summaryrefslogtreecommitdiffstats
path: root/src/vnet/ip/ip_api.c
AgeCommit message (Collapse)AuthorFilesLines
2020-05-04misc: binary api fuzz test fixesDave Barach1-2/+3
Add a hook to src/vlibapi/api_shared.c to fuzz (screw up) binary API messages, e.g. by xoring random data into them before processing. We specifically exempt client connection messages, and inband debug CLI messages. We step over msg_id, client index, client context, and sw_if_index. Otherwise, "make test" vectors fail too rapidly to learn anything. The goal is to reduce the number of crashes caused to zero. We're fairly close with this patch. Add vl_msg_api_max_length(void *mp), which returns the maximum plausible length for a binary API message. Use it to hardern vl_api_from_api_to_new_vec(...) which takes an additional argument - message pointer - so it can verify that astr->length is sane. If it's not sane, return a u8 *vector of the form "insane astr->length nnnn\0". Verify array lengths in vl_api_dhcp6_send_client_message_t_handler(...) and vl_api_dhcp6_pd_send_client_message_t_handler(...). Add a fairly effective binary API fuzz hook to the unittest plugin, and modify the "make test" framework.py to pass "api-fuzz { on|off }" to enable API fuzzing: "make API_FUZZ=on TEST=xxx test-debug" or similar Type: improvement Signed-off-by: Dave Barach <dave@barachs.net> Change-Id: I0157267652a163c01553d5267620f719cc6c3bde
2020-04-24ip: Setting the Link-Local address from the API enables IPv6 on theNeale Ranns1-2/+2
interface Type: fix Signed-off-by: Neale Ranns <nranns@cisco.com> Change-Id: I0b7c189006e30a357cd6be4f3c9c61fded4157cb
2020-04-14urpf: Unicast reverse Path Forwarding (plugin)Neale Ranns1-33/+0
Type: feature - move the IP4 code to plugin - add ip6 support - add suport for uRPF on TX - add tests Change-Id: I074c2debc486d3e79c12fad4b8dbd72c41e841a0 Signed-off-by: Neale Ranns <nranns@cisco.com>
2019-12-17ip: Protocol Independent IP NeighborsNeale Ranns1-1341/+37
Type: feature - ip-neighbour: generic neighbour handling; APIs, DBs, event handling, aging - arp: ARP protocol implementation - ip6-nd; IPv6 neighbor discovery implementation; separate ND, MLD, RA - ip6-link; manage link-local addresses - l2-arp-term; events separated from IP neighbours, since they are not the same. vnet retains just enough education to perform ND/ARP packet construction. arp and ip6-nd to be moved to plugins soon. Change-Id: I88dedd0006b299344f4c7024a0aa5baa6b9a8bbe Signed-off-by: Neale Ranns <nranns@cisco.com>
2019-12-10api: multiple connections per processDave Barach1-1/+1
Type: feature Signed-off-by: Dave Barach <dave@barachs.net> Change-Id: I2272521d6e69edcd385ef684af6dd4eea5eaa953
2019-12-04ip: populate ip_reassembly_get_reply correctlyMatthew Smith1-3/+4
Type: fix Fixes: de34c35fc The API handler for requests to retrieve IP reassembly settings was modified to support shallow virtual reassembly. It retrieves settings into local variables now instead of directly into the reply message. The fields in the reply message were not being populated using those variables. So the reply message was being sent with all 0's, except in the is_ip6 field. Also, the max_reassembly length field in the reply message was not being populated. Change-Id: I80b071340fdc190c3a0b1f7294a03f14b6e00ecc Signed-off-by: Matthew Smith <mgsmith@netgate.com>
2019-11-26fib: Table ReplaceNeale Ranns1-117/+73
