aboutsummaryrefslogtreecommitdiffstats
path: root/src/vnet/ip
AgeCommit message (Collapse)AuthorFilesLines
2017-12-21fib: make deag entries urpf extemptFlorin Coras1-0/+5
Change-Id: Ie8f6bb4fcd3e4fa269e86a77d2f21c87f372b783 Signed-off-by: Florin Coras <fcoras@cisco.com>
2017-12-20VPP-1083 "ip punt redirect add" crashed if not mentioned any other parameterSwarup Nayak2-8/+28
Change-Id: Ibb6f450783d0ab64bd943c19f12d0954b0a94b24 Signed-off-by: Swarup Nayak <swarupnpvt@gmail.com>
2017-12-15Fix icmp/udp/tcp punt/drop pathsVijayabhaskar Katamreddy12-42/+49
Send packets to ip4/6_punt/drop nodes instead of error-drop/punt nodes dbarach: clean up an annoying checkstyle issue: indent 2.2.10 (OpenSUSE version) and indent 2.2.11 (Ubuntu / CentOS versions) had an artistic disagreement about ip_frag.c. Change-Id: I660bee28a064af9c6c70371363081e941d1c3a94 Signed-off-by: Vijayabhaskar Katamreddy <vkatamre@cisco.com> Signed-off-by: Dave Barach <dave@barachs.net>
2017-12-14VPP-1100 Fix loop in "set punt tcp/udp command"Swarup Nayak1-5/+17
Change-Id: I23081ea25a8d40d8ebe1fcb6efe4143e9c5a0fc6 Signed-off-by: Swarup Nayak <swarupnpvt@gmail.com>
2017-12-13IP bi-direction multicast - same cable check on egressNeale Ranns2-1/+17
Change-Id: I655382f7f74181dd7c795a2b22f151f76b50e793 Signed-off-by: Neale Ranns <nranns@cisco.com>
2017-12-13Separate heap for IPv4 mtriesNeale Ranns4-11/+56
Change-Id: I497e9f6489dd35219bcf2b51ac992467aac4c8eb Signed-off-by: Neale Ranns <nranns@cisco.com>
2017-12-12VPP-1092 Correcting ip punt delete flow, when recv if index valid but doesnt ↵Swarup Nayak2-4/+10
exist in configuration Change-Id: I01a69c4eef2c6224a24907b8fed12dcb1b642307 Signed-off-by: Swarup Nayak <swarupnpvt@gmail.com>
2017-12-11call unformat_free in some flow, remove unnecessary callsSwarup Nayak1-4/+12
Change-Id: I565277eafbce3d4f59a7f0d497fca1c4fed3cfc8 Signed-off-by: Swarup Nayak <swarupnpvt@gmail.com>
2017-12-08Remove the unused 'create VRF if needed' API parametersNeale Ranns1-3/+0
Change-Id: I35e166feeb0ac1e0e570efe07cb5f4cbeb5b8670 Signed-off-by: Neale Ranns <neale.ranns@cisco.com>
2017-12-08punt: fix tracing for partially traced chainsKlement Sekera1-4/+5
This fixes a crash if the first buffer in buffer chain is not traced, but some other buffer (mid-chain) is. Change-Id: I2c9f529ae0bc3263d20981e0cb83ce24ed292bd8 Signed-off-by: Klement Sekera <ksekera@cisco.com>
2017-12-07Corrected help string of show ip puntSwarup Nayak2-2/+2
Change-Id: I32ec3ff341e70ceaa6203df5a9e7c3ffdae20a06 Signed-off-by: Swarup Nayak <swarupnpvt@gmail.com>
2017-12-06UT: Repaired broken C unit tests (--enable-tests)Ole Troan1-9/+6
Change-Id: I63d720378b92813993525f80fee90fc79df27fba Signed-off-by: Ole Troan <ot@cisco.com>
2017-12-06Remove unused, uninteresting codeDave Barach1-347/+0
Move elog_sample.c to src/examples/vlib Change-Id: I7d32c83c424b9ca4a057372c7fc6a6e2b7dab034 Signed-off-by: Dave Barach <dave@barachs.net>
2017-11-29Add some indent-off to the node declarations in ip4-forwardNeale Ranns1-19/+42
Change-Id: Icab8f1411da22bd56ef0de3b100eaa9519a42f52 Signed-off-by: Neale Ranns <nranns@cisco.com>
2017-11-29Include allocated table memory in 'sh fib mem' outputNeale Ranns2-3/+10
DBGvpp# sh fib mem FIB memory Tables: SAFI Number Bytes IPv4 unicast 2 673066 IPv6 unicast 2 1054608 MPLS 1 4194312 IPv4 multicast 2 2322 IPv6 multicast 2 ??? Nodes: Name Size in-use /allocated totals Entry 96 20 / 20 1920/1920 Entry Source 32 0 / 0 0/0 Entry Path-Extensions 60 0 / 0 0/0 multicast-Entry 192 12 / 12 2304/2304 Path-list 40 28 / 28 1120/1120 uRPF-list 16 20 / 20 320/320 Path 72 28 / 28 2016/2016 Node-list elements 20 28 / 28 560/560 Node-list heads 8 30 / 30 240/240 Change-Id: I8c8f6f1c87502a40265bf4f302d0daef111a4a4e Signed-off-by: Neale Ranns <nranns@cisco.com>
2017-11-27Fix - sh ip fib mtrie sumNeale Ranns1-8/+13
Change-Id: I62a6ee78ee9ad73fd58a46fbdca54fd964fec113 Signed-off-by: Neale Ranns <nranns@cisco.com>
