summaryrefslogtreecommitdiffstats
path: root/src/vnet/ip/ip6_forward.c
AgeCommit message (Collapse)AuthorFilesLines
2019-08-12ip: allow addrs from the same prefix on intfMatthew Smith1-22/+129
Type: feature Adding a prefix to an interface was not permitted if it overlapped with another prefix on an interface which used the same FIB. Loosen the restriction. Allow 2 or more addresses from the same prefix on a single interface. Reference count the prefix to figure out when a glean/connected route for the prefix needs to be added or removed. Added unit tests to check that the route is only removed when all addresses in the prefix are removed from the interface. Change-Id: I1a962ecb5e1ee65fc6d41f98a4cc097a51a55321 Signed-off-by: Matthew Smith <mgsmith@netgate.com>
2019-08-03ip: fix ip6/udp checksum for pkts using buffer chainingJohn Lo1-4/+12
Fix ip6_tcp_udp_icmp_compute_checksum to work properly for packets with multiple buffers. Fix ip4_tcp_udp_compute_checksum to exit upon detecting error. Type: fix Signed-off-by: John Lo <loj@cisco.com> Change-Id: I673547f4479d72cd60757383343fc562cff10265
2019-06-04Punt: specify packets by IP protocol TypeNeale Ranns1-0/+10
Change-Id: I0c2d6fccd95146e52bb88ca4a6e84554d5d6b2ed Signed-off-by: Neale Ranns <nranns@cisco.com>
2019-05-30IP load-balance; perf improvement using the usual reciepeNeale Ranns1-168/+127
before and after: ip4-load-balance 1.54e1 ip4-load-balance 1.36e1 p.s. Quad loops were not beneficial Change-Id: I7bc01fc26288f0490af74db2b1b7993526c3d982 Signed-off-by: Neale Ranns <nranns@cisco.com>
2019-04-10Make tcp/udp/icmp compute checksum safer for buffer-chain caseJohn Lo1-1/+1
Change-Id: I046e481a67fbeffdaa8504c8d77d232b986a61ee Signed-off-by: John Lo <loj@cisco.com>
2019-04-08fixing typosJim Thompson1-1/+1
Change-Id: I215e1e0208a073db80ec6f87695d734cf40fabe3 Signed-off-by: Jim Thompson <jim@netgate.com>
2019-03-28IPSEC: run encrpyt as a feautre on the tunnelNeale Ranns1-6/+23
Change-Id: I6527e3fd8bbbca2d5f728621fc66b3856b39d505 Signed-off-by: Neale Ranns <nranns@cisco.com>
2019-03-26ip6-rewrite: bug fix buffer->error in dual loopKingwel Xie1-2/+12
error should be recorded in buffer so that process-error-punt can handle them correctly Per Damjan's comments, move counter to under else clause of last error0==NONE check. Both v4 and v6 are changed. Change-Id: I707c7877ccb12589337155173fc4a5200b42ee93 Signed-off-by: Kingwel Xie <kingwel.xie@ericsson.com>
2019-02-19tap gso: experimental supportAndrew Yourtchenko1-10/+44
This commit adds a "gso" parameter to existing "create tap..." CLI, and a "no-gso" parameter for the compatibility with the future, when/if defaults change. It makes use of the lowest bit of the "tap_flags" field in the API call in order to allow creation of GSO interfaces via API as well. It does the necessary syscalls to enable the GSO and checksum offload support on the kernel side and sets two flags on the interface: virtio-specific virtio_if_t.gso_enabled, and vnet_hw_interface_t.flags & VNET_HW_INTERFACE_FLAG_SUPPORTS_GSO. The first one, if enabled, triggers the marking of the GSO-encapsulated packets on ingress with VNET_BUFFER_F_GSO flag, and setting vnet_buffer2(b)->gso_size to the desired L4 payload size. VNET_HW_INTERFACE_FLAG_SUPPORTS_GSO determines the egress packet processing in interface-output for such packets: When the flag is set, they are sent out almost as usual (just taking care to set the vnet header for virtio). When the flag is not enabled (the case for most