| Age | Commit message (Collapse) | Author | Files | Lines |
|---|
|
Type: fix
A subinterface that does not have exact match enabled cannot have
an IP address configured on it. When this is validated in the functions
which add an interface IP address for IPv4 and IPv6, a clib_error_t * is
returned but api_errno is not set. The API handler uses the value of
vnet_main.api_errno to set the return value in it's reply. Since it was
not set, the API reports the operation succeeded.
Set vnet_main.api_errno if vnet_sw_interface_supports_addressing() returns
a non-null value when adding/deleting an interface IP address.
Change-Id: I257a30d21788986102a2a719235e714ff16a24e8
Signed-off-by: Matthew Smith <mgsmith@netgate.com>
|
|
Type: fix
The init of fib_index_by_sw_if_index wasn't
setting default value to 0. Which we now
need for setting interfaces unnumbered
Change-Id: Ie5be9b5e5373ef055557a871ad4d1c45fbfc1dee
Signed-off-by: Nathan Skrzypczak <nathan.skrzypczak@gmail.com>
|
|
Type: fix
Creating a sub-int without exact-match set, and subsequently adding an
IPv4 or IPv6 address will crash VPP. This fix catches this situation and
refuses to allow the caller to add an IPv4 or IPv6 address on an
ethernet sub-int that does not have exact-match set.
TESTED:
Before this change, the following crashes VPP:
```
DBGvpp# cre sub TenGigabitEthernet3/0/0 1 dot1q 10
TenGigabitEthernet3/0/0.1
DBGvpp# set interface ip address TenGigabitEthernet3/0/0.1 2001:db8::1/64
<crash>
```
After the change, VPP refuses to act:
```
DBGvpp# cre sub TenGigabitEthernet3/0/0 1 dot1q 10
TenGigabitEthernet3/0/0.1
DBGvpp# set interface ip address TenGigabitEthernet3/0/0.1 192.0.2.1/30
set interface ip address: sub-interface without exact-match doesn't support IP addressing
DBGvpp# set interface ip address TenGigabitEthernet3/0/0.1 2001:db8:1/64
set interface ip address: sub-interface without exact-match doesn't support IP addressing
```
Signed-off-by: Pim van Pelt <pim@ipng.nl>
Change-Id: I42997db314225cd186ebb54013b5717ace7f7bd6
|
|
Type: refactor
Change-Id: Id10cbf52e8f2dd809080a228d8fa282308be84ac
Signed-off-by: Damjan Marion <damarion@cisco.com>
|
|
Type: style
reduce the number of files recompiled after changing pg.h from 1110 to
102.
Signed-off-by: Neale Ranns <neale@graphiant.com>
Change-Id: I50611eba818eeb3a2dffd437a3c72c77766bed80
|
|
Type: fix
Change-Id: I433fe3799975fe3ba00fa30226f6e8dae34e88fc
Signed-off-by: Mohsin Kazmi <sykazmi@cisco.com>
|
|
Type: improvement
Some tests i.e. ipsec see performance regression when offload flags
are moved to 2nd cacheline. This patch moves them back to 1st cacheline.
Change-Id: I6ead45ff6d2c467b0d248f409e27c2ba31758741
Signed-off-by: Mohsin Kazmi <sykazmi@cisco.com>
|
|
Type: refactor
This patch refactors the offload flags in vlib_buffer_t.
There are two main reasons behind this refactoring.
First, offload flags are insufficient to represent outer
and inner headers offloads. Second, room for these flags
in first cacheline of vlib_buffer_t is also limited.
This patch introduces a generic offload flag in first
cacheline. And detailed offload flags in 2nd cacheline
of the structure for performance optimization.
