summaryrefslogtreecommitdiffstats
path: root/src/vnet/ip
AgeCommit message (Collapse)AuthorFilesLines
2017-04-01ARP/ND/API:fix arp reg + nd no identical regsEyal Bari1-55/+38
fixed arp registration without allocating the event added protection against identical ND registrations Change-Id: I4e2db4913b35d895d8686ada1f0818920f276ad6 Signed-off-by: Eyal Bari <ebari@cisco.com>
2017-04-01MTRIE Optimisations 2Neale Ranns8-296/+526
1) 16-8-8 stride. Reduce trie depth walk traded with increased memory in the top PLY. 2) separate the vector of protocol-independent (PI) fib_table_t with the vector of protocol dependent (PD) FIBs. PD FIBs are large structures, we don't want to burn the memory for ech PD type 3) Go straight to the PD FIB in the data-path thus avoiding an indirection through, e.g., a PLY pool. Change-Id: I800d1ed0b2049040d5da95213f3ed6b12bdd78b7 Signed-off-by: Neale Ranns <nranns@cisco.com>
2017-03-30VPP-669: ping: fix coverity check error 165075 + add ping testcaseAndrew Yourtchenko1-1/+1
Fix the bug and add the unit test to start with ping test coverage Change-Id: Ibeacbed1f1660e677faa2dbb2ebe386216693e96 Signed-off-by: Andrew Yourtchenko <ayourtch@gmail.com>
2017-03-30BRIDGE-DOMAIN:enable arp term,mac/ip learning on local intsEyal Bari2-7/+4
we should not suppress arps on remote interface instead we should flood them to the local one used shg != 0 to identify packets from remote interfaces and disable arp term l2 input feature for them Change-Id: I701537c05df7451a25ccb5bfc9e2b03ea70cff20 Signed-off-by: Eyal Bari <ebari@cisco.com>
2017-03-29IP lookup: remove used stack variablesNeale Ranns1-21/+5
Change-Id: I19b16d3e04a187ffe736fae868941957c70edf62 Signed-off-by: Neale Ranns <nranns@cisco.com>
2017-03-29Mtrie optimisationsNeale Ranns5-222/+191
1 - make the default route non-special, i.e. like any other less specific route. Consequently, all buckets have a valid valid index of either a leaf or a ply. Checks for special indeices in the data-path can thus be removed. 2 - since all leaves are now 'real' i.e. they represent a real load-balance object, to tell if a ply slot is 'empty' requeirs chekcing that the prefix length of the leaf occupying the slot is slot than the minium value for that ply. 3 - when removing a leaf find the cover first, then recurse down the ply and replace the old leaf with the cover. This saves us a ply walk. Change-Id: Idd523019e8bb1b6ef527b1f5279a5e24bcf18332 Signed-off-by: Neale Ranns <nranns@cisco.com>
2017-03-29Sub-net broadcast addresses for IPv4Neale Ranns1-3/+70
Change-Id: Ib2189d01e8bc61de57404159690fb70f89c47277 Signed-off-by: Neale Ranns <nranns@cisco.com>
2017-03-27Mcast rewrite no memcpyNeale Ranns4-27/+29
use a 32bit mask in the adjacency to AND with the IP address and OR into the rewrite. Change-Id: I80b0f246c18fd74f3e43c5d49e25833412f34665 Signed-off-by: Neale Ranns <nranns@cisco.com>
2017-03-22ping: allow the user to send bursts of N packets instead of single packetAndrew Yourtchenko1-10/+42
Change-Id: I3c1d3a2db56487473123e6fec2b076a063473313 Signed-off-by: Andrew Yourtchenko <ayourtch@gmail.com>
2017-03-1764 bit per-thread countersNeale Ranns1-17/+19
after: TenGigabitEthernet5/0/1-output active 107522 17375708 0 7.22e0 161.60 TenGigabitEthernet5/0/1-tx active 107522 17375708 0 6.93e1 161.60 ip4-input-no-checksum active 107522 17375708 0 2.52e1 161.60 ip4-lookup active 107522 17375708 0 3.10e1 161.60 ip4-rewrite active 107522 17375708 0 2.52e1 161.60 before TenGigabitEthernet5/0/1-output active 433575 110995200 0 6.95e0 256.00 TenGigabitEthernet5/0/1-tx active 433575 110995200 0 7.14e1 256.00 ip4-input-no-checksum active 433575 110995200 0 2.66e1 256.00 ip4-lookup active 433575 110995200 0 3.29e1 256.00 ip4-rewrite active 433575 110995200 0 2.59e1 256.00 Change-Id: I46405bd22189f48a39f06e3443bb7e13f410b539 Signed-off-by: Neale Ranns <nranns@cisco.com>