interfaces), the egress path performs the re-segmentation such that the L4 payload of the transmitted packets equals gso_size. The operations in the datapath are enabled only when there is at least one GSO-compatible interface in the system - this is done by tracking the count in interface_main.gso_interface_count. This way the impact of conditional checks for the setups that do not use GSO is minimized. "show tap" CLI shows the state of the GSO flag on the interface, and the total count of GSO-enabled interfaces (which is used to enable the GSO-related processing in the packet path). This commit lacks IPv6 extension header traversal support of any kind - the L4 payload is assumed to follow the IPv6 header. Also it performs the offloads only for TCP (TSO - TCP segmentation offload). The UDP fragmentation offload (UFO) is not part of it. For debug purposes it also adds the debug CLI: "set tap gso {<interface> | sw_if_index <sw_idx>} <enable|disable>" Change-Id: Ifd562db89adcc2208094b3d1032cee8c307aaef9 Signed-off-by: Andrew Yourtchenko <ayourtch@gmail.com>
2019-02-19ip6-local: fix uninitialized variable errorDamjan Marion1-1/+1
Change-Id: I245a8cc8f237242efadcf10d47b76222a6497e89 Signed-off-by: Damjan Marion <damarion@cisco.com>
2019-02-18Explicit dual-loop in ip6-localBenoît Ganne1-72/+134
Makes ip6-local node dual-loop explicit. This is only a style change. Change-Id: Ic8e7cecb3f51e98b8a069b501f5c338156934a6d Signed-off-by: Benoît Ganne <bganne@cisco.com>
2019-02-15Optimize ip6-localBenoît Ganne1-246/+187
Optimize IPv6 ip6-local node by rewriting the dual/single loop with prefetch and simpler unrolling. My local, unrepresentative tests for GRE4 termination over IPv6 show a performance improvement of ~40% for ip6-local node alone and ~5% globally. Change-Id: I11e1e86d3838dd3c081aa6be5e25dae16ed6e2d8 Signed-off-by: Benoît Ganne <bganne@cisco.com>
2019-02-14Add -fno-common compile optionBenoît Ganne1-1/+3
-fno-common makes sure we do not have multiple declarations of the same global symbol across compilation units. It helps debug nasty linkage bugs by guaranteeing that all reference to a global symbol use the same underlying object. It also helps avoiding benign mistakes such as declaring enum as global objects instead of types in headers (hence the minor fixes scattered across the source). Change-Id: I55c16406dc54ff8a6860238b90ca990fa6b179f1 Signed-off-by: Benoît Ganne <bganne@cisco.com>
2019-02-13ip6: convert code to new multiarchDamjan Marion1-91/+57
Change-Id: Idd09b5d0597336e4f2028113cae76c94fd1c5427 Signed-off-by: Damjan Marion <damarion@cisco.com>
2018-12-16IP6-MFIB: replace the radix tree with bihash (VPP-1526)Neale Ranns1-2/+5
Change-Id: I7a48890c075826fbd8c75436dfdc5ffff230a693 Signed-off-by: Neale Ranns <nranns@cisco.com>
2018-12-12Change ipsec feature node namesPierre Pfister1-4/+4
ipsec4-output and ipsec6-output were conflicting with ipsec interface names ("ipsec<id>") and vnet/interface.c autogenerated output node ("<ifname>-output"). Changing feature names seems to be the less invasive option. This patch also changes "input" feature names for consistency. Change-Id: I4ba10d07e9ba09df20aa2500104252b06b55f8f7 Signed-off-by: Pierre Pfister <ppfister@cisco.com>
2018-11-26Add a feature arc consistency checkDave Barach1-0/+3
Verify that last node in the computed feature order matches reality. This check doesn't make sense in all cases, so we skip it if the newly-added vnet_feature_arc_registration_t ".last_in_arc" datum is a NULL pointer. Change-Id: Ia99c3e2b2da2e4780a7d5bc71670c5742a66fef2 Signed-off-by: Dave Barach <dave@barachs.net>
