aboutsummaryrefslogtreecommitdiffstats
path: root/src/vnet/ip
AgeCommit message (Collapse)AuthorFilesLines
2017-11-07ip: add container proxy apiFlorin Coras4-20/+166
Change-Id: Id324a757517f85973097e20e2eb88d64ae0e931b Signed-off-by: Florin Coras <fcoras@cisco.com>
2017-11-03vnet: ip4/6_local->don't drop packet if marked for TCP/UDP offload cksum ↵Jakub Grajciar2-8/+26
calculation Change-Id: I62f625a93e5d818caef382316035cd5447bd8fef Signed-off-by: Jakub Grajciar <Jakub.Grajciar@pantheon.tech>
2017-11-03punt: free whole buffer chain if such is puntedKlement Sekera1-1/+1
Change-Id: I1326f21f0a00a201d2bdb55b73af14fca6ba8888 Signed-off-by: Klement Sekera <ksekera@cisco.com>
2017-11-01session: add support for proxying appsFlorin Coras1-1/+3
To enable this, applications set the proxy flag in their attach requests and pass the transport protocols they want to act as proxies for as part of the attach options. When proxy is enabled, session rules that point incoming packets to the proxy app are addedd to the local and global session tables, if these scopes are accessible to the app. In particular, in case of the former, the rule accepts packets from all sources and all ports destined to the namespace's supporting interface address on any port. While in case of the latter, a generic any destination and any port rule is addedd. Change-Id: I791f8c1cc083350f02e26a2ac3bdbbfbfa19ece3 Signed-off-by: Florin Coras <fcoras@cisco.com>
2017-10-31Refactor IP input checks for re-use at MPLS dispositionNeale Ranns4-257/+411
Change-Id: I7aafdecd6f370411138e6ab67b2ff72cda6e0666 Signed-off-by: Neale Ranns <nranns@cisco.com>
2017-10-29session: fix coverity warningsFlorin Coras1-3/+8
Change-Id: Ib87eccb853cafceea5f5513f6bb51c2364449afa Signed-off-by: Florin Coras <fcoras@cisco.com>
2017-10-28session: rules tablesFlorin Coras2-0/+118
This introduces 5-tuple lookup tables that may be used to implement custom session layer actions at connection establishment time (session layer perspective). The rules table build mask-match-action lookup trees that for a given 5-tuple key return the action for the first longest match. If rules overlap, ordering is established by tuple longest match with the following descending priority: remote ip, local ip, remote port, local port. At this time, the only match action supported is to forward packets to the application identified by the action. Change-Id: Icbade6fac720fa3979820d50cd7d6137f8b635c3 Signed-off-by: Florin Coras <fcoras@cisco.com>
2017-10-25L3 proxy FIB source for container networkingAndrew Yourtchenko1-0/+79
Change-Id: I4164c4c19c8dbfd73e6ddf94a12056325cc093b9 Signed-off-by: Neale Ranns <nranns@cisco.com> Signed-off-by: Andrew Yourtchenko <ayourtch@gmail.com>
2017-10-24Add extern to *_main global variable declarations in header files.Dave Wallace4-2/+6
- Global variables declared in header files without the use of the 'extern' keword will result in multiple instances of the variable to be created by the compiler -- one for each different source file in which the the header file is included. This results in wasted memory allocated in the BSS segments as well as potentially introducing bugs in the application. Change-Id: I6ef1790b60a0bd9dd3994f8510723decf258b0cc Signed-off-by: Dave Wallace <dwallacelf@gmail.com>
2017-10-19Remove unused 'not_last' parameter from ip_add_del_routeMarek Gradzki1-3/+0