Type: feature from the API doc, a table replace is: " The use-case is that, for some unspecified reason, the control plane has a very different set of entries it wants in the table than VPP currently has. The CP would thus like to 'replace' VPP's current table only by specifying what the new set of entries shall be, i.e. it is not going to delete anything that already eixts. the CP delcartes the start of this procedure with this begin_replace API Call, and when it has populated all the entries it wants, it calls the below end_replace API. From this point on it is of coursce free to add and delete entries as usual. The underlying mechanism by which VPP implements this replace is purposefully left unspecified. " In the FIB, the algorithm is implemented using mark and sweep. Algorithm goes: 1) replace_begin: this marks all the entries in that table as 'stale' 2) download all the entries that should be in this table - this clears the stale flag on those entries 3) signal the table converged: ip_table_replace_end - this removes all entries that are still stale this procedure can be used when an agent first connects to VPP, as an alternative to dump and diff state reconciliation. Change-Id: I168edec10cf7670866076b129ebfe6149ea8222e Signed-off-by: Neale Ranns <nranns@cisco.com>
2019-10-06ip: Fix IP unnumbered dump of one interfaceNeale Ranns1-1/+1
Type: fix Change-Id: I35fb6fdfba50c4a59cf1ffb94cb51487bcf5afc9 Signed-off-by: Neale Ranns <nranns@cisco.com>
2019-09-26ip: add shallow virtual reassembly functionalityKlement Sekera1-33/+101
Type: feature Change-Id: Ibc8334e26c7e6f6120696c3e313b6e11d73dab99 Signed-off-by: Klement Sekera <ksekera@cisco.com>
2019-09-25ip: refactor reassemblyKlement Sekera1-19/+25
this is a preparation step for introducing other reassembly types Type: refactor Change-Id: I197e299dbd729b00eead31667913b8ceff915d63 Signed-off-by: Klement Sekera <ksekera@cisco.com>
2019-09-23ip: fix memory leak in ip_dump handlerMatthew Smith1-0/+2
Type: fix A vector allocated by vl_api_ip_dump_t_handler() was not being freed. Change-Id: I13425b8087e60df60c6aaa1230aa7e6d60b101a8 Signed-off-by: Matthew Smith <mgsmith@netgate.com>
2019-09-16api: autogenerate api trace print/endianOle Troan1-0/+1
In addition to the external vppapitrace tool, VPP itself supports dumping of API trace files. In two formats, "custom-dump" and "dump". "dump" gives a human friendly list, and "custom-dump" is meant to give a list of commands that can be fed to VAT. This patch only deals with "dump". Prior to this fix, auto-generation was only done for the basic types. This fix adds support for any type, including lists, and supports pretty-printing of enums, strings, IP addresses, MAC addresses and so on. Usage: api trace dump <api-trace-file> For example Change-Id: I4e485680e6dcfce7489299ae6cf31d835071ac40 ---------- trace 48 ----------- vl_api_sw_interface_set_flags_t: _vl_msg_id: 75 client_index: 0 context: 10 sw_if_index: 1 flags: IF_STATUS_API_FLAG_ADMIN_UP ---------- trace 49 ----------- vl_api_sw_interface_add_del_address_t: _vl_msg_id: 88 client_index: 0 context: 11 sw_if_index: 1 is_add: 1 del_all: 0 prefix: 172.16.1.1/24 ---------- trace 51 ----------- vl_api_cli_inband_t: _vl_msg_id: 819 client_index: 0 context: 13 cmd: packet-generator capture pg0 pcap /tmp/vpp-unittest-TestMAP-YhcmDX/pg0_out.pcap disable ---------- trace 58 ----------- vl_api_ip_neighbor_add_del_t: _vl_msg_id: 199 client_index: 0 context: 20 is_add: 1 neighbor: sw_if_index: 2 flags: IP_API_NEIGHBOR_FLAG_NONE mac_address: 0202.0000.ff02 ip_address: fd01:2::2 Signed-off-by: Ole Troan <ot@cisco.com> Change-Id: I5556d06008de2762e7c2d35a8b0963ae670b3db1 Type: fix Signed-off-by: Ole Troan <ot@cisco.com> Signed-off-by: Ole Troan <ot@cisco.com> Signed-off-by: Ole Troan <ot@cisco.com> Signed-off-by: Ole Troan <ot@cisco.com> Signed-off-by: Ole Troan <ot@cisco.com> Signed-off-by: Ole Troan <ot@cisco.com> Signed-off-by: Ole Troan <ot@cisco.com> Signed-off-by: Ole Troan <ot@cisco.com>