2018-11-14Remove c-11 memcpy checks from perf-critical codeDave Barach1-14/+14
Change-Id: Id4f37f5d4a03160572954a416efa1ef9b3d79ad1 Signed-off-by: Dave Barach <dave@barachs.net>
2018-11-12IPv6: Make link-local configurable per-interface (VPP-1446)Juraj Sloboda1-0/+31
Remove old nonfunctional code for setting link-local addresses. Use common API for setting all IPv6 addresses. Change-Id: I562329df86341f81ef2441510a9eefbbf710f6e0 Signed-off-by: Juraj Sloboda <jsloboda@cisco.com> Signed-off-by: Matus Fabian <matfabia@cisco.com>
2018-11-08IP load-balance; trace at the end of the node so the flow hash used is displayedNeale Ranns1-3/+3
Change-Id: Idbce0393fc9e6e8dbb2765ed164ba7f90d1ffccc Signed-off-by: Neale Ranns <nranns@cisco.com>
2018-10-23c11 safe string handling supportDave Barach1-3/+3
Change-Id: Ied34720ca5a6e6e717eea4e86003e854031b6eab Signed-off-by: Dave Barach <dave@barachs.net>
2018-10-22ipsec: split ipsec nodes into ip4/ip6 nodesKlement Sekera1-4/+4
Change-Id: Ic6b27659f1fe9e8df39e80a0441305e4e952195a Signed-off-by: Klement Sekera <ksekera@cisco.com>
2018-10-04Support reassembly for fragments coming to ip4-local nodeJuraj Sloboda1-0/+1
Change-Id: I3aa4708c1c3cdda344f282d56b617677080eaaa1 Signed-off-by: Juraj Sloboda <jsloboda@cisco.com>
2018-09-27IPIP and IPv6 fragmentationOle Troan1-1/+2
- Error where ICMPv6 error code doesn't reset VLIB_TX = -1 Leading to crash for ICMP generated on tunnelled packets - Missed setting VNET_BUFFER_F_LOCALLY_ORIGINATED, so IP in IPv6 packets never got fragmented. - Add support for fragmentation of buffer chains. - Remove support for inner fragmentation in frag code itself. Change-Id: If9a97301b7e35ca97ffa5c0fada2b9e7e7dbfb27 Signed-off-by: Ole Troan <ot@cisco.com>
2018-08-17VPP-1392: VXLAN fails with IP fragmentationOle Troan1-1/+1
Not only is it wasteful to send all fragments back through ip4-lookup, but it doesn't work with tunnel mechanisms that don't have IP enabled on their payload side. Change-Id: Ic92d95982dddaa70969a2a6ea2f98edec7614425 Signed-off-by: Ole Troan <ot@cisco.com>
2018-07-21fix IP directed broadcast node declarationsMatthew Smith1-1/+1
The dev build ('make build') was failing because ip4_rewrite_bcast() and ip6_rewrite_bcast() are declared static and were not referenced. The node functions that were set for directed broadcast rewrite: ip4_rewrite_bcast_node - ip4_rewrite() ip6_rewrite_bcast_node - ip6_rewrite() Changed to: ip4_rewrite_bcast_node - ip4_rewrite_bcast() ip6_rewrite_bcast_node - ip6_rewrite_bcast() The release build ('make build-release') succeeds because there is a VLIB_NODE_FUNCTION_MULTIARCH() call referencing the function. That macro is empty for dev builds. Change-Id: I2a05f00ca43d0eae8ff2e3026991e69917003fe1 Signed-off-by: Matthew Smith <mgsmith@netgate.com>
2018-07-20IP directed broadcastNeale Ranns1-7/+21
with ip direct broadcast enable a packet to the interface's subnet broadcast address with be sent L2 broadcast on the interface. dissabled, it will be dropped. it is disabled by default, which preserves current behaviour Change-Id: If154cb92e64834e97a541b32624354348a0eafb3 Signed-off-by: Neale Ranns <nranns@cisco.com>
2018-07-11avoid using thread local storage for thread indexDamjan Marion1-2/+2
It is cheaper to get thread index from vlib_main_t if available... Change-Id: I4582e160d06d9d7fccdc54271912f0635da79b50 Signed-off-by: Damjan Marion <damarion@cisco.com>