2017-11-26Fix session rule port endianness.Milan Lenco1-2/+2
Change-Id: I43a7ac5b6c33810a465568d1955f400f4ef08786 Signed-off-by: Milan Lenco <milan.lenco@pantheon.tech>
2017-11-18Rename classifier ip6-sr metadata set actionDave Barach1-1/+1
There's nothing ip6-sr specific about it. Change-Id: I9e3710162bd81b535c46599c988557abf5a5003b Signed-off-by: Dave Barach <dave@barachs.net>
2017-11-18unformat function for FIB pathsNeale Ranns1-147/+6
Change-Id: I32de25890ac0a643314f650591d2479879d9a2a6 Signed-off-by: Neale Ranns <nranns@cisco.com>
2017-11-14Ip6 dump not showing fib table names (VPP-1063)Neale Ranns1-5/+6
Change-Id: Idc7e7c35f17d514589d1264f1d1be664192ee586 Signed-off-by: Neale Ranns <neale.ranns@cisco.com>
2017-11-10Break up vpe.apiNeale Ranns5-1/+1375
- makes the VAPI generated file more consumable. - VOM build times improve. Change-Id: I838488930bd23a0d3818adfdffdbca3eead382df Signed-off-by: Neale Ranns <neale.ranns@cisco.com>
2017-11-10add classify session action set-sr-policy-indexGabriel Ganne1-0/+2
This allows to use the classifier to steer source routing packets instead of using the "sr steer" command. This way we can steer on anything instead of only the dst ip address. test: * add add_node_next function to the VppPapiProvider class. * add simple test scenario using the classifier to steer packets with dest ip addr == a7::/8 to the source routing insert node. * use new interface indexes (3,4) instead of (0,1) to prevent a cleanup conflict with the other tests which attach a specific fib to the interface. The test creates interfaces sepsrated from the other tests to prevent a conflict in the cleaning of the ip6 fib index 1 which causes vpp not to be able to find a default route on this table. Change-Id: Ibacb30fab3ce53f0dfe848ca6a8cdf0d111d8336 Signed-off-by: Gabriel Ganne <gabriel.ganne@enea.com>
2017-11-10Add sw_if_index to the ip_neighbor_details_t response.Jon Loeliger2-4/+9
When a DUMP with sw_if_index == ~0 is used to get all Neighbor entries for all interfaces, it is unclear in the details to which interface the neighbor belongs. Clear that up by returning the associated sw_if_index as well. Change-Id: Ib584a57138f7faceffed64d7c1854f7af92e0e42 Signed-off-by: Jon Loeliger <jdl@netgate.com>
2017-11-09BIERNeale Ranns2-19/+31
- see draft-ietf-bier-mpls-encapsulation-10 - midpoint, head and tail functions - supported payload protocols; IPv4 and IPv6 only. Change-Id: I59d7363bb6fdfdce8e4016a68a9c8f5a5e5791cb Signed-off-by: Neale Ranns <nranns@cisco.com>
2017-11-08punt: fix sendmsg() failure detectionKlement Sekera1-1/+1
Change-Id: Ia8941b7b90f14dd688aca215b2dae1cc5c8f4472 Signed-off-by: Klement Sekera <ksekera@cisco.com>
2017-11-08NAT64: fixed csum crash (VPP-1055)Matus Fabian2-28/+25
Change-Id: I28c8abe49c9858966a66530d3dc41c074c6901f3 Signed-off-by: Matus Fabian <matfabia@cisco.com>
2017-11-08ip: fix container proxy coverity warningFlorin Coras1-4/+7
Change-Id: I5e35921acb65157a3de8ea0c53b3a6fa5cfca044 Signed-off-by: Florin Coras <fcoras@cisco.com>
2017-11-07add tracing to udp punt codeKlement Sekera1-5/+58
Change-Id: I5f92e40d2fe08a05f51622143648433732141cf4 Signed-off-by: Klement Sekera <ksekera@cisco.com>
2017-11-07vnet: ip4/6_local-> don't drop TCP/UCP marked for cksum calc fixJakub Grajciar2-13/+13
Change-Id: Id14826eefe43168747c8ba69b3b600441a7d4047 Signed-off-by: Jakub Grajciar <Jakub.Grajciar@pantheon.tech>
2017-11-07UDP Encapsulation.Neale Ranns3-4/+30
A UDP-encap object that particiapates in the FIB graph and contributes DPO to teh output chain. It thereofre resembles a tunnel but without the interface. FIB paths (and henace routes) can then be created to egress through the UDP-encap. Said routes can have MPLS labels, hence this also allows MPLSoUPD. Encap is uni-directional. For decap, one still registers with the UDP port dispatcher. Change-Id: I23bd345523b20789a1de1b02022ea1148ca50797 Signed-off-by: Neale Ranns <nranns@cisco.com>