Vat supports setting value for the parameter, but 'not_last' is ignored by ip_add_del_route handler, so can be removed. This patch - updates ip.api, - removes vat handlers - updates vpp_papi_provider.py (also mpls_route_add_del with unused not_last) Change-Id: Ife15de123db4bc8247103a29b90bce1988e46534 Signed-off-by: Marek Gradzki <mgradzki@cisco.com>
2017-10-18VPP-930: add missing ntohl to send_ip6_fib_details(...)Dave Barach1-1/+1
Change-Id: I0c1671f3eaf2dad084e3ac9fb124c9ed78273f50 Signed-off-by: Dave Barach <dave@barachs.net>
2017-10-16udp: refactor udp codeFlorin Coras2-12/+46
Change-Id: I44d5c9df7c49b8d4d5677c6d319033b2da3e6b80 Signed-off-by: Florin Coras <fcoras@cisco.com>
2017-10-15ip: avoid arp assert if out of buffers (VPP-1030)Florin Coras1-0/+4
Change-Id: Ia31b978c6c1619c3e0075a84fcbbb6ccbf1c0076 Signed-off-by: Florin Coras <fcoras@cisco.com>
2017-10-15Revert "Enforce FIB table creation before use"Florin Coras2-3/+37
This reverts commit f9342023c19887da656133e2688a90d70383b0c5. Reverting to unblock master. No idea why jjb +1ed this patch! On closer inspection it looks like it -1ed it and subsequently changed opinion. CSIT tests should be fixed before re-merging. Change-Id: I26608912a962c52083073e16c7c9d2cc44a3cc8d Signed-off-by: Florin Coras <fcoras@cisco.com>
2017-10-14Source Lookup progammable via APINeale Ranns2-0/+9
Change-Id: I5d5d4f22b6369d504455a644f73076d772fbcfb4 Signed-off-by: Neale Ranns <nranns@cisco.com>
2017-10-13Enforce FIB table creation before useNeale Ranns2-37/+3
last i the serise of the use of the FIB table create/delete API. VPP now forces the tables to have been explicitly creted before they are used. Change-Id: Ifde3b1bbb76697a01ab71bce4f5264e6d1725467 Signed-off-by: Neale Ranns <nranns@cisco.com>
2017-10-13VPP-1027: DNS name resolverDave Barach1-0/+3
This patch is a plausible first-cut, suitable for initial testing by vcl (host stack client library). Main features; - recursive name resolution - multiple ip4/ip6 name servers - cache size limit enforcement - currently limited to 65K - ttl / aging - static mapping support - show / clear / debug CLI commands Binary APIs provided for the following: - add/delete name servers - enable/disable the name cache - resolve a name To Do list: - Respond to ip4/ip6 client DNS requests (vs. binary API requests) - Perf / scale tuning - map pending transaction ids to pool indices, so the cache can (greatly) exceed 65K entries - Security improvements - Use unpredictable dns transaction IDs, related to previous item - Make sure that response-packet src ip addresses match the server - Add binary APIs - deliver raw response data to clients - control recursive name resolution - Documentation Change-Id: I48c373d5c05d7108ccd814d4055caf8c75ca10b7 Signed-off-by: Dave Barach <dave@barachs.net>
2017-10-10session: add support for application namespacingFlorin Coras4-0/+162
Applications are now provided the option to select the namespace they are to be attached to and the scope of their attachement. Application namespaces are meant to: 1) constrain the scope of communication through the network by association with source interfaces and/or fib tables that provide the source ips to be used and limit the scope of routing 2) provide a namespace local scope to session layer communication, as opposed to the global scope provided by 1). That is, sessions can be established without assistance from transport and network layers. Albeit, zero/local-host ip addresses must still be provided in session establishment messages due to existing application idiosyncrasies. This mode of communication uses shared-memory fifos (cut-through sessions) exclusively. If applications request no namespace, they are assigned to the default one, which at its turn uses the default fib. Applications can request access to both local and global scopes for a namespace. If no scope is specified, session layer defaults to the global one. When a sw_if_index is provided for a namespace, zero-ip (INADDR_ANY) binds are converted to binds to the requested interface. Change-Id: Ia0f660bbf7eec7f89673f75b4821fc7c3d58e3d1 Signed-off-by: Florin Coras <fcoras@cisco.com>