Change-Id: Icc363a142fb9208ec7113ab5bbfc8230181f6004
Signed-off-by: Mohsin Kazmi <sykazmi@cisco.com>
|
|
Type: refactor
Signed-off-by: Neale Ranns <neale@graphiant.com>
Change-Id: Iae135cbca372def29b1dd5e9f29b7db546ef1a3e
|
|
extends ip6_compute_flow_hash() to include IPv6 flowlabel in flowhash computation
Type: improvement
Signed-off-by: Ahmed Abdelsalam <ahabdels@cisco.com>
Signed-off-by: Neale Ranns <neale.ranns@cisco.com>
Change-Id: Id1aaa20c9dac729c22b714eea1cdd6e9e4d1f75e
|
|
Type: fix
Change-Id: Ib23f823e46494f80d9d857ddde88f4939bf2b3d1
Signed-off-by: Benoît Ganne <bganne@cisco.com>
|
|
Type: fix
shallow was the default, but probably by accident as it depended on
module load order.
full assembly is the v4 behaviour.
using proper types allows gdb to print enum names.
Signed-off-by: Neale Ranns <neale@graphiant.com>
Change-Id: If157c5b83614c7adbd7a15a8227a68f8caf4e92c
Signed-off-by: Neale Ranns <nranns@cisco.com>
|
|
Type: refactor
Change-Id: Ie67dc579e88132ddb1ee4a34cb69f96920101772
Signed-off-by: Damjan Marion <damarion@cisco.com>
|
|
Type: improvement
Change-Id: Ica5f395075677bda5f38d28e704f65350af88610
Signed-off-by: Neale Ranns <nranns@cisco.com>
|
|
Type: improvement
reduce the compile time by moving the bihash includes out of ip[46].h
Signed-off-by: Neale Ranns <nranns@cisco.com>
Change-Id: I6b9216e10aff1013071f9238b3e1ebbdd205bd80
|
|
Type: improvement
Change-Id: I0c82722dfce990345fe6eeecdb335678543367e0
Signed-off-by: Neale Ranns <nranns@cisco.com>
|
|
VXLAN uses csum_offload for IPv6 packets.
But without gso node we have csum calculated only for inner
packet.
This patch adds support for outer header csum calculation.
Checksum for inner packet should be calculated before
interface-output node (for example in vxlan node).
Type: fix
Signed-off-by: Mohsin Kazmi <sykazmi@cisco.com>
Signed-off-by: Vladimir Isaev <visaev@netgate.com>
Change-Id: Ica68429ede4426293769207cd83c791ebe72fe56
|
|
Fix and optimize DMAC check in ethernet-input node to utilize NIC or
driver which support L3 DMAC-filtering mode so that DMAC check can be
bypassed safely for interfaces/sub-interfaces in L3 mode.
Checking of interface in L3-DMAC-filtering state to avoid DMAC check
require the following:
a) Fix interface driver init sequence for devices which supports L3
DMAC-filtering to indicate its capability and initialize interface
to L3 DMAC-filtering state.
b) Fix ethernet_set_flags() function and its associated callback
flags_change() functions registered by various drivers in interface
infra to provide proper L3 DMAC filtering status.
Maintain interface/sub-interface L3 config count so DMAC checks can be
bypassed if L3 forwarding is not setup on any main/sub-interfaces.
Type: fix
Ticket: VPP-1868
Signed-off-by: John Lo <loj@cisco.com>
Change-Id: I204d90459c13e9e486cfcba4e64e3d479bc9f2ae
|
|
Type: fix
Signed-off-by: Ye donggang <yedg@wangsu.com>
Change-Id: Ia9f72ff2be455ecd4ff3d16e884c5a50f9df69fe
|
|
Type: improvement
- inline some common encap fixup functions into the midchain
rewrite node so we don't incur the cost of the virtual function call
- change the copy 'guess' from ethernet_header (which will never happen) to an ip4 header
- add adj-midchain-tx to multiarch sources
- don't run adj-midchain-tx as a feature, instead put this node as the
adj's next and at the end of the feature arc.
- cache the feature arc config index (to save the cache miss going to fetch it)
- don't check if features are enabled when taking the arc (since we know they are)
the last two changes will also benefit normal adjacencies taking the arc (i.e. for NAT, ACLs, etc)
for IPSec:
- don't run esp_encrypt as a feature, instead when required insert this
node into the adj's next and into the end of the feature arc. this
implies that encrypt is always 'the last feature' run, which is
symmetric with decrypt always being the first.