2017-03-17Fix IP feature ordering.Neale Ranns1-17/+12
Drop comes before lookup when enabled. is_first_or_last is not required when setting a feature, the anchor is added in find_config_with_features(). Don't make the PG interfaces automatically L3 enabled, this way we can have tests that check the L3 protocol disbaled behaviour. Change-Id: Icef22a920b27ff9cec6ab2da6b05f05c532cb60f Signed-off-by: Neale Ranns <nranns@cisco.com>
2017-03-17Cache a 'has-features' flag on the adjacency for faster access. Reclaim the ↵Neale Ranns3-21/+29
node_index memeber from the rewrite for space - this is only used for formtting before: ip4-rewrite * * * * 2.66e1 256.00 after: ip4-rewrite * * * * 2.40e1 256.00 Change-Id: Ic397150727cad38811564777419ad6bd26b8a3a6 Signed-off-by: Neale Ranns <nranns@wasa-ucs-11.cisco.com>
2017-03-16ping: Fix coverity error 163907Andrew Yourtchenko2-0/+6
Return an error if the ip6_interface_first_address decides to return NULL. Change-Id: Iea0184382b8fbe2af81a781c3671687a1fbb5b32 Signed-off-by: Andrew Yourtchenko <ayourtch@gmail.com>
2017-03-15VXLAN:add hidden multicast interface checkEyal Bari1-6/+8
and some refactoring Change-Id: I99e3c5e782ce65cb9779ccc3a9a3151ef1429e07 Signed-off-by: Eyal Bari <ebari@cisco.com>
2017-03-14ioam: ip6 hop by hop ext header and SR header co-existenceshwethab1-1/+1
1. Fix finding sr extension header 2. Fix for assert checks for space for sr header in packet headroom 3. ioam build warnings 4. Fix for SR header removal in presence of hbh ext header clib_memcpy with overlapping src/dst was failing Change-Id: I8576204eb571d1d4725a4e6976e18fe61cd1cd35 Signed-off-by: shwethab <shwetha.bhandari@gmail.com>
2017-03-09IMplementation for option to not create a FIB table entry when adding a ↵Neale Ranns3-27/+52
neighbor entry Change-Id: I952039e101031ee6a06e63f4c73d8eb359423e1a Signed-off-by: Neale Ranns <nranns@cisco.com>
2017-03-08ARP resilience in the absence of IP config on input and output interfacesNeale Ranns1-0/+15
Change-Id: Ia9c6790436f8f6337b5351e3017ef5e441a8a4e9 Signed-off-by: Neale Ranns <nranns@cisco.com> (cherry picked from commit 5e323329ed6ded6f6944c56069329207ad9069c0)
2017-03-08API change (only) to not create a FIB table entry when adding a neighbor entryNeale Ranns1-1/+6
Change-Id: I1a8edaf1e0fca89e5d24d57dbb186ee46801f661 Signed-off-by: Neale Ranns <nranns@cisco.com>
2017-03-08BUG: multiple registrations of 'vl_api_ip6nd_proxy_details_t_handlerNeale Ranns1-7/+0
Change-Id: I70e32b2196bfc8712d270f9a4365daca2504d52d Signed-off-by: Neale Ranns <nranns@cisco.com>
2017-03-08Proxy ND (RFC4389 - or a sub-set thereof). This allows the 'emulation' of ↵Neale Ranns6-62/+324
bridging. That is hosts in one sub-net reachable via differenet interfaces. Introducate a new API command: ip6 nd proxy <host-address> <interface> this indicates 2 things; 1) that host <host-address> is reachable out of interface <interface>. VPP will thus install that route. 2) NS requests sent to <host-address> will be responeded to (i.e. proxied). Change-Id: I863f967fdb5097ab3b574769c70afdbfc8d5478a Signed-off-by: Neale Ranns <nranns@cisco.com>
2017-03-07Register TCP with IP only if session is enabledFlorin Coras1-1/+2
Change-Id: I73154179e78aeae5f879125237bce593d0978fae Signed-off-by: Florin Coras <fcoras@cisco.com>
2017-03-07DHCP Multiple Servers (VPP-602, VPP-605)Neale Ranns1-0/+2
Multiple DHCP (4 and/or 6) servers can be added and removed through multiple calls to the 'set dhcp server' API. All 4/6/ discover/solicit messages will then be replicated to all servers in the list. The expectation is that the servers/system is configured in such a way that this is viable. If VSS information is providied for the clinet VRF which also has multiple servers configured, then the same VSS information is sent to each server. Likewise the source address of packets sent to from VPP to each server is the same. Change-Id: I3287cb084c84b3f612b78bc69cfcb5b9c1f8934d Signed-off-by: Neale Ranns <nranns@cisco.com>