2018-06-26node functions cannot be always_inlineDamjan Marion1-1/+1
Thanks to gcc-8 for highlighting this... Change-Id: I53bfab631a40fd1b680c76a48b0307a33fa2b154 Signed-off-by: Damjan Marion <damarion@cisco.com>
2018-06-19Check get packet template allocation failure (VPP-1321)John Lo1-0/+2
After calling vlib_packet_template_get_packet(), make sure packet buffer is allocated before using it. Change-Id: Idb5199f4e2c9596137b2101e502d611f474a6ffe Signed-off-by: John Lo <loj@cisco.com>
2018-06-14Use unicast DMAC for IP neighbor pool refresh probesJohn Lo1-2/+3
Change-Id: I12fbebd1d24c37dc77c147773ea522c8a4b7b99d Signed-off-by: John Lo <loj@cisco.com>
2018-06-14MTU: IP fragmentation added to ip4-rewrite and ip6-rewriteOle Troan1-12/+35
Change-Id: Ibae260273f25a319153be37470aed49ff73e957a Signed-off-by: Ole Troan <ot@cisco.com>
2018-06-04ip4: optimize ip4_localFlorin Coras1-0/+1
"sh run" says the number of clocks for my tcp based throughput test dropped from ~43 to ~23 Change-Id: I719439ba7fc079ad36be1432c5d7cf74e3b70d73 Signed-off-by: Florin Coras <fcoras@cisco.com>
2018-06-04ip: save fib index for buffer in ip lookupFlorin Coras1-21/+9
Avoids recomputing the fib index in ip local for locally delivered packets and should incur no extra cost when forwarding packets. Change-Id: Id826ffa8206392087327f154337eabc8a801b4d7 Signed-off-by: Florin Coras <fcoras@cisco.com>
2018-05-23VPP-1283: IPv6 PMTU missing MTU value in ICMP6 message.Ole Troan1-16/+26
Fix GRE/IPv6 setting of ip->payload_length (which has never worked). Change-Id: Ie68f1cc7bbb70489d6ec97356132c783f2345e1e Signed-off-by: Ole Troan <ot@cisco.com>
2018-05-15No overlapping sub-nets on any interface in the same table/VRF (VPP-943)Neale Ranns1-0/+44
DBGvpp# set int ip addr loop0 10.10.10.10/24 DBGvpp# set int ip addr loop0 10.10.10.11/24 set interface ip address: failed to add 10.10.10.11/24 which conflicts with 10.10.10.10/24 for interface loop0 Change-Id: Iba63ffafbd36b6146ce86adb78139da9d55b40ba Signed-off-by: Neale Ranns <nranns@cisco.com>
2018-04-27IPv6 NS: use the mcast rewrite node to fill in the destination MACNeale Ranns1-263/+0
- move the IPv6 incomplete and glean node to ip6_neighbour.c (so it has access to ip6_neighbour_main_t) - use the RA info config on the interface to find the multicast adj to use Change-Id: I835e419072abe54fb09dafb0e7eb0a9e50eba1af Signed-off-by: Neale Ranns <nranns@cisco.com>
2018-04-18Mcast rewrite optimisationsNeale Ranns1-3/+21
hard code the address mask offsets. This are protocol specific and only used on ethernet when used at all. Change-Id: Ib1f6f33682f53254ffbb5a241a1583e65420e0c7 Signed-off-by: Neale Ranns <nranns@cisco.com>
2018-04-13Revert "MTU: Setting of MTU on software interface (instead of hardware ↵Damjan Marion1-61/+43
interface)" This reverts commit 70083ee74c3141bbefb185525315f1b34497dcaa. Reverting as this patch is causing following crash: 0: /home/damarion/cisco/vpp3/build-data/../src/vnet/devices/devices.h:131 (vnet_get_device_input_thread_index) assertion `queue_id < vec_len (hw->input_node_thread_index_by_queue)' fails Aborted Change-Id: Ie2a365032110b1f67be7a9d832885b9899813d39 Signed-off-by: Damjan Marion <damarion@cisco.com>
2018-04-13MTU: Setting of MTU on software interface (instead of hardware interface)Ole Troan1-43/+61
Change-Id: I98bd454a761a1032738a21edeb0fe847e801f901 Signed-off-by: Ole Troan <ot@cisco.com>
2018-04-12Fixes for 'make UNATTENDED=yes CC=clang CXX=clang verify'Neale Ranns1-2/+2