- esp_encrpyt for tunnels has adj-midchain-tx as next node
Change-Id: Ida0af56a704302cf2d7797ded5f118a781e8acb7
Signed-off-by: Neale Ranns <nranns@cisco.com>
|
|
interface
Type: fix
Signed-off-by: Neale Ranns <nranns@cisco.com>
Change-Id: I0b7c189006e30a357cd6be4f3c9c61fded4157cb
|
|
Type: feature
- replace functions for prefixes attached to interfaces
- add ip_interface.[ch] to consoldate the functions
Signed-off-by: Neale Ranns <nranns@cisco.com>
Change-Id: I9c0c39c09dbf80ea1aadefee02c9bd16f094b6ad
|
|
Type: fix
Change-Id: I87d301aec20b9f5b34997b394493c796188fce14
Signed-off-by: Neale Ranns <nranns@cisco.com>
|
|
Merge two mildly incompatible static inlines, and rename the results
vnet_calc_checksums_inline (...).
The resulting inline has three additional parameters: int is_ip4, int
is_ip6, and int with_gso. All calls manage to pass one or more as
compile-time constants, which causes a certain amount of code to
disappear in each instantiation.
Type: refactor
Signed-off-by: Dave Barach <dave@barachs.net>
Change-Id: I1a2a0e353b9a7bca20bc81318e8c915617261e1a
|
|
Type: fix
- doing so in MTU dec, means mtu_inc is broken
- there's no need to. if a packet encounters ipX-rewrite a second time then it went through a tunnel the first time and is still locally originated.
Change-Id: I0f279c2837b608c1677485fe93f63398ab2737b3
Signed-off-by: Neale Ranns <nranns@cisco.com>
|
|
L4 checksums for IPv6 should be calculated using a pseudo header that
includes the source/destination addresses, payload length, and payload
protocol.
ip6_tcp_udp_icmp_compute_checksum() was using the payload length and
protocol from the IPv6 header. If there is a hop-by-hop header (or any
other extension header), the payload length used for the pseudo header
should only include the upper layer header and payload and not the
extension header bytes. Same deal with the protocol, the upper layer
next header value should be used instead of the extension header.
Type: fix
Fixes: cb9cadad57
Change-Id: Ifa2c9ad41c0fc4eea674f0671255b637c8e01f71
Signed-off-by: Matthew Smith <mgsmith@netgate.com>
|
|
Type: refactor
currently vnet_classify.h is included in ip.h where it's not required.
Change-Id: Id55682637601655aa2edda681536a979c8e323bd
Signed-off-by: Neale Ranns <nranns@cisco.com>
|
|
Type: feature
- ip-neighbour: generic neighbour handling; APIs, DBs, event handling,
aging
- arp: ARP protocol implementation
- ip6-nd; IPv6 neighbor discovery implementation; separate ND,
MLD, RA
- ip6-link; manage link-local addresses
- l2-arp-term; events separated from IP neighbours, since they are not
the same.
vnet retains just enough education to perform ND/ARP packet
construction.
arp and ip6-nd to be moved to plugins soon.
Change-Id: I88dedd0006b299344f4c7024a0aa5baa6b9a8bbe
Signed-off-by: Neale Ranns <nranns@cisco.com>
|
|
Delete Null-checking "p0" in function ip6_tcp_udp_icmp_bad_length,
because it's not necessary.
Type: fix
Signed-off-by: johny <jan.cavojsky@pantheon.tech>
Change-Id: I2bf43a60c1c1d76e42581df27f2285c9e9563093
|
|
This fix is for cancel termination of vpp after receive malformed
packet type of ip6.To avoid termination of vpp are checked if are
missing data in packet. This occours, when payload length in ip6
header packet is more than real count of data in packet. When
this error occours, packet is ignore.