2017-03-07In-band OAM active probe (VPP-471)AkshayaNadahalli3-32/+63
Change-Id: Icf0ddf76ba1c8b588c79387284cd0349ebc6e45f Signed-off-by: AkshayaNadahalli <anadahal@cisco.com>
2017-03-07make per-adj counters configurableNeale Ranns2-33/+67
Change-Id: Ifdd2b204ecf7d855f1269c11224b9c825311904d Signed-off-by: Neale Ranns <nranns@cisco.com>
2017-03-07Fixing loadbalancing over ECMP for recursive routesAkshayaNadahalli2-12/+10
Change-Id: Ibe1734aeb94bc17cd8d8bc6f35ca7b780aaa9599 Signed-off-by: AkshayaNadahalli <anadahal@cisco.com>
2017-03-06ioam: manycast using iOAM and SR (VPP-628)Shwetha Bhandari2-74/+122
Change-Id: I6d2afda991d771fb4a89fc3f6544f8e940a9b9f0 Signed-off-by: Shwetha Bhandari <shwethab@cisco.com>
2017-03-04Evolving SRv6 (Segment Routing for IPv6)Pablo Camarillo1-3/+30
Implements: 1.- SR Policies with several (weighted) SID lists 2.- Binding SID 3.- SR LocalSIDs with support for the following functions - End - End.X - End.DX6 - End.DX4 - End.DX2 - End.DT6 - End.DT2 - End.B6 - End.B6.Encaps 4.- SR Steering policies (to steer a traffic through an SR Policy) - Support for IPv6 traffic (IPv6 Encapsulation / SRH insertion) - Support for IPv4 traffic (IPv6 Encapsulation) - Support for L2 traffic (T.Insert / T.Encaps) 5.- Doxygen documentation 6.- Framework (APIs) to allow the definition of new SR LocalSID behaviors by means of plugins 7.- Sample SRv6 LocalSID plugin Change-Id: I2de3d126699d4f11f54c0f7f3b71420ea41fd389 Signed-off-by: Pablo Camarillo <pcamaril@cisco.com>
2017-03-03IPv6 RA improvementsNeale Ranns2-157/+123
1) tests for RA options 2) memleaks deleteing a ip6_radv_info_t 3) MLD prefix code refactoring Change-Id: I34db103994bd8fbdbbec50b202d72770dd145681 Signed-off-by: Neale Ranns <nranns@cisco.com>
2017-03-03Changing the IP table for an interface is an error if the interface already ↵Neale Ranns4-43/+76
has an address configured (VPP-601) Change-Id: I311fc264f73dd3b2b3ce9d7d1c33cd0515b36c4a Signed-off-by: Neale Ranns <nranns@cisco.com>
2017-03-02Clean up binary api message handler registration issuesDave Barach1-83/+0
Removed a fair number of "BUG" message handlers, due to conflicts with actual message handlers in api_format.c. Vpp itself had no business receiving certain messages, up to the point where we started building in relevant code from vpp_api_test. Eliminated all but one duplicate registration complaint. That one needs attention from the vxlan team since the duplicated handlers have diverged. Change-Id: Iafce5429d2f906270643b4ea5f0130e20beb4d1d Signed-off-by: Dave Barach <dave@barachs.net>
2017-03-02Remove the unused VRF ID parameter from the IP neighbour Add/Del APINeale Ranns1-2/+0
Change-Id: Icf0d72f6af1f98c86f78e586c354515ac69804aa Signed-off-by: Neale Ranns <nranns@cisco.com>
2017-03-01VPP-598: tcp stack initial commitDave Barach15-1683/+220
Change-Id: I49e5ce0aae6e4ff634024387ceaf7dbc432a0351 Signed-off-by: Dave Barach <dave@barachs.net> Signed-off-by: Florin Coras <fcoras@cisco.com>
2017-02-22VPP-635: CLI Memory leak with invalid parameterBilly McFall4-22/+60
