| Age | Commit message (Collapse) | Author | Files | Lines |
|---|
|
Type: improvement
- inline some common encap fixup functions into the midchain
rewrite node so we don't incur the cost of the virtual function call
- change the copy 'guess' from ethernet_header (which will never happen) to an ip4 header
- add adj-midchain-tx to multiarch sources
- don't run adj-midchain-tx as a feature, instead put this node as the
adj's next and at the end of the feature arc.
- cache the feature arc config index (to save the cache miss going to fetch it)
- don't check if features are enabled when taking the arc (since we know they are)
the last two changes will also benefit normal adjacencies taking the arc (i.e. for NAT, ACLs, etc)
for IPSec:
- don't run esp_encrypt as a feature, instead when required insert this
node into the adj's next and into the end of the feature arc. this
implies that encrypt is always 'the last feature' run, which is
symmetric with decrypt always being the first.
- esp_encrpyt for tunnels has adj-midchain-tx as next node
Change-Id: Ida0af56a704302cf2d7797ded5f118a781e8acb7
Signed-off-by: Neale Ranns <nranns@cisco.com>
|
|
interface
Type: fix
Signed-off-by: Neale Ranns <nranns@cisco.com>
Change-Id: I0b7c189006e30a357cd6be4f3c9c61fded4157cb
|
|
Type: feature
- replace functions for prefixes attached to interfaces
- add ip_interface.[ch] to consoldate the functions
Signed-off-by: Neale Ranns <nranns@cisco.com>
Change-Id: I9c0c39c09dbf80ea1aadefee02c9bd16f094b6ad
|
|
Type: fix
Change-Id: I87d301aec20b9f5b34997b394493c796188fce14
Signed-off-by: Neale Ranns <nranns@cisco.com>
|
|
Merge two mildly incompatible static inlines, and rename the results
vnet_calc_checksums_inline (...).
The resulting inline has three additional parameters: int is_ip4, int
is_ip6, and int with_gso. All calls manage to pass one or more as
compile-time constants, which causes a certain amount of code to
disappear in each instantiation.
Type: refactor
Signed-off-by: Dave Barach <dave@barachs.net>
Change-Id: I1a2a0e353b9a7bca20bc81318e8c915617261e1a
|
|
Type: fix
- doing so in MTU dec, means mtu_inc is broken
- there's no need to. if a packet encounters ipX-rewrite a second time then it went through a tunnel the first time and is still locally originated.
Change-Id: I0f279c2837b608c1677485fe93f63398ab2737b3
Signed-off-by: Neale Ranns <nranns@cisco.com>
|
|
L4 checksums for IPv6 should be calculated using a pseudo header that
includes the source/destination addresses, payload length, and payload
protocol.
ip6_tcp_udp_icmp_compute_checksum() was using the payload length and
protocol from the IPv6 header. If there is a hop-by-hop header (or any
other extension header), the payload length used for the pseudo header
should only include the upper layer header and payload and not the
extension header bytes. Same deal with the protocol, the upper layer
next header value should be used instead of the extension header.
Type: fix
Fixes: cb9cadad57
Change-Id: Ifa2c9ad41c0fc4eea674f0671255b637c8e01f71
Signed-off-by: Matthew Smith <mgsmith@netgate.com>
|
|
Type: refactor
currently vnet_classify.h is included in ip.h where it's not required.
Change-Id: Id55682637601655aa2edda681536a979c8e323bd
Signed-off-by: Neale Ranns <nranns@cisco.com>
|
|
Type: feature
- ip-neighbour: generic neighbour handling; APIs, DBs, event handling,
aging
- arp: ARP protocol implementation
- ip6-nd; IPv6 neighbor discovery implementation; separate ND,
MLD, RA
- ip6-link; manage link-local addresses
- l2-arp-term; events separated from IP neighbours, since they are not
the same.
vnet retains just enough education to perform ND/ARP packet
construction.
arp and ip6-nd to be moved to plugins soon.
Change-Id: I88dedd0006b299344f4c7024a0aa5baa6b9a8bbe
Signed-off-by: Neale Ranns <nranns@cisco.com>
|
|
Delete Null-checking "p0" in function ip6_tcp_udp_icmp_bad_length,
because it's not necessary.
Type: fix
Signed-off-by: johny <jan.cavojsky@pantheon.tech>
Change-Id: I2bf43a60c1c1d76e42581df27f2285c9e9563093
|
|
This fix is for cancel termination of vpp after receive malformed
packet type of ip6.To avoid termination of vpp are checked if are
missing data in packet. This occours, when payload length in ip6
header packet is more than real count of data in packet. When
this error occours, packet is ignore.