Type: fix
Ticket: VPP-1693, VPP-1694
Change-Id: I9d9ecea7b75c8702cb31aa8051c8d4d7ce19659d
Signed-off-by: johny <jan.cavojsky@pantheon.tech>
|
|
Type: refactor
Change-Id: I51405b9d09fb6fb03d08569369fdd4e11c647908
Signed-off-by: Mohsin Kazmi <sykazmi@cisco.com>
|
|
Type: refactor
Signed-off-by: Neale Ranns <nranns@cisco.com>
Change-Id: I3aad20b35d89fc541fdf185096d71ca12b09a6e2
|
|
This provides a functional interface to IP fragmentation.
Allowing external features to fragment. Supports
arbitrary encap size, for e.g. MPLS or inner fragmentation
of tunnels.
This also removed dual loop in MAP that was fundamentally broken.
Type: fix
Signed-off-by: Ole Troan <ot@cisco.com>
Change-Id: Ia89ecec8ee3cbe2416edbe87630fdb714898c2a8
Signed-off-by: Ole Troan <ot@cisco.com>
|
|
Type: fix
if the packet is about to be fragmented, then don't call any of the
actions that expect the rewrite to have been written.
1) don't double count packets thru the adjacency (original & fragments)
2) don't double decrement the TTL for fragments
3) return to ip4-midchain post ip-frag if that's where we started.
4) only run midchain/mcast fixups if not fragmenting (if no errors)
Change-Id: Ib2866787a42713ee5871b87b597d8f74b901044b
Signed-off-by: Neale Ranns <nranns@cisco.com>
|
|
Type: feature
Based on the configuration, we can disable checksum offload capability
and calculate checksum while pushing the TCP & IP header.
This saves some cycles when VPP stack is used in legacy hardware devices.
Signed-off-by: Srikanth A <srakula@cisco.com>
Change-Id: Ic1b3fcf3040917e47ee65263694ebf7437ac5668
(cherry picked from commit 3642782a2748503f5b5ccf89d1575c1d489948ef)
|
|
otherwise they get installed twice and the reference counting means they are not removed.
This is the same behaviour as IPv4.
Type: fix
Change-Id: I9266e04ccff6ff06a577e85973a2ddbeb9dfc52b
Signed-off-by: Neale Ranns <nranns@cisco.com>
|
|
this is a preparation step for introducing other reassembly types
Type: refactor
Change-Id: I197e299dbd729b00eead31667913b8ceff915d63
Signed-off-by: Klement Sekera <ksekera@cisco.com>
|
|
When checksumming chained buffers with odd lengths: insert a
NULL byte, or the calculation fails.
Type: fix
Signed-off-by: Dave Barach <dave@barachs.net>
Signed-off-by: John Lo <loj@cisco.com>
Change-Id: I380f7c42897bdb28c8c29aa1c4cdaaa849cc9ecc
|
|
Type: refactor
Signed-off-by: Simon Zhang <yuwei1.zhang@intel.com>
Change-Id: I8674ff5f6f6336b256b7df8187afbb36ddef71fb
|
|
Type: feature
Adding a prefix to an interface was not permitted if it overlapped
with another prefix on an interface which used the same FIB.
Loosen the restriction. Allow 2 or more addresses from the same
prefix on a single interface. Reference count the prefix to figure
out when a glean/connected route for the prefix needs to be added
or removed.
Added unit tests to check that the route is only removed when all
addresses in the prefix are removed from the interface.
Change-Id: I1a962ecb5e1ee65fc6d41f98a4cc097a51a55321
Signed-off-by: Matthew Smith <mgsmith@netgate.com>
|
|
Fix ip6_tcp_udp_icmp_compute_checksum to work properly for packets
with multiple buffers.
Fix ip4_tcp_udp_compute_checksum to exit upon detecting error.