2017-11-07ip: add container proxy apiFlorin Coras4-20/+166
Change-Id: Id324a757517f85973097e20e2eb88d64ae0e931b Signed-off-by: Florin Coras <fcoras@cisco.com>
2017-11-03vnet: ip4/6_local->don't drop packet if marked for TCP/UDP offload cksum ↵Jakub Grajciar2-8/+26
calculation Change-Id: I62f625a93e5d818caef382316035cd5447bd8fef Signed-off-by: Jakub Grajciar <Jakub.Grajciar@pantheon.tech>
2017-11-03punt: free whole buffer chain if such is puntedKlement Sekera1-1/+1
Change-Id: I1326f21f0a00a201d2bdb55b73af14fca6ba8888 Signed-off-by: Klement Sekera <ksekera@cisco.com>
2017-11-01session: add support for proxying appsFlorin Coras1-1/+3
To enable this, applications set the proxy flag in their attach requests and pass the transport protocols they want to act as proxies for as part of the attach options. When proxy is enabled, session rules that point incoming packets to the proxy app are addedd to the local and global session tables, if these scopes are accessible to the app. In particular, in case of the former, the rule accepts packets from all sources and all ports destined to the namespace's supporting interface address on any port. While in case of the latter, a generic any destination and any port rule is addedd. Change-Id: I791f8c1cc083350f02e26a2ac3bdbbfbfa19ece3 Signed-off-by: Florin Coras <fcoras@cisco.com>
2017-10-31Refactor IP input checks for re-use at MPLS dispositionNeale Ranns4-257/+411
Change-Id: I7aafdecd6f370411138e6ab67b2ff72cda6e0666 Signed-off-by: Neale Ranns <nranns@cisco.com>
2017-10-29session: fix coverity warningsFlorin Coras1-3/+8
Change-Id: Ib87eccb853cafceea5f5513f6bb51c2364449afa Signed-off-by: Florin Coras <fcoras@cisco.com>
2017-10-28session: rules tablesFlorin Coras2-0/+118
This introduces 5-tuple lookup tables that may be used to implement custom session layer actions at connection establishment time (session layer perspective). The rules table build mask-match-action lookup trees that for a given 5-tuple key return the action for the first longest match. If rules overlap, ordering is established by tuple longest match with the following descending priority: remote ip, local ip, remote port, local port. At this time, the only match action supported is to forward packets to the application identified by the action. Change-Id: Icbade6fac720fa3979820d50cd7d6137f8b635c3 Signed-off-by: Florin Coras <fcoras@cisco.com>
2017-10-25L3 proxy FIB source for container networkingAndrew Yourtchenko1-0/+79
Change-Id: I4164c4c19c8dbfd73e6ddf94a12056325cc093b9 Signed-off-by: Neale Ranns <nranns@cisco.com> Signed-off-by: Andrew Yourtchenko <ayourtch@gmail.com>
2017-10-24Add extern to *_main global variable declarations in header files.Dave Wallace4-2/+6
- Global variables declared in header files without the use of the 'extern' keword will result in multiple instances of the variable to be created by the compiler -- one for each different source file in which the the header file is included. This results in wasted memory allocated in the BSS segments as well as potentially introducing bugs in the application. Change-Id: I6ef1790b60a0bd9dd3994f8510723decf258b0cc Signed-off-by: Dave Wallace <dwallacelf@gmail.com>
2017-10-19Remove unused 'not_last' parameter from ip_add_del_routeMarek Gradzki1-3/+0
Vat supports setting value for the parameter, but 'not_last' is ignored by ip_add_del_route handler, so can be removed. This patch - updates ip.api, - removes vat handlers - updates vpp_papi_provider.py (also mpls_route_add_del with unused not_last) Change-Id: Ife15de123db4bc8247103a29b90bce1988e46534 Signed-off-by: Marek Gradzki <mgradzki@cisco.com>
2017-10-18VPP-930: add missing ntohl to send_ip6_fib_details(...)Dave Barach1-1/+1
Change-Id: I0c1671f3eaf2dad084e3ac9fb124c9ed78273f50 Signed-off-by: Dave Barach <dave@barachs.net>
2017-10-16udp: refactor udp codeFlorin Coras2-12/+46
Change-Id: I44d5c9df7c49b8d4d5677c6d319033b2da3e6b80 Signed-off-by: Florin Coras <fcoras@cisco.com>