2017-10-10punt and drop features:Neale Ranns11-147/+1501
- new IPv4 and IPv6 feature arcs on the punt and drop nodes - new features: - redirect punted traffic to an interface and nexthop - police punted traffic. Change-Id: I53be8bf4e06545add8a3619e462de5ffedd0a95c Signed-off-by: Neale Ranns <nranns@cisco.com>
2017-10-09IP neighbour move incorrectly placed jump labelNeale Ranns1-2/+2
Change-Id: I19fdf13a4848306ee3841d822b832cba96c5bce5 Signed-off-by: Neale Ranns <nranns@cisco.com>
2017-10-09vppapigen: support per-file (major,minor,patch) version stampsDave Barach1-0/+2
Add one of these statements to foo.api: vl_api_version 1.2.3 to generate a version tuple stanza in foo.api.h: /****** Version tuple *****/ vl_api_version_tuple(foo, 1, 2, 3) Change-Id: Ic514439e4677999daa8463a94f948f76b132ff15 Signed-off-by: Dave Barach <dave@barachs.net> Signed-off-by: Ole Troan <ot@cisco.com>
2017-10-09NAT: hairpinning rework (VPP-1003)Matus Fabian1-1/+9
Change-Id: I7c6911cd6ac366fe62675fd0ff8b0246a25ea1db Signed-off-by: Matus Fabian <matfabia@cisco.com>
2017-10-05Distributed Virtual Router SupportNeale Ranns2-0/+6
A distributed virtual router works by attmpeting to switch a packet, but on failing to find a local consumer (i.e. the packet is destined to a locally attached host) then the packet is sent unmodified 'upstream' to where the rest of the 'distributed' router is present. When L3 switching a packet this means the L2 header must not be modifed. This patch adds a 'l2-bridge' object to the L3 FIB which re-injects packets from the L3 path back into the L2 path - use with extreme caution. Change-Id: I069724eb45956647d7980cbe40a80a788ee6ee82 Signed-off-by: Neale Ranns <nranns@cisco.com>
2017-10-04[aarch64] Fixes CLI crashes on dpaa2 platform.Christophe Fontaine5-9/+9
- always use 'va_args' as pointer in all format_* functions - u32 for all 'indent' params as it's declaration was inconsistent Change-Id: Ic5799309a6b104c9b50fec309cba789c8da99e79 Signed-off-by: Christophe Fontaine <christophe.fontaine@enea.com>
2017-10-03Repair vlib API socket serverDave Barach3-9/+26
- Teach vpp_api_test to send/receive API messages over sockets - Add memfd-based shared memory - Add api messages to create memfd-based shared memory segments - vpp_api_test supports both socket and shared memory segment connections - vpp_api_test pivot from socket to shared memory API messaging - add socket client support to libvlibclient.so - dead client reaper sends ping messages, container-friendly - dead client reaper falls back to kill (<pid>, 0) live checking if e.g. a python app goes silent for tens of seconds - handle ping messages in python client support code - teach show api ring about pairwise shared-memory segments - fix ip probing of already resolved destinations (VPP-998) We'll need this work to implement proper host-stack client isolation Change-Id: Ic23b65f75c854d0393d9a2e9d6b122a9551be769 Signed-off-by: Dave Barach <dave@barachs.net> Signed-off-by: Dave Wallace <dwallacelf@gmail.com> Signed-off-by: Florin Coras <fcoras@cisco.com>
