summaryrefslogtreecommitdiffstats
path: root/src/vnet/ip
AgeCommit message (Collapse)AuthorFilesLines
2022-03-04ip: rate-limit the sending of ICMP error messagesNeale Ranns2-2/+58
Type: improvement For error conditions, such as TTL expired, dest unreach, etc, Rate limit the sending of ICMP error messages. The rate limiting is done based on src,dst IP address of the received packet. the rate limit has been chosen, somewhat arbitrarily, to be 1e-3. This is the same limit as the ARP throttling. Signed-off-by: Neale Ranns <neale@graphiant.com> Change-Id: I4a0b791cde8c941a9bf37de6aa5da56779d3cef4
2022-03-04ip: fix overflow in ip6_ext_header_walkBenoît Ganne1-1/+1
ip6_ext_hdr_chain_t->eh is IP6_EXT_HDR_MAX elements. Type: fix Change-Id: I28b8d610d8f5c0c520c8391c37b86e837655ab12 Signed-off-by: Benoît Ganne <bganne@cisco.com>
2022-03-03ip: Path MTU DPO allocation function is publicNeale Ranns2-7/+23
Type: refactor check for pool expansion in the DPO allocation, just in case. Signed-off-by: Neale Ranns <neale@graphiant.com> Change-Id: I6ba7dd66313630d3f24a51700ab4486ba43d856b
2022-02-17ip: Move the IPv6 echo responder into the ping pluginNeale Ranns1-187/+0
Type: refactor To be consistent with the location of the IPv4 responder Signed-off-by: Neale Ranns <neale@graphiant.com> Change-Id: Ie3a5c3ecc10755317591d7ff57b74770c2798e77
2022-02-15tcp: Do not include the tcp_packet.h file in the ip4_packet.hNeale Ranns3-96/+2
Type: refactor IP4 does not depend on TCP (it's the other way around). This upside down dependency leads to some nasty circular includes when trying to use ip46_address.h in interface.h Signed-off-by: Neale Ranns <neale@graphiant.com> Change-Id: I4a1bd21543b08b9c1cf1e5563da738414734a878
2022-02-07igmp: make sure fib_index is set before delivering to ip4-localBenoît Ganne1-0/+2
IGMP packets with Router Alert option are delivered to ip4-local without going through ip4-lookup. Make sure fib_index is initialized properly. Type: fix Change-Id: Iab090a33c4c759b6d7f68c28a0b3f4da7a9de864 Signed-off-by: Benoît Ganne <bganne@cisco.com>
2022-02-03ip nat: use ip rx sw_if_index in ip-local arc startFlorin Coras2-9/+8
This also changes the behavior of the nat44-ei hairpinning feature. Rather then enabling the feature on every nat interface, it is enabled only on local0. Type: improvement Signed-off-by: Filip Varga <fivarga@cisco.com> Signed-off-by: Florin Coras <fcoras@cisco.com> Change-Id: I4e16a83c9e328aa75fc61df508b620ef743ca775
2022-01-31ip: reassembly - add a way to disable for forusKlement Sekera11-34/+305
Add API to disable full reassembly of "forus" packets. Mark packets passing through ip[4|6]-local nodes with a new buffer flag and check for that flag in reassembly. Enable IP6 "forus" full reassembly by default to be consistent with existing IP4 setting. Type: improvement Change-Id: I7067792fcd4304182654237968e4c4d9293c6143 Signed-off-by: Klement Sekera <ksekera@cisco.com>
2022-01-31ip: fix length calculation in ip6-receiveKlement Sekera1-1/+1
Replace unconditional usage of buffer->total_length_not_including_first_buffer with a logic checking whether that length is set to a valid value. Type: fix Fixes: 17478e4eb81d384f171ca27c9110a051cd434f16 Signed-off-by: Klement Sekera <ksekera@cisco.com> Change-Id: I161d0957d62cc23826edd821aa5560bcfc5c1a33
2022-01-25ip: reassembly - fix missing ip6 owner thread initKlement Sekera1-0/+1
Initialize ip6 memory owner thread index in reassembly context to avoid unnecessary handovers. Type: fix Fixes: 630ab5846bceddf8d663e9f488a2dc0378949827 Signed-off-by: Klement Sekera <ksekera@cisco.com> Change-Id: I2996caf1f82a0649c97d481b74dce24a96dce326
2022-01-12ip: coverity illegal access in ip6_ext_header_walkOle Troan1-9/+2
