranns <nranns@cisco.com>
2020-04-15misc: refactor calc_checksumsDave Barach1-3/+9
Merge two mildly incompatible static inlines, and rename the results vnet_calc_checksums_inline (...). The resulting inline has three additional parameters: int is_ip4, int is_ip6, and int with_gso. All calls manage to pass one or more as compile-time constants, which causes a certain amount of code to disappear in each instantiation. Type: refactor Signed-off-by: Dave Barach <dave@barachs.net> Change-Id: I1a2a0e353b9a7bca20bc81318e8c915617261e1a
2020-04-08ip: do not clear the locally-originated flagNeale Ranns1-8/+2
Type: fix - doing so in MTU dec, means mtu_inc is broken - there's no need to. if a packet encounters ipX-rewrite a second time then it went through a tunnel the first time and is still locally originated. Change-Id: I0f279c2837b608c1677485fe93f63398ab2737b3 Signed-off-by: Neale Ranns <nranns@cisco.com>
2020-02-10ip6: fix l4 checksum with hop-by-hop headerMatthew Smith1-13/+23
L4 checksums for IPv6 should be calculated using a pseudo header that includes the source/destination addresses, payload length, and payload protocol. ip6_tcp_udp_icmp_compute_checksum() was using the payload length and protocol from the IPv6 header. If there is a hop-by-hop header (or any other extension header), the payload length used for the pseudo header should only include the upper layer header and payload and not the extension header bytes. Same deal with the protocol, the upper layer next header value should be used instead of the extension header. Type: fix Fixes: cb9cadad57 Change-Id: Ifa2c9ad41c0fc4eea674f0671255b637c8e01f71 Signed-off-by: Matthew Smith <mgsmith@netgate.com>
2020-01-14classify: Reduce the include dependencies on vnet_classify.hNeale Ranns1-0/+1
Type: refactor currently vnet_classify.h is included in ip.h where it's not required. Change-Id: Id55682637601655aa2edda681536a979c8e323bd Signed-off-by: Neale Ranns <nranns@cisco.com>
2019-12-17ip: Protocol Independent IP NeighborsNeale Ranns1-185/+17
Type: feature - ip-neighbour: generic neighbour handling; APIs, DBs, event handling, aging - arp: ARP protocol implementation - ip6-nd; IPv6 neighbor discovery implementation; separate ND, MLD, RA - ip6-link; manage link-local addresses - l2-arp-term; events separated from IP neighbours, since they are not the same. vnet retains just enough education to perform ND/ARP packet construction. arp and ip6-nd to be moved to plugins soon. Change-Id: I88dedd0006b299344f4c7024a0aa5baa6b9a8bbe Signed-off-by: Neale Ranns <nranns@cisco.com>
2019-12-08ip: coverity fixjohny1-8/+6
Delete Null-checking "p0" in function ip6_tcp_udp_icmp_bad_length, because it's not necessary. Type: fix Signed-off-by: johny <jan.cavojsky@pantheon.tech> Change-Id: I2bf43a60c1c1d76e42581df27f2285c9e9563093
2019-12-05ip: fix cancel termination after receive malformed ip6 packetjohny1-3/+68
This fix is for cancel termination of vpp after receive malformed packet type of ip6.To avoid termination of vpp are checked if are missing data in packet. This occours, when payload length in ip6 header packet is more than real count of data in packet. When this error occours, packet is ignore. Type: fix Ticket: VPP-1693, VPP-1694 Change-Id: I9d9ecea7b75c8702cb31aa8051c8d4d7ce19659d Signed-off-by: johny <jan.cavojsky@pantheon.tech>
2019-12-04gso: remove the interface countMohsin Kazmi1-14/+6
Type: refactor Change-Id: I51405b9d09fb6fb03d08569369fdd4e11c647908 Signed-off-by: Mohsin Kazmi <sykazmi@cisco.com>
2019-12-03fib: constify the adjacency in the rewrite nodesNeale Ranns1-1/+1
Type: refactor Signed-off-by: Neale Ranns <nranns@cisco.com> Change-Id: I3aad20b35d89fc541fdf185096d71ca12b09a6e2
2019-11-11ip: functional interface to ip fragmentationOle Troan1-5/+10
This provides a functional interface to IP fragmentation. Allowing external features to fragment. Supports arbitrary encap size, for e.g. MPLS or inner fragmentation of tunnels. This also removed dual loop in MAP that was fundamentally broken. Type: fix Signed-off-by: Ole Troan <ot@cisco.com> Change-Id: Ia89ecec8ee3cbe2416edbe87630fdb714898c2a8 Signed-off-by: Ole Troan <ot@cisco.com>