Type: fix
Ticket: VPP-1693, VPP-1694
Change-Id: I9d9ecea7b75c8702cb31aa8051c8d4d7ce19659d
Signed-off-by: johny <jan.cavojsky@pantheon.tech>
|
|
Type: refactor
Change-Id: I51405b9d09fb6fb03d08569369fdd4e11c647908
Signed-off-by: Mohsin Kazmi <sykazmi@cisco.com>
|
|
Type: refactor
Signed-off-by: Neale Ranns <nranns@cisco.com>
Change-Id: I3aad20b35d89fc541fdf185096d71ca12b09a6e2
|
|
This provides a functional interface to IP fragmentation.
Allowing external features to fragment. Supports
arbitrary encap size, for e.g. MPLS or inner fragmentation
of tunnels.
This also removed dual loop in MAP that was fundamentally broken.
Type: fix
Signed-off-by: Ole Troan <ot@cisco.com>
Change-Id: Ia89ecec8ee3cbe2416edbe87630fdb714898c2a8
Signed-off-by: Ole Troan <ot@cisco.com>
|
|
Type: fix
if the packet is about to be fragmented, then don't call any of the
actions that expect the rewrite to have been written.
1) don't double count packets thru the adjacency (original & fragments)
2) don't double decrement the TTL for fragments
3) return to ip4-midchain post ip-frag if that's where we started.
4) only run midchain/mcast fixups if not fragmenting (if no errors)
Change-Id: Ib2866787a42713ee5871b87b597d8f74b901044b
Signed-off-by: Neale Ranns <nranns@cisco.com>
|
|
Type: feature
Based on the configuration, we can disable checksum offload capability
and calculate checksum while pushing the TCP & IP header.
This saves some cycles when VPP stack is used in legacy hardware devices.
Signed-off-by: Srikanth A <srakula@cisco.com>
Change-Id: Ic1b3fcf3040917e47ee65263694ebf7437ac5668
(cherry picked from commit 3642782a2748503f5b5ccf89d1575c1d489948ef)
|
|
otherwise they get installed twice and the reference counting means they are not removed.
This is the same behaviour as IPv4.
Type: fix
Change-Id: I9266e04ccff6ff06a577e85973a2ddbeb9dfc52b
Signed-off-by: Neale Ranns <nranns@cisco.com>
|
|
this is a preparation step for introducing other reassembly types
Type: refactor
Change-Id: I197e299dbd729b00eead31667913b8ceff915d63
Signed-off-by: Klement Sekera <ksekera@cisco.com>
|
|
When checksumming chained buffers with odd lengths: insert a
NULL byte, or the calculation fails.
Type: fix
Signed-off-by: Dave Barach <dave@barachs.net>
Signed-off-by: John Lo <loj@cisco.com>
Change-Id: I380f7c42897bdb28c8c29aa1c4cdaaa849cc9ecc
|
|
Type: refactor
Signed-off-by: Simon Zhang <yuwei1.zhang@intel.com>
Change-Id: I8674ff5f6f6336b256b7df8187afbb36ddef71fb
|
|
Type: feature
Adding a prefix to an interface was not permitted if it overlapped
with another prefix on an interface which used the same FIB.
Loosen the restriction. Allow 2 or more addresses from the same
prefix on a single interface. Reference count the prefix to figure
out when a glean/connected route for the prefix needs to be added
or removed.
Added unit tests to check that the route is only removed when all
addresses in the prefix are removed from the interface.
Change-Id: I1a962ecb5e1ee65fc6d41f98a4cc097a51a55321
Signed-off-by: Matthew Smith <mgsmith@netgate.com>
|
|
Fix ip6_tcp_udp_icmp_compute_checksum to work properly for packets
with multiple buffers.
Fix ip4_tcp_udp_compute_checksum to exit upon detecting error.
Type: fix
Signed-off-by: John Lo <loj@cisco.com>
Change-Id: I673547f4479d72cd60757383343fc562cff10265
|
|
Change-Id: I0c2d6fccd95146e52bb88ca4a6e84554d5d6b2ed
Signed-off-by: Neale Ranns <nranns@cisco.com>
|
|
before and after:
ip4-load-balance 1.54e1
ip4-load-balance 1.36e1
p.s. Quad loops were not beneficial
Change-Id: I7bc01fc26288f0490af74db2b1b7993526c3d982
Signed-off-by: Neale Ranns <nranns@cisco.com>
|
|
Change-Id: I046e481a67fbeffdaa8504c8d77d232b986a61ee
Signed-off-by: John Lo <loj@cisco.com>
|
|
Change-Id: I215e1e0208a073db80ec6f87695d734cf40fabe3
Signed-off-by: Jim Thompson <jim@netgate.com>
|
|
Change-Id: I6527e3fd8bbbca2d5f728621fc66b3856b39d505
Signed-off-by: Neale Ranns <nranns@cisco.com>
|
|
error should be recorded in buffer so that
process-error-punt can handle them correctly
Per Damjan's comments, move counter to under
else clause of last error0==NONE check. Both
v4 and v6 are changed.