*** CID 243670: Memory - illegal accesses (OVERRUN) /src/vnet/ip/ip6_packet.h: 713 in ip6_ext_header_walk() CID 243670: Memory - illegal accesses (OVERRUN) Overrunning array "res->eh" of 4 4-byte elements at element index 5 (byte offset 23) using index "i" (which evaluates to 5). Type: fix Fixes: 03092c1 Change-Id: I27e0435cf10534f3b41e11bf7a5629b5428b0651 Signed-off-by: Ole Troan <ot@cisco.com>
2022-01-09fib: multiple memory leaks upon deleting a VRF tableSteven Luong1-0/+1
fib_table->ft_locks name string for parsing the ip table add|del name <tag> command path list for ip4_specials in mfib mfib->fib_entry_by_dst_address[0..32] mfib entry path_ext, msrc->mfes_exts Type: fix Signed-off-by: Steven Luong <sluong@cisco.com> Change-Id: Ia1e0cac577a73608ee1e4b1664b60a66322e81ce
2021-12-24ip: remove archaic vector code from mtrieDamjan Marion2-86/+12
Type: improvement Change-Id: Ib39478a2e6991d721c4ba3ea61c97bfb07238016 Signed-off-by: Damjan Marion <damarion@cisco.com>
2021-12-20ip: SVR fix race conditionKlement Sekera2-2/+14
There could be a race condition where two fragments of one chain end up at the same time on different workers, one overwriting others hash entry. Add a check for that and restart processing on the unlucky worker who ends up being second from hash table POV. This will then result in a proper handover to worker now owning this reassembly. Type: fix Fixes: de34c35fc73226943538149fae9dbc5cfbdc6e75 Signed-off-by: Klement Sekera <ksekera@cisco.com> Change-Id: I9eb29c5cb1ffe3b5eb1d5a638e17ab7ba2628d28
2021-12-14api: verify message size on receiptKlement Sekera2-1/+7
When a message is received, verify that it's sufficiently large to accomodate any VLAs within message. To do that, we need a way to calculate message size including any VLAs. This patch adds such funcionality to vppapigen and necessary C code to use those to validate message size on receipt. Drop messages which are malformed. Type: improvement Signed-off-by: Klement Sekera <ksekera@cisco.com> Change-Id: I2903aa21dee84be6822b064795ba314de46c18f4
2021-12-14ip: reassembly: drop zero length fragmentsKlement Sekera3-0/+17
Zero length fragments are invalid and should be dropped. This patch adds that. Type: improvement Change-Id: Ic6466c39ca8bf376efe06bb3b7f5d7f1ae812866 Signed-off-by: Klement Sekera <ksekera@cisco.com>
2021-12-10ip: reassembly: handle atomic fragments correctlyKlement Sekera2-45/+93
If a fragment arrives with fragment offset = 0 and M = 0, it means that this is actually a complete packet and per RFC 8200, it should be treated independently from other fragments. This patch does that. Fragmentation header is stripped and fragment is forwarded irregardles of other existing reassemblies in case of full reassembly and treated the same way as regular packet in shallow virtual reassembly. Type: improvement Change-Id: If3322d5e3160cd755b8465a642702a9166d46cc2 Signed-off-by: Klement Sekera <ksekera@cisco.com>
2021-12-03ip: extension header parsing fails for fragment headerOle Troan7-291/+263
Refactor and improve boundary checking on IPv6 extension header handling. Limit parsing of IPv6 extension headers to a maximum of 4 headers and a depth of 256 bytes. Type: fix Signed-off-by: Ole Troan <ot@cisco.com> Change-Id: Ide40aaa2b482ceef7e92f02fa0caeadb3b8f7556 Signed-off-by: Ole Troan <ot@cisco.com>
2021-12-03fib: Fix the display (or lack of) for fib node types in dependent children listsNeale Ranns1-1/+2
Type: fix When registering a new FIB node type, no name was required on the API, and so no name was printed. Signed-off-by: Neale Ranns <neale@graphiant.com> Change-Id: I8a99cf29c194637a550061b0a5e9782ffe8b31dd
2021-11-23vxlan: multiarch optimization of vxlanRay Kinsella1-1/+1