In the CLI parsing, below is a common pattern: /* Get a line of input. */ if (!unformat_user (input, unformat_line_input, line_input)) return 0; while (unformat_check_input (line_input) != UNFORMAT_END_OF_INPUT) { if (unformat (line_input, "x")) x = 1; : else return clib_error_return (0, "unknown input `%U'", format_unformat_error, line_input); } unformat_free (line_input); The 'else' returns if an unknown string is encountered. There a memory leak because the 'unformat_free(line_input)' is not called. There is a large number of instances of this pattern. Replaced the previous pattern with: /* Get a line of input. */ if (!unformat_user (input, unformat_line_input, line_input)) return 0; while (unformat_check_input (line_input) != UNFORMAT_END_OF_INPUT) { if (unformat (line_input, "x")) x = 1; : else { error = clib_error_return (0, "unknown input `%U'", format_unformat_error, line_input); goto done: } } /* ...Remaining code... */ done: unformat_free (line_input); return error; } In multiple files, 'unformat_free (line_input);' was never called, so there was a memory leak whether an invalid string was entered or not. Also, there were multiple instance where: error = clib_error_return (0, "unknown input `%U'", format_unformat_error, line_input); used 'input' as the last parameter instead of 'line_input'. The result is that output did not contain the substring in error, instead just an empty string. Fixed all of those as well. There are a lot of file, and very mind numbing work, so tried to keep it to a pattern to avoid mistakes. Change-Id: I8902f0c32a47dd7fb3bb3471a89818571702f1d2 Signed-off-by: Billy McFall <bmcfall@redhat.com> Signed-off-by: Dave Barach <dave@barachs.net>
2017-02-20CLI extension to add multiple (S,G)s at once and time itNeale Ranns1-10/+76
Change-Id: Id17060fd0e8ac80c8cf1999b0b82d0241b3b969a Signed-off-by: Neale Ranns <nranns@cisco.com>
2017-02-20Python test IP and MPLS objects conform to infra.Neale Ranns2-2/+308
Add IP[46] MFIB dump. Change-Id: I4a2821f65e67a5416b291e4912c84f64989883b8 Signed-off-by: Neale Ranns <nranns@cisco.com>
2017-02-17Remove duplicate ip6 get interface address codeNeale Ranns3-27/+7
Change-Id: I5e0057b36bc4221e688a27fc1c0f602f78132991 Signed-off-by: Neale Ranns <nranns@cisco.com>
2017-02-16Fix crash on deleting previously activated IPv6 interface - VPP-636Wojciech Dec1-0/+4
RADV Pool index was not getting updated Change-Id: I2d2f14c56f51034d39049d1c7e13c248180a865f Signed-off-by: Wojciech Dec <wdec@cisco.com>
2017-02-15BFD: loop back echo packetsKlement Sekera1-2/+4
Change-Id: I772b63ac25ebfccaff9ab9d8d0b1445e85f21df7 Signed-off-by: Klement Sekera <ksekera@cisco.com>
2017-02-15Fix bug in definition of tcp_header_tJuraj Sloboda1-1/+4
Change-Id: Ic814b805ef77913ffe86f82c009602c75258acfb Signed-off-by: Juraj Sloboda <jsloboda@cisco.com>
2017-02-13Out-of-tree Build Error fixAkshayaNadahalli1-0/+20
File vnet/fib/fib_urpf_list.h was included in vnet/fib/ip6_fib.h but was exported to be installed in /usr/include/vnet. So out-of-tree builds relying on an installed package was failing. Fix is to inlcude fib_urpf_list.h in source file rather than including it in header file. Change-Id: Iae39c1d9417dbd31ee67fa1bd2d1915d5e813c73 Signed-off-by: AkshayaNadahalli <anadahal@cisco.com>
2017-02-13Augment IP_DETAILS, IP_ADDRESS_DETAILS with a few context fields.Jon Loeliger2-5/+15
When handling the IP_DETAILS and IP_ADDRESS_DETAILS replies, it is almost certainly going to require having both the is_ipv6 and sw_if_index context to handle them properly. Placing these values in an essentially global location as the current VAT does isn't thread-safe. Fruthermore, rather than forcing every API user to hoop-jump to establish these context values, simply provide them in their DETAILS reply messages. Change-Id: I6a9e0cb16ecdbf87fca8fc5c7663e98d3a53c26c Signed-off-by: Jon Loeliger <jdl@netgate.com>
2017-02-13VPP-632 : InBand OAM AnalyserAkshayaNadahalli5-41/+29
Refer to jira ticket for more details. Change-Id: I6facb9ef8553a21464f9a2e612706f152badbb68 Signed-off-by: AkshayaNadahalli <anadahal@cisco.com>
2017-02-08Fix source address reachability check for ip6 local packetsAkshayaNadahalli1-6/+3