2017-10-03Propagate duplicate IF addr add/del error up to API.Jon Loeliger1-1/+11
Identify and complain when the same IP prefix is assigned to two different SW interfaces: vpp# set int ip address TenGigabitEthernet6/0/0 1.2.3.4/32 vpp# set int ip address TenGigabitEthernet6/0/1 1.2.3.4/32 set interface ip address: Prefix 1.2.3.4/32 already found on interface TenGigabitEthernet6/0/0 Change-Id: I1aee1b6a7ddd00d3109a53d8e1b6ce97bf45e372 Signed-off-by: Jon Loeliger <jdl@netgate.com>
2017-09-26Add thread-safe event signaller, use RPC where requiredDave Barach1-2/+2
Update ping code to use the new function Change-Id: Ieb753b23f8402cbe5667c22747896784c8ece937 Signed-off-by: Florin Coras <fcoras@cisco.com> Signed-off-by: Dave Barach <dave@barachs.net>
2017-09-22IP-MAC,ND:wildcard events,fix sending multiple eventsEyal Bari2-20/+61
wildcard ND events publisher was sending the last event mutiple times Change-Id: I6c30f2de03fa825e79df9005a3cfaaf68ff7ea2f Signed-off-by: Eyal Bari <ebari@cisco.com>
2017-09-20tcp: add option to punt trafficPierre Pfister1-24/+42
Until now, if the stack didn't find a connection for a packet, it sent back a reset. With the punt option enabled, packets are now enqueued to error-punt where they can be handed off to the host os. Change-Id: I12dea8694b8bd24c92b0d601412928aa7b8046cb Signed-off-by: Florin Coras <fcoras@cisco.com> Signed-off-by: Pierre Pfister <ppfister@cisco.com>
2017-09-20Add ip6-local feature arcPierre Pfister3-7/+99
ip4-local feature arc existed but not ip6-local one. This patch also adds node name to the 'show ip local' command and fixes a minor include issue in vnet/ip/ip4.h file. Change-Id: I9bb8a7159917d58f89afcce974680de20d946a70 Signed-off-by: Pierre Pfister <ppfister@cisco.com>
2017-09-19Treat label=0 as an invalid next-hop-via-labelNeale Ranns1-1/+7
Change-Id: I831226111d26f5c8a795e0773e23fddcddfb1613 Signed-off-by: Neale Ranns <nranns@cisco.com>
2017-09-15dpdk: cli to check for buffer leakageFlorin Coras1-0/+1
Use buffer pre_data and existing buffer trace trajectory code to find out dpdk buffer leakages. Change-Id: I26a5d8bd2f23d01cb6070ffc3ddcc6d3d863b575 Signed-off-by: Florin Coras <fcoras@cisco.com>
2017-09-13Add a name to the creation of an IP and MPLS tableNeale Ranns4-20/+32
Change-Id: I4b4648831551519b2ffb6f93255d28a4b8726c22 Signed-off-by: Neale Ranns <nranns@cisco.com>
2017-09-11replace uint32_t with u32Neale Ranns3-7/+7
Change-Id: I6cab79c266837a8731adcf78c9e093dfa6be0ead Signed-off-by: Neale Ranns <nranns@cisco.com>
2017-09-11arp/glean: fix hash computationFlorin Coras1-1/+2
Change-Id: Ifef8a9328bb865f6ddb041bafe3699153f89755a Signed-off-by: Florin Coras <fcoras@cisco.com>
2017-09-11FIB table add/delete APINeale Ranns9-250/+453
part 2; - this adds the code to create an IP and MPLS table via the API. - but the enforcement that the table must be created before it is used is still missing, this is so that CSIT can pass. Change-Id: Id124d884ade6cb7da947225200e3bb193454c555 Signed-off-by: Neale Ranns <nranns@cisco.com>
2017-09-09move unix_file_* code to vppinfraDamjan Marion2-5/+5
This will allow us to use this code in client libraries without vlib. Change-Id: I8557b752496841ba588aa36b6082cbe2cd1867fe Signed-off-by: Damjan Marion <damarion@cisco.com>
2017-09-08PUNT: Missing include for readv()Marco Varlese1-0/+1
The missing header include was generating a compile-time error; src/vnet/ip/punt.c:460:10: error: implicit declaration of function 'readv' Change-Id: I3f74294e7824ea3602b8d416c86fdada1aac1906 Signed-off-by: Marco Varlese <marco.varlese@suse.com>