2017-10-15ip: avoid arp assert if out of buffers (VPP-1030)Florin Coras1-0/+4
Change-Id: Ia31b978c6c1619c3e0075a84fcbbb6ccbf1c0076 Signed-off-by: Florin Coras <fcoras@cisco.com>
2017-10-15Revert "Enforce FIB table creation before use"Florin Coras2-3/+37
This reverts commit f9342023c19887da656133e2688a90d70383b0c5. Reverting to unblock master. No idea why jjb +1ed this patch! On closer inspection it looks like it -1ed it and subsequently changed opinion. CSIT tests should be fixed before re-merging. Change-Id: I26608912a962c52083073e16c7c9d2cc44a3cc8d Signed-off-by: Florin Coras <fcoras@cisco.com>
2017-10-14Source Lookup progammable via APINeale Ranns2-0/+9
Change-Id: I5d5d4f22b6369d504455a644f73076d772fbcfb4 Signed-off-by: Neale Ranns <nranns@cisco.com>
2017-10-13Enforce FIB table creation before useNeale Ranns2-37/+3
last i the serise of the use of the FIB table create/delete API. VPP now forces the tables to have been explicitly creted before they are used. Change-Id: Ifde3b1bbb76697a01ab71bce4f5264e6d1725467 Signed-off-by: Neale Ranns <nranns@cisco.com>
2017-10-13VPP-1027: DNS name resolverDave Barach1-0/+3
This patch is a plausible first-cut, suitable for initial testing by vcl (host stack client library). Main features; - recursive name resolution - multiple ip4/ip6 name servers - cache size limit enforcement - currently limited to 65K - ttl / aging - static mapping support - show / clear / debug CLI commands Binary APIs provided for the following: - add/delete name servers - enable/disable the name cache - resolve a name To Do list: - Respond to ip4/ip6 client DNS requests (vs. binary API requests) - Perf / scale tuning - map pending transaction ids to pool indices, so the cache can (greatly) exceed 65K entries - Security improvements - Use unpredictable dns transaction IDs, related to previous item - Make sure that response-packet src ip addresses match the server - Add binary APIs - deliver raw response data to clients - control recursive name resolution - Documentation Change-Id: I48c373d5c05d7108ccd814d4055caf8c75ca10b7 Signed-off-by: Dave Barach <dave@barachs.net>
2017-10-10session: add support for application namespacingFlorin Coras4-0/+162
Applications are now provided the option to select the namespace they are to be attached to and the scope of their attachement. Application namespaces are meant to: 1) constrain the scope of communication through the network by association with source interfaces and/or fib tables that provide the source ips to be used and limit the scope of routing 2) provide a namespace local scope to session layer communication, as opposed to the global scope provided by 1). That is, sessions can be established without assistance from transport and network layers. Albeit, zero/local-host ip addresses must still be provided in session establishment messages due to existing application idiosyncrasies. This mode of communication uses shared-memory fifos (cut-through sessions) exclusively. If applications request no namespace, they are assigned to the default one, which at its turn uses the default fib. Applications can request access to both local and global scopes for a namespace. If no scope is specified, session layer defaults to the global one. When a sw_if_index is provided for a namespace, zero-ip (INADDR_ANY) binds are converted to binds to the requested interface. Change-Id: Ia0f660bbf7eec7f89673f75b4821fc7c3d58e3d1 Signed-off-by: Florin Coras <fcoras@cisco.com>
2017-10-10punt and drop features:Neale Ranns11-147/+1501
- new IPv4 and IPv6 feature arcs on the punt and drop nodes - new features: - redirect punted traffic to an interface and nexthop - police punted traffic. Change-Id: I53be8bf4e06545add8a3619e462de5ffedd0a95c Signed-off-by: Neale Ranns <nranns@cisco.com>
2017-10-09IP neighbour move incorrectly placed jump labelNeale Ranns1-2/+2
Change-Id: I19fdf13a4848306ee3841d822b832cba96c5bce5 Signed-off-by: Neale Ranns <nranns@cisco.com>