Currently ip6 local check fails with error - source lookup miss if route to source of packet is over a dpo object such as load balance - recurssive route, tunnel adj - GRE, SR etc. So unless packet source is of a directly connected neibhor or has route with both interface and nexthop specified, it will be dropped. Fix is to check urpf list and if at least one link exists in the list, then allow packets to be processed, else drop. Change-Id: Id426311bb63bab506754a79409c602fdb6d0f190 Signed-off-by: AkshayaNadahalli <anadahal@cisco.com>
2017-02-03Fix CLI help message for set ip addressMatej Klotton1-1/+1
Change-Id: Ie39bb26a9aea88cf2768ec537adcdd8df1de3be0 Signed-off-by: Matej Klotton <mklotton@cisco.com>
2017-01-31Add vxlan-bypass feature to IP6 forwarding pathJohn Lo2-1/+12
Add vxlan-bypass feature which can be enabled on the IP6 underlay interface which receive VXLAN packets to accelerate VXLAN decap processing. The CLI to enable/disable it is: set interface ip6 vxlan-bypass <interface> [del] The vxlan-bypass feature is already supported on the IP4 underlay interface. The CLI to enable/disable it is: set interface ip vxlan-bypass <interface> [del] Move vxlan-bypass API/CLI support code from decap.c to vxlan.c. Also fixed two issues in the VXLAN decap path in the vxlan-input node: 1. Add verification of VXLAN packet FIB index with the encap-vrf-id of the VXLAN tunnel. 2. Fix checking of VXLANoIPv6 packet mcast DIP against that of the IP6 mcast VXLAN tunnel. Change-Id: I2bad4074a468c48fbb8bb5ac64f6437190756ed2 Signed-off-by: John Lo <loj@cisco.com>
2017-01-30VPP-621: ping: ICMP echo data size must be bounded by VLIB_BUFFER_DATA_SIZE ↵Andrew Yourtchenko2-29/+46
minus headers. Before the commit 878c6098 the VLIB_BUFFER_DATA_SIZE was different depending on whether building "vpp" or "vpp_lite", resulting in an overrun in vpp_lite build. Avoid the hardcoded value and make the upper bound for ICMP echo data size dependent on the buffer size. Change-Id: Id6c4d7fc73766a95af2610eb237881b5fe9ce9aa Signed-off-by: Andrew Yourtchenko <ayourtch@gmail.com>
2017-01-27IP Multicast FIB (mfib)Neale Ranns11-489/+840
- IPv[46] mfib tables with support for (*,G/m), (*,G) and (S,G) exact and longest prefix match - Replication represented via a new replicate DPO. - RPF configuration and data-plane checking - data-plane signals sent to listening control planes. The functions of multicast forwarding entries differ from their unicast conterparts, so we introduce a new mfib_table_t and mfib_entry_t objects. However, we re-use the fib_path_list to resolve and build the entry's output list. the fib_path_list provides the service to construct a replicate DPO for multicast. 'make tests' is added to with two new suites; TEST=mfib, this is invocation of the CLI command 'test mfib' which deals with many path add/remove, flag set/unset scenarios, TEST=ip-mcast, data-plane forwarding tests. Updated applications to use the new MIFB functions; - IPv6 NS/RA. - DHCPv6 unit tests for these are undated accordingly. Change-Id: I49ec37b01f1b170335a5697541c8fd30e6d3a961 Signed-off-by: Neale Ranns <nranns@cisco.com>
2017-01-25[re]Enable per-Adjacency/neighbour countersNeale Ranns2-29/+37
Change-Id: I953b3888bbc6d8a5f53f684a5edc8742b382f323 Signed-off-by: Neale Ranns <nranns@cisco.com>
2017-01-24ping: fix double-free crash under VMWare hypervisorAndrew Yourtchenko1-2/+2
bi0 retrieval from the ping reply events vector was incorrectly done always from the first element. For TBD reason the sending of the ping requests under VMWare was batched, as a result the replies arrive close enough to make the events arrive as an array, which exposed this bug. KVM never exhibited this behavior, which explains not seeing this issue there. Change-Id: I485d6f983571e25baa9407c21ef604937586d8bd Signed-off-by: Andrew Yourtchenko <ayourtch@gmail.com>
2017-01-16LISP: Enhance IPx offset computingFilip Tehlar1-0/+5
Change-Id: I0ccb0db73bcf4e2a282cabd4ebbe49599fa8ee7c Signed-off-by: Filip Tehlar <ftehlar@cisco.com>