Fixing the mutliarch versions of vxlan, geneve and friends. Ensures that main struct is correctly sized for all multiarch permutations. Type: fix Fixes: 290526e3c Signed-off-by: Ray Kinsella <mdr@ashroe.eu> Change-Id: I7c4c435763a5dcb0c3b429cd4f361d373d480c03
2021-11-23ip: unlock_fib on if deleteNathan Skrzypczak3-0/+20
On interface delete we were not removing the lock taken by a previous ip_table_bind() call thus preventing the VRFs to be removed. Type: fix Change-Id: I11abbb51a09b45cd3390b23d5d601d029c5ea485 Signed-off-by: Nathan Skrzypczak <nathan.skrzypczak@gmail.com>
2021-11-18ip: comparing IP prefixes should not modify themNeale Ranns4-7/+33
Type: improvement make the ip_prefix_cmp take const paramenters. plus some other miscellaneous functions. Signed-off-by: Neale Ranns <neale@graphiant.com> Change-Id: Ib69bacfb09483a8a8f8b89900c92d3d55c354ac6
2021-11-17ip6: ip6_not_enabled_node is a sibling of ip6-dropPaul Atkins1-6/+2
The node ip6_not_enabled should be marked as sibling of ip6-drop as both are start nodes of the ip6-drop arc. Type: fix Signed-off-by: Paul Atkins <patkins@graphiant.com> Change-Id: I212c25444a81b11d8085ba7930ddb67b47502d5c
2021-11-12session: add support for DSCPFilip Tehlar1-5/+6
Type: feature Signed-off-by: Filip Tehlar <ftehlar@cisco.com> Change-Id: I817b1503ada1ae53c1134a85263f9b801d74e88a
2021-11-10vppinfra: new vectorized ip checksum functions incl. csum_and_copyDamjan Marion3-98/+11
Type: improvement Change-Id: Id5810b7f4a6d6e4ce16b73c235b50db5d475ebf7 Signed-off-by: Damjan Marion <damarion@cisco.com>
2021-11-10ip: crash in ip_csum_fold due to illegal instruction shrxSteven Luong1-1/+1
Encounter a crash for the line shrx edi,eax,edi in ip_csum_fold. The target cpu is ivy bridge which does not support shrx instruction. Type: fix Fixes: e6709ff37dc0f3a58ed5ad98aace73fe801f1e9d Signed-off-by: Steven Luong <sluong@cisco.com> Change-Id: Icc922d3b2ebfcfa721f63946a213b6c492874a9a
2021-11-10ip: always set ip rx_sw_if_indexFlorin Coras2-6/+11
Type: improvement Signed-off-by: Florin Coras <fcoras@cisco.com> Change-Id: I43f6bfa028ee37227f27a2fe0303662bf2631b10
2021-11-05ip: remove dead codeDamjan Marion1-3/+0
Type: refactor Change-Id: Ia8e8834b635025d07e1028b1d5779b21c4e05e58 Signed-off-by: Damjan Marion <damarion@cisco.com>
2021-11-04ip: speed up reassembly code compilationKlement Sekera4-50/+36
Refactor code so that code is inlined in one place instead of in multiple to speed up compilation. Type: refactor Change-Id: I41357b89715b66ebdc8c0d5ccd69347a254fc266 Signed-off-by: Klement Sekera <ksekera@cisco.com>
2021-11-04ip: reassembly: avoid reading truncated L4 headersKlement Sekera2-80/+149
Check if L4 headers are truncated and if so, set a flag for (future) consumers instead of reading/writing garbage data. Type: fix Fixes: de34c35fc73226943538149fae9dbc5cfbdc6e75 Change-Id: I0b656ec103a11c356b98a6f36cad98536a78d1dc Signed-off-by: Klement Sekera <ksekera@cisco.com>
2021-11-02ip: fix coverity warningKlement Sekera1-1/+1
Remove unnecessary NULL check of t0, which causes coverity to scream. t0 is always initilised to *something* by doing pool_elt_at_index(). Type: fix Signed-off-by: Klement Sekera <ksekera@cisco.com> Change-Id: I7cf21767c43a24923e490ad40622743c17142fe2
2021-11-02ip: fix build without vector unitDamjan Marion1-0/+13
Change-Id: I102f84d6d72a7f17e62fb8c16a1d4a3234753476 Type: fix Signed-off-by: Damjan Marion <damarion@cisco.com>
2021-10-28ip: improve csum fold on x86_64Damjan Marion1-1/+15
New code seems to be 1.5 clocks faster. old: mov eax,edi shr rdi,0x20 add rdi,rax movzx edx,di shr rdi,0x10 add rdx,rdi movzx eax,dx shr rdx,0x10 add rax,rdx mov rdx,rax shr rdx,0x10 add eax,edx new: mov rax,rdi shr rax,0x20 add eax,edi mov edi,0x10 shrx edi,eax,edi adc ax,di adc ax,0x0 Type: improvement Change-Id: I3c565812c67ff4c3db197a9d4137a6c131b5b66c Signed-off-by: Damjan Marion <damarion@cisco.com>