Type: fix
Signed-off-by: John Lo <loj@cisco.com>
Change-Id: I673547f4479d72cd60757383343fc562cff10265
|
|
Change-Id: I0c2d6fccd95146e52bb88ca4a6e84554d5d6b2ed
Signed-off-by: Neale Ranns <nranns@cisco.com>
|
|
before and after:
ip4-load-balance 1.54e1
ip4-load-balance 1.36e1
p.s. Quad loops were not beneficial
Change-Id: I7bc01fc26288f0490af74db2b1b7993526c3d982
Signed-off-by: Neale Ranns <nranns@cisco.com>
|
|
Change-Id: I046e481a67fbeffdaa8504c8d77d232b986a61ee
Signed-off-by: John Lo <loj@cisco.com>
|
|
Change-Id: I215e1e0208a073db80ec6f87695d734cf40fabe3
Signed-off-by: Jim Thompson <jim@netgate.com>
|
|
Change-Id: I6527e3fd8bbbca2d5f728621fc66b3856b39d505
Signed-off-by: Neale Ranns <nranns@cisco.com>
|
|
error should be recorded in buffer so that
process-error-punt can handle them correctly
Per Damjan's comments, move counter to under
else clause of last error0==NONE check. Both
v4 and v6 are changed.
Change-Id: I707c7877ccb12589337155173fc4a5200b42ee93
Signed-off-by: Kingwel Xie <kingwel.xie@ericsson.com>
|
|
This commit adds a "gso" parameter to existing "create tap..." CLI,
and a "no-gso" parameter for the compatibility with the future,
when/if defaults change.
It makes use of the lowest bit of the "tap_flags" field in the API call
in order to allow creation of GSO interfaces via API as well.
It does the necessary syscalls to enable the GSO
and checksum offload support on the kernel side and sets two flags
on the interface: virtio-specific virtio_if_t.gso_enabled,
and vnet_hw_interface_t.flags & VNET_HW_INTERFACE_FLAG_SUPPORTS_GSO.
The first one, if enabled, triggers the marking of the GSO-encapsulated
packets on ingress with VNET_BUFFER_F_GSO flag, and
setting vnet_buffer2(b)->gso_size to the desired L4 payload size.
VNET_HW_INTERFACE_FLAG_SUPPORTS_GSO determines the egress packet
processing in interface-output for such packets:
When the flag is set, they are sent out almost as usual (just taking
care to set the vnet header for virtio).
When the flag is not enabled (the case for most interfaces),
the egress path performs the re-segmentation such that
the L4 payload of the transmitted packets equals gso_size.
The operations in the datapath are enabled only when there is at least
one GSO-compatible interface in the system - this is done by tracking
the count in interface_main.gso_interface_count. This way the impact
of conditional checks for the setups that do not use GSO is minimized.
"show tap" CLI shows the state of the GSO flag on the interface, and
the total count of GSO-enabled interfaces (which is used to enable
the GSO-related processing in the packet path).
This commit lacks IPv6 extension header traversal support of any kind -
the L4 payload is assumed to follow the IPv6 header. Also it performs
the offloads only for TCP (TSO - TCP segmentation offload).
The UDP fragmentation offload (UFO) is not part of it.
For debug purposes it also adds the debug CLI:
"set tap gso {<interface> | sw_if_index <sw_idx>} <enable|disable>"
Change-Id: Ifd562db89adcc2208094b3d1032cee8c307aaef9
Signed-off-by: Andrew Yourtchenko <ayourtch@gmail.com>
|
|
Change-Id: I245a8cc8f237242efadcf10d47b76222a6497e89
Signed-off-by: Damjan Marion <damarion@cisco.com>
|
|
Makes ip6-local node dual-loop explicit. This is only a style change.
Change-Id: Ic8e7cecb3f51e98b8a069b501f5c338156934a6d
Signed-off-by: Benoît Ganne <bganne@cisco.com>
|
Matthew Smith
Nathan Skrzypczak
Pim van Pelt
Damjan Marion
Neale Ranns
Mohsin Kazmi
Ahmed Abdelsalam
Benoît Ganne
Neale Ranns
Vladimir Isaev
John Lo
yedg
Dave Barach
johny
Ole Troan
Srikanth A
Klement Sekera
Simon Zhang
Jim Thompson
Kingwel Xie
Andrew Yourtchenko