Change-Id: I707c7877ccb12589337155173fc4a5200b42ee93
Signed-off-by: Kingwel Xie <kingwel.xie@ericsson.com>
|
|
This commit adds a "gso" parameter to existing "create tap..." CLI,
and a "no-gso" parameter for the compatibility with the future,
when/if defaults change.
It makes use of the lowest bit of the "tap_flags" field in the API call
in order to allow creation of GSO interfaces via API as well.
It does the necessary syscalls to enable the GSO
and checksum offload support on the kernel side and sets two flags
on the interface: virtio-specific virtio_if_t.gso_enabled,
and vnet_hw_interface_t.flags & VNET_HW_INTERFACE_FLAG_SUPPORTS_GSO.
The first one, if enabled, triggers the marking of the GSO-encapsulated
packets on ingress with VNET_BUFFER_F_GSO flag, and
setting vnet_buffer2(b)->gso_size to the desired L4 payload size.
VNET_HW_INTERFACE_FLAG_SUPPORTS_GSO determines the egress packet
processing in interface-output for such packets:
When the flag is set, they are sent out almost as usual (just taking
care to set the vnet header for virtio).
When the flag is not enabled (the case for most interfaces),
the egress path performs the re-segmentation such that
the L4 payload of the transmitted packets equals gso_size.
The operations in the datapath are enabled only when there is at least
one GSO-compatible interface in the system - this is done by tracking
the count in interface_main.gso_interface_count. This way the impact
of conditional checks for the setups that do not use GSO is minimized.
"show tap" CLI shows the state of the GSO flag on the interface, and
the total count of GSO-enabled interfaces (which is used to enable
the GSO-related processing in the packet path).
This commit lacks IPv6 extension header traversal support of any kind -
the L4 payload is assumed to follow the IPv6 header. Also it performs
the offloads only for TCP (TSO - TCP segmentation offload).
The UDP fragmentation offload (UFO) is not part of it.
For debug purposes it also adds the debug CLI:
"set tap gso {<interface> | sw_if_index <sw_idx>} <enable|disable>"
Change-Id: Ifd562db89adcc2208094b3d1032cee8c307aaef9
Signed-off-by: Andrew Yourtchenko <ayourtch@gmail.com>
|
|
Change-Id: I245a8cc8f237242efadcf10d47b76222a6497e89
Signed-off-by: Damjan Marion <damarion@cisco.com>
|
|
Makes ip6-local node dual-loop explicit. This is only a style change.
Change-Id: Ic8e7cecb3f51e98b8a069b501f5c338156934a6d
Signed-off-by: Benoît Ganne <bganne@cisco.com>
|
|
Optimize IPv6 ip6-local node by rewriting the dual/single loop with
prefetch and simpler unrolling.
My local, unrepresentative tests for GRE4 termination over IPv6 show a
performance improvement of ~40% for ip6-local node alone and ~5%
globally.
Change-Id: I11e1e86d3838dd3c081aa6be5e25dae16ed6e2d8
Signed-off-by: Benoît Ganne <bganne@cisco.com>
|
|
-fno-common makes sure we do not have multiple declarations of the same
global symbol across compilation units. It helps debug nasty linkage
bugs by guaranteeing that all reference to a global symbol use the same
underlying object.
It also helps avoiding benign mistakes such as declaring enum as global
objects instead of types in headers (hence the minor fixes scattered
across the source).
Change-Id: I55c16406dc54ff8a6860238b90ca990fa6b179f1
Signed-off-by: Benoît Ganne <bganne@cisco.com>
|
|
Change-Id: Idd09b5d0597336e4f2028113cae76c94fd1c5427
Signed-off-by: Damjan Marion <damarion@cisco.com>
|
|
Change-Id: I7a48890c075826fbd8c75436dfdc5ffff230a693
Signed-off-by: Neale Ranns <nranns@cisco.com>
|
|
ipsec4-output and ipsec6-output were conflicting with ipsec
interface names ("ipsec<id>") and vnet/interface.c autogenerated
output node ("<ifname>-output").
Changing feature names seems to be the less invasive option.
This patch also changes "input" feature names for consistency.