2021-10-21fib: respect mfib entry flags on create with pathsPaul Atkins2-5/+4
When an mfib entry was created with both paths and entry_flags then the entry flags were being ignored. If there are no paths then the flags were passed into mfib_table_entry_update, but in the case where the entry didn't exist and there were paths and flags, the entry was created within mfib_table_entry_paths_update() which used a default of MFIB_ENTRY_FLAG_NONE. Pass the flags through into the mfib_table_entry_paths_update fn. All existing callers other than the create case will now pass in MFIB_ENTRY_FLAG_NONE. Type: fix Signed-off-by: Paul Atkins <patkins@graphiant.com> Change-Id: I256375ba2fa863a62a88474ce1ea6bf2accdd456
2021-10-21ip: Add ip46-local node for local swif[rx]Nathan Skrzypczak2-34/+108
Type: improvement This adds a new ip[46]-receive node, sibling of ip[46]-local. Its goal is to set vnet_buffer (b)->ip.rx_sw_if_index to the sw_if_index of the local interface. In dependant nodes further down the line (e.g. hoststack) we then set sw_if_idx[rx] to this value. So that we know which local interface did receive the packet. The TCP issue this fixes is that : On accepts, we were setting tc->sw_if_index to the source sw_if_index. We should use the dest sw_if_index, so that packets coming back on this connection have the right source sw_if_index. And also setting it in the tx-ed packet. Change-Id: I569ed673e15c21e71f365c3ad45439b05bd14a9f Signed-off-by: Nathan Skrzypczak <nathan.skrzypczak@gmail.com>
2021-10-21ip6: set local flag on outbound echo replyMatthew Smith1-0/+4
Type: fix When VPP generates an ICMP echo reply in response to an incoming echo request to a local address, set VNET_BUFFER_F_LOCALLY_ORIGINATED on the buffer. It will prevent ip6-rewrite from decrementing the hop limit. Outbound IPv4 echo replies also get this flag set. Change-Id: Iaa229294eb158edb58cf1bf1b7a90da281321406 Signed-off-by: Matthew Smith <mgsmith@netgate.com>
2021-10-20ip6: fix IPv6 address calculation error using "ip route add" CLIJieqiang Wang1-20/+3
Using VPP CLI "ip route add" to add static IPv6 entries outputs wrong results. Fix this error by correctly calculating IPv6 addresses with different increased ranges and grouping ip4/ip6 prefix calculation functionality into two functions. Type: fix Signed-off-by: Jieqiang Wang <jieqiang.wang@arm.com> Reviewed-by: Lijian Zhang <lijian.zhang@arm.com> Reviewed-by: Tianyu Li <tianyu.li@arm.com> Change-Id: If954876301ca2095f9331799a086f75db936f246
2021-10-18interface: add api test fileFilip Tehlar1-15/+8
Type: improvement Signed-off-by: Filip Tehlar <ftehlar@cisco.com> Change-Id: Ib07029204ecf12bf2adb5a39afa54bc98fb81f34
2021-10-12fib: fix the drop counter for ipv6 RPF failuresNeale Ranns1-0/+6
Type: fix the only change to the mfib forwarding node is to set the error code, the rest is checkstyle formatting. The traces previously showed some bogus reason: 00:04:27:325550: ip6-mfib-forward-rpf entry 10 itf -1 flags 00:04:27:325551: ip6-drop fib:0 adj:10 flow:0 UDP: fe80::b203:eaff:fe02:604 -> ff02::1:2 tos 0x00, flow label 0x651ed, hop limit 1, payload length 64 UDP: 546 -> 547 length 64, checksum 0xec9a 00:04:27:325551: error-drop rx:GigabitEthernet6/0/0 00:04:27:325553: drop ip6-input: drops due to concurrent reassemblies limit Signed-off-by: Neale Ranns <neale@graphiant.com> Change-Id: I294684c36edc346b4ebdd83ba66888b3b2197704
2021-10-11ip: fix fib and mfib locksNathan Skrzypczak3-17/+10