2019-08-08api: vppapitrace JSON/API trace converterOle Troan1-1/+1
usage: vppapitrace.py [-h] [--debug] [--apidir APIDIR] {convert,replay} ... optional arguments: -h, --help show this help message and exit --debug enable debug mode --apidir APIDIR Location of JSON API definitions subcommands: valid subcommands {convert,replay} additional help convert Convert API trace to JSON or Python and back replay Replay messages to running VPP instance To convert an API trace file to JSON: vppapitrace convert /tmp/api.trace trace.json To convert an (edited) JSON file back to API trace for replay: vppapitrace convert trace.json api-edited.trace To generate a Python file that can be replayed: vppapitrace convert /tmp/api.trace trace.py vppapitrace convert trace.json trace.py Replay it to a running VPP instance: vppapitrace replay --socket /tmp/api.trace In VPP that file can be replayed with: vpp# api trace replay api-edited.trace This patch also modifies the API binary trace format, to include the message id to message name table. Change-Id: Ie6441efb53c1c93c9f778f6ae9c1758bccc8dd87 Type: refactor Signed-off-by: Ole Troan <ot@cisco.com>
2019-07-03fib: allow route delete with no paths and multipath=0 to remove theNeale Ranns1-10/+5
whole route Type: fix Fixes: 097fa66b Change-Id: I017ab5797670eb278c27c6e306cd8cadaacddf9d Signed-off-by: Neale Ranns <nranns@cisco.com>
2019-06-18fib: fib api updatesNeale Ranns1-803/+253
Enhance the route add/del APIs to take a set of paths rather than just one. Most unicast routing protocols calcualte all the available paths in one run of the algorithm so updating all the paths at once is beneficial for the client. two knobs control the behaviour: is_multipath - if set the the set of paths passed will be added to those that already exist, otherwise the set will replace them. is_add - add or remove the set is_add=0, is_multipath=1 and an empty set, results in deleting the route. It is also considerably faster to add multiple paths at once, than one at a time: vat# ip_add_del_route 1.1.1.1/32 count 100000 multipath via 10.10.10.11 100000 routes in .572240 secs, 174751.80 routes/sec vat# ip_add_del_route 1.1.1.1/32 count 100000 multipath via 10.10.10.12 100000 routes in .528383 secs, 189256.54 routes/sec vat# ip_add_del_route 1.1.1.1/32 count 100000 multipath via 10.10.10.13 100000 routes in .757131 secs, 132077.52 routes/sec vat# ip_add_del_route 1.1.1.1/32 count 100000 multipath via 10.10.10.14 100000 routes in .878317 secs, 113854.12 routes/sec vat# ip_route_add_del 1.1.1.1/32 count 100000 multipath via 10.10.10.11 via 10.10.10.12 via 10.10.10.13 via 10.10.10.14 100000 routes in .900212 secs, 111084.93 routes/sec Change-Id: I416b93f7684745099c1adb0b33edac58c9339c1a Signed-off-by: Neale Ranns <neale.ranns@cisco.com> Signed-off-by: Ole Troan <ot@cisco.com> Signed-off-by: Paul Vinciguerra <pvinci@vinciconsulting.com>
2019-06-06IP-Punt-redirect: allow the use of a FIB path to describe how toNeale Ranns1-44/+47
redirect Change-Id: I2a3ba2a3d73ea8511e3a511855b041432328f0a8 Signed-off-by: Neale Ranns <nranns@cisco.com>
2019-06-03ARP: add feature arcNeale Ranns1-17/+6
- arp-input, registered with the ethernet protocol dispatcher, performs basic checks and starts the arc - arp-reply; first feature on the arc replies to requests and learns from responses (no functional change) - arp-proxy; checks against the proxy DB arp-reply and arp-proxy are enabled when the interface is appropriately configured. Change-Id: I7d1bbabdb8c8b8187cac75e663daa4a5a7ce382a Signed-off-by: Neale Ranns <nranns@cisco.com>
2019-05-22stats: support multiple works for error countersOle Troan1-24/+0