2017-09-05PUNT socket: External control plane processes connected via UNIX domain sockets.Ole Troan3-11/+555
An external (to VPP) process can register (over the VPP binary API) to receive control plane packets over a UNIX domain socket. The packets are prepended with a packet descriptor containing meta-data (if_index of interface, etc). Currently only UDP is supported. The socket supports sending of packets/frames as well. The sent packet is prepended with a descriptor, telling VPP to route the packet (via ip4-lookup, ip6-lookup) or as an pre-formed Ethernet frame that is sent directly to interface-output. The intended use case for this is for an external DHCP client or a RIP implementation. New configuration option: punt { socket <socket path> } To register use the punt_socket API message. TODO: - Add support for pre-routing. I.e send L3 packet to given TX interface, but do ARP/ND (ip[46]-rewrite) - Add test scripts - Support for abstract names (starting with \0) - Add rate limiting (COP) - Support for other protocols, e.g. IPv6 ND Change-Id: I4a0afc8020deebb3d9d74686dde694ee5bcb8d0f Signed-off-by: Ole Troan <ot@cisco.com>
2017-08-31Fix vent_data memory leak in function run_ping_ip46_address (VPP-966)dongjuan1-0/+1
Change-Id: I05d0c8310aa86480a3d283f45e115284c4b4ebd5 Signed-off-by: dongjuan <dong.juan1@zte.com.cn>
2017-08-22ping: remove unnecesary x86 intrinsics #includeDamjan Marion1-1/+0
This include file is present only on x86 so it breaks non-x86 builds. Change-Id: I6406b0b36f207b684535961545e95dbba707d267 Signed-off-by: Damjan Marion <damarion@cisco.com>
2017-08-19Fixed ip add bug for ip6 with review commentspragash1-4/+4
Change-Id: Ie1fba1a32020775444c7b1ed800e8559b54691ff Signed-off-by: pragash <pxv3620@rit.edu>
2017-08-16ip4: cleanup ip localFlorin Coras1-153/+85
Change-Id: I4f751b0181f25ec6c4abd3a9c7b0386d80743b3a Signed-off-by: Florin Coras <fcoras@cisco.com>
2017-08-16tcp: fix v6 sessionsroot1-54/+64
Change-Id: Ia6dd5e948b17b2f3866fe70838eabb09e35415e1 Signed-off-by: Dave Barach <dbarach@cisco.com> Signed-off-by: Florin Coras <fcoras@cisco.com>
2017-08-16NAT64: Fallback to 3-tuple key for non TCP/UDP sessions (VPP-884)Matus Fabian2-0/+123
Change-Id: I4cafc8291725feb499355092bd429433e649b5b2 Signed-off-by: Matus Fabian <matfabia@cisco.com>
2017-08-15IPv6 local-address for P2P ethernet interfacesPavel Kotucek1-1/+2
Change-Id: I87d3cb5754843f38593e92f60a39af2e5241d1cf Signed-off-by: Pavel Kotucek <pkotucek@cisco.com>
2017-08-14FIB table add/delete API onlyNeale Ranns2-0/+28
commit only the addition of the .api definition and their invocation through VAT so CSIT can use it Change-Id: Id510f14b1ce007fe5e92120507ea34100652fc64 Signed-off-by: Neale Ranns <nranns@cisco.com>
2017-08-11Fix tcp multi buffer segments retransmissionFlorin Coras1-5/+7
- Fix tcp/udp sw checksum computation - Fix allocation of multi buffer tcp segments for retransmits - Send FIN only if/when tx fifo is empty Change-Id: I2e43a14b87a72c9e547b4339b9a51811cf5732c4 Signed-off-by: Florin Coras <fcoras@cisco.com>
2017-08-09Allow multiple MPLS output labels to be passed on the CLINeale Ranns1-3/+10
Change-Id: Ib5af105e32b6b0df86923e189ab6bf6ee59de5b9 Signed-off-by: Neale Ranns <nranns@cisco.com>
2017-08-08L2 over MPLSNeale Ranns5-35/+41
[support for VPWS/VPLS] - switch to using dpo_proto_t rather than fib_protocol_t in fib_paths so that we can describe L2 paths - VLIB nodes to handle pop/push of MPLS labels to L2 Change-Id: Id050d06a11fd2c9c1c81ce5a0654e6c5ae6afa6e Signed-off-by: Neale Ranns <nranns@cisco.com>