This patches fixes an issue that could cause fib locks to underflow: if an API user deletes a fib and quickly recreates it, the fib may not have been actually deleted. As a result, the lock would not be incremented on the create call leading to the fib potentially disappearing afterwards - or to the lock to underflow when the fib is deleted again. In order to keep the existing API semantics, we use the locks with API and CLI source as flags. This means we need to use a different counter for the interface-related locks. This also prevents an issue where an interface being bound to a vrf via API and released via CLI could mess up the lock counter. Finally, this will help with cleaning up the interface-related locks on interface deletion in a later patch. Type: fix Change-Id: I93030a7660646d6dd179ddf27fe4e708aa11b90e Signed-off-by: Nathan Skrzypczak <nathan.skrzypczak@gmail.com> Signed-off-by: Aloys Augustin <aloaugus@cisco.com>
2021-10-07ip: fix path MTU node errors definitionBenoît Ganne3-3/+7
The path mtu node uses errors defined by ip fragmentation. Type: fix Change-Id: I1f173955919a4f555ab0309cd8201ec342a0ae92 Signed-off-by: Benoît Ganne <bganne@cisco.com>
2021-10-06ip: check if interface has link-local address (addition)Artem Glazychev1-1/+6
previous - b31fbc47f5fcf8234c757558d7b0285348774086 Type: fix Signed-off-by: Artem Glazychev <artem.glazychev@xored.com> Change-Id: I7ea2d693d3ad5bf41ece066b3511fbfa156c1e4b
2021-10-06docs: vnet comment nitfixesNathan Skrzypczak1-3/+4
Type: improvement Change-Id: Iac01d7830b53819ace8f199554be10ab89ecdb97 Signed-off-by: Nathan Skrzypczak <nathan.skrzypczak@gmail.com>
2021-10-06ip: add classifier-based ACLs support on ip puntBenoît Ganne1-234/+184
This feature allows one to add classifier-based ACLs on packets punted from the ip infra, eg. to only whitelist specific sender(s). Type: feature Change-Id: Idab37b188583efbca980038875fc3e540cb2e880 Signed-off-by: Benoît Ganne <bganne@cisco.com>
2021-10-04ip: fix punt for ipv6Benoît Ganne1-4/+9
Type: fix Change-Id: I583c30e9b63c0b0b6cd5fef0b2cb9ed7ec9856e2 Signed-off-by: Benoît Ganne <bganne@cisco.com>
2021-10-01devices: add support for pseudo header checksumMohsin Kazmi1-0/+54
Type: improvement Linux uses pseudo header checksum when checksum of l4 is offloaded. This patch adds similar support in virtual interfaces. Change-Id: I6a94d1104e59356f95057e7c122e3be9cd8659a3 Signed-off-by: Aloys Augustin <aloaugus@cisco.com> Signed-off-by: Mohsin Kazmi <sykazmi@cisco.com>
2021-09-27misc: api move continuedFlorin Coras1-0/+1
Move control ping and change dependencies from vpe.api_types to memclnt.api_types Type: refactor Signed-off-by: Florin Coras <fcoras@cisco.com> Change-Id: I9f8bc442e28738c48d64d1f6794082c8c4f5725b
2021-09-27ip: fix ip table allocation randomnessAloys Augustin1-1/+1
This prevents going through the same sequence every time the api is called. Type: fix Change-Id: I3ca3587ab5d1c060e2913ca88501b8dbcdd9c196 Signed-off-by: Aloys Augustin <aloaugus@cisco.com>
2021-09-27misc: move part of vpe apis to vlibmemoryFlorin Coras1-2/+0
VPE apis are actually vlib apis. This moves those that are not tightly coupled with vapi to vlib_api Type: refactor Signed-off-by: Florin Coras <fcoras@cisco.com> Change-Id: I456a64ce49a0cdeff4a0931c6ea513cb639f683e Signed-off-by: Ole Troan <ot@cisco.com>
2021-09-24ip: set error number on failed intf addrMatthew Smith2-2/+8
Type: fix A subinterface that does not have exact match enabled cannot have an IP address configured on it. When this is validated in the functions which add an interface IP address for IPv4 and IPv6, a clib_error_t * is returned but api_errno is not set. The API handler uses the value of vnet_main.api_errno to set the return value in it's reply. Since it was not set, the API reports the operation succeeded. Set vnet_main.api_errno if vnet_sw_interface_supports_addressing() returns a non-null value when adding/deleting an interface IP address. Change-Id: I257a30d21788986102a2a719235e714ff16a24e8 Signed-off-by: Matthew Smith <mgsmith@netgate.com>