The current code only allowed access to the main thread error counters. That is not so useful for a multi worker instance. No return a vector indexed by thread of counter_t values. Type: fix Change-Id: Ie322c8889c0c8175e1116e71de04a2cf453b9ed7 Signed-off-by: Ole Troan <ot@cisco.com>
2019-05-20reassembly: prevent long chain attackKlement Sekera1-0/+3
limit max # of fragments to 3 per packet by default add API option to configure the limit at runtime Change-Id: Ie4b9507bf5c6095b9a5925972b37fe0032f4f9e8 Signed-off-by: Klement Sekera <ksekera@cisco.com>
2019-04-10API: Fix shared memory only action handlers.Ole Troan1-5/+4
Some API action handlers called vl_msg_ai_send_shmem() directly. That breaks Unix domain socket API transport. A couple (bond / vhost) also tried to send a sw_interface_event directly, but did not send the message to all that had registred interest. That scheme never worked correctly. Refactored and improved the interface event code. Change-Id: Idb90edfd8703c6ae593b36b4eeb4d3ed7da5c808 Signed-off-by: Ole Troan <ot@cisco.com>
2019-04-08fixing typosJim Thompson1-2/+2
Change-Id: I215e1e0208a073db80ec6f87695d734cf40fabe3 Signed-off-by: Jim Thompson <jim@netgate.com>
2019-01-30Use IP and MAC API types for neighborsNeale Ranns1-142/+183
use address_t and mac_address_t for IPv6 and ARP entries and all other API calls in ip.api aprat from the route ones, that will follow in a separate commit Change-Id: I67161737c2184d3f8fc1e79ebd2b55121c5b0191 Signed-off-by: Neale Ranns <nranns@cisco.com>
2019-01-25IP6 FIB: walk table for dump (VPP-1553)Neale Ranns1-12/+7
Change-Id: Iaa57ace6df96bfacd1235c80ec7bb08e5f335530 Signed-off-by: Neale Ranns <nranns@cisco.com>
2019-01-23IP route local and connectedNeale Ranns1-2/+9
allow routes that are local and connected to be added via the API. this emulates the addition of a second address in the same subnet added to an interface. Change-Id: Ib18a08c26956be9a07b3360664210c8cf6734c84 Signed-off-by: Neale Ranns <nranns@cisco.com>
2019-01-07VOM: mroutesNeale Ranns1-4/+6
- fixes in ip.api for dumping mroute path flags Change-Id: I13b0cfb15d374250ed71bd4e13dda9b798c18204 Signed-off-by: Neale Ranns <nranns@cisco.com>
2018-12-20FIB: encode the label stack in the FIB path during table dumpNeale Ranns1-0/+2
Change-Id: I28e8a99b980ad343a4209e673201791b91ceab4e Signed-off-by: Neale Ranns <nranns@cisco.com>
2018-12-18MFIB: recurse resolution through an MFIB entryNeale Ranns1-20/+20
Change-Id: I8dc261e40b8398c5c8ab6bb69ecebbd0176055d9 Signed-off-by: Neale Ranns <nranns@cisco.com>
2018-12-01ip_reassembly_enable_disable reply handler name is changed.Chore1-1/+1
Change-Id: I89be597376690bb75c4347bcfc1c6c3d27c4034c Signed-off-by: Chore <s3m2e1.6star@gmail.com>
2018-11-29api: ip_source_check_interface_add_del api is added.Chore1-0/+32
Change-Id: I4799a9d469c797e54669ff4b50851a9acc849427 Signed-off-by: Chore <s3m2e1.6star@gmail.com>
2018-11-29VPP-1507: Added binary api to dump configured ip_punt_redirectPavel Kotucek1-19/+92
Change-Id: I790f7785e183cc9aaffd5b593617c4e12a32e20d Signed-off-by: Pavel Kotucek <pavel.kotucek@pantheon.tech>
2018-11-12IPv6: Make link-local configurable per-interface (VPP-1446)Juraj Sloboda1-34/+0
Remove old nonfunctional code for setting link-local addresses. Use common API for setting all IPv6 addresses. Change-Id: I562329df86341f81ef2441510a9eefbbf710f6e0 Signed-off-by: Juraj Sloboda <jsloboda@cisco.com> Signed-off-by: Matus Fabian <matfabia@cisco.com>
2018-10-23c11 safe string handling supportDave Barach1-24/+24
Change-Id: Ied34720ca5a6e6e717eea4e86003e854031b6eab Signed-off-by: Dave Barach <dave@barachs.net>
2018-10-17IP Route add/del API is MP safeNeale Ranns1-0/+6