Change-Id: I994649761fe2e66e12ae0e49a84fb1d0a966ddfb Signed-off-by: Neale Ranns <nranns@cisco.com>
2018-03-29ip6: fix ip6-local urpf checkingFlorin Coras1-4/+7
Use sw_if_index[VLIB_TX] if set as fib index when doing the urpf check. Change-Id: I5ec3e7f7a54c6782704d91e9a5614fd0f7f9e3de Signed-off-by: Florin Coras <fcoras@cisco.com>
2018-03-21reassembly: feature/concurrencyKlement Sekera1-1/+0
This change makes ip reassembly an interface feature, while adding concurrency support. Due to this, punt is no longer needed to test reassembly. Change-Id: I467669514ec33283ce935be0f1dd08f07684f0c7 Signed-off-by: Klement Sekera <ksekera@cisco.com>
2018-03-18Remove unnumbered configuration on interface deleteNeale Ranns1-1/+2
Change-Id: Iae5532c3d53e208831f3b2782242d9e59d367087 Signed-off-by: Neale Ranns <nranns@cisco.com>
2018-03-05IP6 link-local tableNeale Ranns1-3/+4
- IPv6 link local table is a per-SW interface array of IPv6 unicast FIBs - the per-interface ocst is sizeof(fib_table_t) which is small, w.r.t. the cost of an interface - FE80::/10 in the 'global' table points to a DPO that performs a lookup in the input interface's LL fib. Change-Id: Ice834b25ebeeacb2e929d7c864d7ec8c09918cbe Signed-off-by: Neale Ranns <neale.ranns@cisco.com>
2018-03-016RD: Rewritten 6RD RFC5969 support.Ole Troan1-1/+2
Change-Id: Ic30fbcb2630f39e45345d7215babf5d7ed4b33a0 Signed-off-by: Ole Troan <ot@cisco.com>
2018-02-08ip: move lookup inline functions to header fileVijayabhaskar Katamreddy1-276/+1
Needed to allow other code paths to reuse them. Change-Id: I9e469527c6b2e9a6fec7af5f17d8b400a2e85826 Signed-off-by: Vijayabhaskar Katamreddy <vkatamre@cisco.com>
2018-02-07classifier-based ACL: refactor + add output ACLAndrew Yourtchenko1-0/+6
For implementation of MACIP ACLs enhancement (VPP-1088), an outbound classifier-based ACL would be needed. There was an existing incomplete code for outbound ACLs, it looked almost exact copy of input ACLs, minus the various enhancements, trying to sync that code seemed error-prone and cumbersome to maintain in the longer run. This change refactors the input+output ACLs processing into a unified routine (thus any changes will have effect on both), and also adds the API to set the output interface ACL, with the same format and semantics as the existing input one (except working on output ACL of course). WARNING: IP outbound ACL in L3 mode clobbers the ip.* fields in the vnet_buffer_opaque_t, since the code is using l2_classify.* The net_buffer (p0)->ip.save_rewrite_length is rescued into l2_classify.pad.l2_len, and used to rewind the header in case of drop, so that ipX_drop prints something sensible. Change-Id: I62f814f1e3650e504474a3a5359edb8a0a8836ed Signed-off-by: Andrew Yourtchenko <ayourtch@gmail.com>
2018-02-01IPv4/6 reassemblyKlement Sekera1-0/+2
Change-Id: Ic5dcadd13c88b8a5e7896dab82404509c081614a Signed-off-by: Klement Sekera <ksekera@cisco.com>
2018-01-31Improved tracing for the IP[46] not-enabled case.Neale Ranns1-10/+10
now we get 00:00:03:665501: pg-input ... 00:00:03:665681: ethernet-input ... 00:00:03:665691: ip6-input UDP: 2001::1 -> ffef::1 tos 0x00, flow label 0x0, hop limit 64, payload length 108 UDP: 1234 -> 1234 length 108, checksum 0x7b25 00:00:03:665695: ip6-not-enabled UDP: 2001::1 -> ffef::1 tos 0x00, flow label 0x0, hop limit 64, payload length 108 UDP: 1234 -> 1234 length 108, checksum 0x7b25 00:00:03:665706: error-drop ethernet-input: no error Same goes for IPv4 Change-Id: Ia360df39b43281d3a0aa1b686f04b73cfa37c546 Signed-off-by: Neale Ranns <nranns@cisco.com>