2019-11-05ip: Fragmentation fixesNeale Ranns1-1/+1
Type: fix if the packet is about to be fragmented, then don't call any of the actions that expect the rewrite to have been written. 1) don't double count packets thru the adjacency (original & fragments) 2) don't double decrement the TTL for fragments 3) return to ip4-midchain post ip-frag if that's where we started. 4) only run midchain/mcast fixups if not fragmenting (if no errors) Change-Id: Ib2866787a42713ee5871b87b597d8f74b901044b Signed-off-by: Neale Ranns <nranns@cisco.com>
2019-10-10tcp: custom checksum calculations for Ipv4/Ipv6Srikanth A1-56/+13
Type: feature Based on the configuration, we can disable checksum offload capability and calculate checksum while pushing the TCP & IP header. This saves some cycles when VPP stack is used in legacy hardware devices. Signed-off-by: Srikanth A <srakula@cisco.com> Change-Id: Ic1b3fcf3040917e47ee65263694ebf7437ac5668 (cherry picked from commit 3642782a2748503f5b5ccf89d1575c1d489948ef)
2019-10-09ip: only install IPv6 prefixes in FIB when the interface is upNeale Ranns1-39/+36
otherwise they get installed twice and the reference counting means they are not removed. This is the same behaviour as IPv4. Type: fix Change-Id: I9266e04ccff6ff06a577e85973a2ddbeb9dfc52b Signed-off-by: Neale Ranns <nranns@cisco.com>
2019-09-25ip: refactor reassemblyKlement Sekera1-1/+1
this is a preparation step for introducing other reassembly types Type: refactor Change-Id: I197e299dbd729b00eead31667913b8ceff915d63 Signed-off-by: Klement Sekera <ksekera@cisco.com>
2019-09-07ip: fix udp/tcp checksum corner casesDave Barach1-2/+16
When checksumming chained buffers with odd lengths: insert a NULL byte, or the calculation fails. Type: fix Signed-off-by: Dave Barach <dave@barachs.net> Signed-off-by: John Lo <loj@cisco.com> Change-Id: I380f7c42897bdb28c8c29aa1c4cdaaa849cc9ecc
2019-08-29ip: remove unused function parameterSimon Zhang1-1/+1
Type: refactor Signed-off-by: Simon Zhang <yuwei1.zhang@intel.com> Change-Id: I8674ff5f6f6336b256b7df8187afbb36ddef71fb
2019-08-12ip: allow addrs from the same prefix on intfMatthew Smith1-22/+129
Type: feature Adding a prefix to an interface was not permitted if it overlapped with another prefix on an interface which used the same FIB. Loosen the restriction. Allow 2 or more addresses from the same prefix on a single interface. Reference count the prefix to figure out when a glean/connected route for the prefix needs to be added or removed. Added unit tests to check that the route is only removed when all addresses in the prefix are removed from the interface. Change-Id: I1a962ecb5e1ee65fc6d41f98a4cc097a51a55321 Signed-off-by: Matthew Smith <mgsmith@netgate.com>
2019-08-03ip: fix ip6/udp checksum for pkts using buffer chainingJohn Lo1-4/+12
Fix ip6_tcp_udp_icmp_compute_checksum to work properly for packets with multiple buffers. Fix ip4_tcp_udp_compute_checksum to exit upon detecting error. Type: fix Signed-off-by: John Lo <loj@cisco.com> Change-Id: I673547f4479d72cd60757383343fc562cff10265
2019-06-04Punt: specify packets by IP protocol TypeNeale Ranns1-0/+10
Change-Id: I0c2d6fccd95146e52bb88ca4a6e84554d5d6b2ed Signed-off-by: Neale Ranns <nranns@cisco.com>
2019-05-30IP load-balance; perf improvement using the usual reciepeNeale Ranns1-168/+127
before and after: ip4-load-balance 1.54e1 ip4-load-balance 1.36e1 p.s. Quad loops were not beneficial Change-Id: I7bc01fc26288f0490af74db2b1b7993526c3d982 Signed-off-by: Neale Ranns <nranns@cisco.com>
2019-04-10Make tcp/udp/icmp compute checksum safer for buffer-chain caseJohn Lo1-1/+1
Change-Id: I046e481a67fbeffdaa8504c8d77d232b986a61ee Signed-off-by: John Lo <loj@cisco.com>
2019-04-08fixing typosJim Thompson1-1/+1
Change-Id: I215e1e0208a073db80ec6f87695d734cf40fabe3 Signed-off-by: Jim Thompson <jim@netgate.com>
2019-03-28IPSEC: run encrpyt as a feautre on the tunnelNeale Ranns1-6/+23
Change-Id: I6527e3fd8bbbca2d5f728621fc66b3856b39d505 Signed-off-by: Neale Ranns <nranns@cisco.com>