Change-Id: I0bfa4c9a3bb22155d7862cc13019cb172e77407c Signed-off-by: Neale Ranns <nranns@cisco.com>
2018-10-12ip: add container proxy dump API (VPP-1364)Matus Fabian1-0/+49
Change-Id: I3cb89dbfb7174b9913a8c4ad9b3b1dc9f6ed6326 Signed-off-by: Matus Fabian <matfabia@cisco.com>
2018-10-04MFIB-API: when programming an (S,G) fix the grp-lenNeale Ranns1-0/+4
Change-Id: I97052d29080501de53fe95499c860faf0765e81d Signed-off-by: Neale Ranns <neale.ranns@cisco.com>
2018-10-01Add adjacency counters to the stats segmentNeale Ranns1-2/+9
Change-Id: I6b59df939c9daf40e261d73d19f500bd90abe6ff Signed-off-by: Neale Ranns <neale.ranns@cisco.com>
2018-10-01mroute routers in the stats segmentNeale Ranns1-22/+39
Change-Id: I798e4fb6470ae9e763f8de1c290ff0fc3c0b7f9e Signed-off-by: Neale Ranns <nranns@cisco.com>
2018-09-28stats: Split stat_segment and stats code in preparation for deprecation.Ole Troan1-1/+0
Split the stat_segment.c code from stats.c. Rename stats.[ch] to prepare for removing (19.01?) In addition stats.api can be removed. Since the stats aggregation for the stat segment does not use the API, that part is now done on the main thread. (Old stats aggregator is also left in place). Change-Id: I9867429f4fc547b1a7ab7f88bc4f3625428d681b Signed-off-by: Ole Troan <ot@cisco.com>
2018-09-20Route counters in the stats segmentNeale Ranns1-48/+70
route ADD API changed to return the stats segment index to use to read the counters Change-Id: I2ef41e01eaa2f9cfaa49d9c88968897793825925 Signed-off-by: Neale Ranns <nranns@cisco.com>
2018-09-13IP-neighbor: add and delete internal APINeale Ranns1-32/+15
Change-Id: I4d1ab5ff0c8f0756e91bf63e045f88513bb7d039 Signed-off-by: Neale Ranns <neale.ranns@cisco.com>
2018-09-07IP route update fix when multipath and drop setNeale Ranns1-20/+14
Change-Id: I9cec7486cb6e3c5261d74d2b15a4d19469285a30 Signed-off-by: Neale Ranns <nranns@cisco.com>
2018-07-30FIB: return entry prefix by const reference to avoid the copyNeale Ranns1-10/+10
Change-Id: I09b8406168df4b6b28df3ede24ee839681be0195 Signed-off-by: Neale Ranns <neale.ranns@cisco.com>
2018-07-27Fix memory leak in processing of ICMPv6 RA event (VPP-1360)Juraj Sloboda1-1/+2
Change-Id: I7c3e5e91391b1c9b36e8ea8bacee9a107da1ae96 Signed-off-by: Juraj Sloboda <jsloboda@cisco.com>
2018-06-20Fix sw-if-index display error.Brant Lin1-2/+2
If the sw-if-index is set to -1, it will send out all interfaces' arp enties. In this case, the sw-if-index is always set to -1. It is not correct. Change-Id: I21e9ee078c757ac7efa70a2a1f1a7a4eb73d66a1 Signed-off-by: Brant Lin <brant.lin@ericsson.com>
2018-06-14Use unicast DMAC for IP neighbor pool refresh probesJohn Lo1-2/+2
Change-Id: I12fbebd1d24c37dc77c147773ea522c8a4b7b99d Signed-off-by: John Lo <loj@cisco.com>
2018-06-08Add reaper functions to want events APIs (VPP-1304)Neale Ranns1-1/+126
Change-Id: Iaeb52d94cb6da63ee93af7c1cf2dade6046cba1d Signed-off-by: Neale Ranns <nranns@cisco.com>
2018-05-25ARP proxy dumpsNeale Ranns1-6/+94
Change-Id: I8335ebf266becf2f42bb3f28a17dfed8d9b08f97 Signed-off-by: Neale Ranns <nranns@cisco.com>
2018-05-18IP unnumbered dumpNeale Ranns1-0/+69
Change-Id: I4f245fd225bcc563fafee2696cd039477d661c57 Signed-off-by: Neale Ranns <neale.ranns@cisco.com>
2018-05-18IP address dump - don't send subnets for unnumbered interfacesNeale Ranns1-4/+6
Change-Id: I8c64a0d2f757d96ffa7fd042c23b0d814217c215 Signed-off-by: Neale Ranns <neale.ranns@cisco.com>
2018-05-17Fixes in IPv6 RD control planeJuraj Sloboda1-1/+1
Add default route to the VRF table in which the interface is bound. Add missing pool_put. Change-Id: Id76c7dbfbf9bcf18357f372f3eee9b931df1995e Signed-off-by: Juraj Sloboda <jsloboda@cisco.com>