Change-Id: I4ba10d07e9ba09df20aa2500104252b06b55f8f7
Signed-off-by: Pierre Pfister <ppfister@cisco.com>
|
|
Verify that last node in the computed feature order matches
reality. This check doesn't make sense in all cases, so we skip it if
the newly-added vnet_feature_arc_registration_t ".last_in_arc" datum
is a NULL pointer.
Change-Id: Ia99c3e2b2da2e4780a7d5bc71670c5742a66fef2
Signed-off-by: Dave Barach <dave@barachs.net>
|
|
Change-Id: Id4f37f5d4a03160572954a416efa1ef9b3d79ad1
Signed-off-by: Dave Barach <dave@barachs.net>
|
|
Remove old nonfunctional code for setting link-local addresses.
Use common API for setting all IPv6 addresses.
Change-Id: I562329df86341f81ef2441510a9eefbbf710f6e0
Signed-off-by: Juraj Sloboda <jsloboda@cisco.com>
Signed-off-by: Matus Fabian <matfabia@cisco.com>
|
|
Change-Id: Idbce0393fc9e6e8dbb2765ed164ba7f90d1ffccc
Signed-off-by: Neale Ranns <nranns@cisco.com>
|
|
Change-Id: Ied34720ca5a6e6e717eea4e86003e854031b6eab
Signed-off-by: Dave Barach <dave@barachs.net>
|
|
Change-Id: Ic6b27659f1fe9e8df39e80a0441305e4e952195a
Signed-off-by: Klement Sekera <ksekera@cisco.com>
|
|
Change-Id: I3aa4708c1c3cdda344f282d56b617677080eaaa1
Signed-off-by: Juraj Sloboda <jsloboda@cisco.com>
|
|
- Error where ICMPv6 error code doesn't reset VLIB_TX = -1
Leading to crash for ICMP generated on tunnelled packets
- Missed setting VNET_BUFFER_F_LOCALLY_ORIGINATED, so
IP in IPv6 packets never got fragmented.
- Add support for fragmentation of buffer chains.
- Remove support for inner fragmentation in frag code itself.
Change-Id: If9a97301b7e35ca97ffa5c0fada2b9e7e7dbfb27
Signed-off-by: Ole Troan <ot@cisco.com>
|
|
Not only is it wasteful to send all fragments back through ip4-lookup, but
it doesn't work with tunnel mechanisms that don't have IP enabled on their
payload side.
Change-Id: Ic92d95982dddaa70969a2a6ea2f98edec7614425
Signed-off-by: Ole Troan <ot@cisco.com>
|
|
The dev build ('make build') was failing because
ip4_rewrite_bcast() and ip6_rewrite_bcast() are declared static
and were not referenced.
The node functions that were set for directed broadcast rewrite:
ip4_rewrite_bcast_node - ip4_rewrite()
ip6_rewrite_bcast_node - ip6_rewrite()
Changed to:
ip4_rewrite_bcast_node - ip4_rewrite_bcast()
ip6_rewrite_bcast_node - ip6_rewrite_bcast()
The release build ('make build-release') succeeds because there is
a VLIB_NODE_FUNCTION_MULTIARCH() call referencing the function. That
macro is empty for dev builds.
Change-Id: I2a05f00ca43d0eae8ff2e3026991e69917003fe1
Signed-off-by: Matthew Smith <mgsmith@netgate.com>
|
|
with ip direct broadcast enable a packet to the interface's
subnet broadcast address with be sent L2 broadcast on the
interface. dissabled, it will be dropped. it is disabled by
default, which preserves current behaviour
Change-Id: If154cb92e64834e97a541b32624354348a0eafb3
Signed-off-by: Neale Ranns <nranns@cisco.com>
|
|
It is cheaper to get thread index from vlib_main_t if available...
Change-Id: I4582e160d06d9d7fccdc54271912f0635da79b50
Signed-off-by: Damjan Marion <damarion@cisco.com>
|
|
Thanks to gcc-8 for highlighting this...
Change-Id: I53bfab631a40fd1b680c76a48b0307a33fa2b154
Signed-off-by: Damjan Marion <damarion@cisco.com>
|
|
After calling vlib_packet_template_get_packet(), make sure
packet buffer is allocated before using it.
Change-Id: Idb5199f4e2c9596137b2101e502d611f474a6ffe
Signed-off-by: John Lo <loj@cisco.com>
|
Neale Ranns
Dave Barach
Matthew Smith
johny
Mohsin Kazmi
Ole Troan
Srikanth A
Klement Sekera
Simon Zhang
John Lo
Jim Thompson
Kingwel Xie
Andrew Yourtchenko
Damjan Marion
Benoît Ganne
Pierre Pfister
Juraj Sloboda