Age | Commit message (Collapse) | Author | Files | Lines |
|
Type: improvement
Signed-off-by: Neale Ranns <neale@graphiant.com>
Change-Id: I822ead1495edb96ee62e53dc5920aa6c565e3621
|
|
classify hash used to be stored as u64 in buffer metadata, use 32 bits
instead:
- on almost all our supported arch (x86 and arm64) we use crc32c
intrinsics to compute the final hash: we really get a 32-bits hash
- the hash itself is used to compute a 32-bits bucket index by masking
upper bits: we always discard the higher 32-bits
- this allows to increase the l2 classify buffer metadata padding such
as it does not overlap with the ip fib_index metadata anymore. This
overlap is an issue when using the 'set metadata' action in the ip
ACL node which updates both fields
Type: fix
Change-Id: I5d35bdae97b96c3cae534e859b63950fb500ff50
Signed-off-by: Benoît Ganne <bganne@cisco.com>
|
|
Type: fix
Added stats for success and failure cases
Fixed Custom app behaviors for the error / drop cases
Signed-off-by: Vijayabhaskar Katamreddy <vkatamre@cisco.com>
Change-Id: Id6e981c7be5c5b3cee5af2df505666d5558da470
|
|
Type: improvement
Change-Id: I85c73cb940d81d0b249eda0d57de135bcd798418
Signed-off-by: Benoît Ganne <bganne@cisco.com>
|
|
When failing to match an ip address, we should not reset the ip address
that could have been initialized by a previous match.
Type: fix
Change-Id: I026766391eb3eb8230f75f66bf4b681e774741d9
Signed-off-by: Benoît Ganne <bganne@cisco.com>
|
|
Type: fix
*Buffer leaks and corruptions during internal errors, either overriding
or missing to add the buffer to the list
Signed-off-by: Vijayabhaskar Katamreddy <vkatamre@cisco.com>
Change-Id: I1ead1eca1cde10a36d60dbfcfe36ca6375690b03
|
|
Type: fix
Pace the main thread activity for reassembly timeouts, to avoid barrier syncs
Signed-off-by: Vijayabhaskar Katamreddy <vkatamre@cisco.com>
Change-Id: Iebe9a38d2a7a6471afa6621f12bb545668dc8384
|
|
- update wordlist and fix typos so that 'make docs-spell' passes
- sort spelling_wordlist.txt
- update docs maintainers list
Type: docs
Signed-off-by: Dave Wallace <dwallacelf@gmail.com>
Change-Id: I38ac7850c604c323427d2bb6877ea98bd10bcc38
|
|
Type: fix
pool_is_free_index() check is performed only for the first element
Signed-off-by: Vijayabhaskar Katamreddy <vkatamre@cisco.com>
Change-Id: Icadc715a9b54761ec69805a134a69a262137536d
|
|
Type: fix
Custom node functionality is missing in v6, so bringing in similar to v4 functionality into ip6 as well
Signed-off-by: Vijayabhaskar Katamreddy <vkatamre@cisco.com>
Change-Id: I28b0be2fc55a00bfc0b456b1caaa1dcf5641a44e
|
|
single struct to hold all api handler, flags, etc.
Provide functions to toggle flags instead of writing directly to
internal data.
Type: refactor
Change-Id: I4730d7290e57489de8eda34a72211527e015b721
Signed-off-by: Damjan Marion <damarion@cisco.com>
|
|
Type: fix
Pace the main thread activity for reassembly timeouts, to avoid barrier syncs
Signed-off-by: Vijayabhaskar Katamreddy <vkatamre@cisco.com>
Change-Id: If8c62a05c7d28bfa6ac530c2cd5124834b4e8a70
|
|
Type: fix
Adding stats from debugging point of view
Signed-off-by: Vijayabhaskar Katamreddy <vkatamre@cisco.com>
Change-Id: I3118d3fd5d630fad80a42ab960e30459789123cf
|
|
Type: fix
as number of reass contexts increasing based on workers, increasing the number of nbuckets for bihash
Signed-off-by: Vijayabhaskar Katamreddy <vkatamre@cisco.com>
Change-Id: I83d061a709ecb8845ce745b18d03fdefc795787f
|
|
Type: fix
Change-Id: I69f7e23b23e8cfcfe57ba019862470e0eb4b06db
Signed-off-by: Nathan Skrzypczak <nathan.skrzypczak@gmail.com>
|
|
Type: fix
*Buffer leaks and corruptions during internal errors, either overriding
or missing to add the buffer to the list
Signed-off-by: Vijayabhaskar Katamreddy <vkatamre@cisco.com>
Change-Id: I6c2406cff53a741e800e2d05593696f3e9fd6ff5
|
|
Type: docs
Signed-off-by: Klement Sekera <ksekera@cisco.com>
Change-Id: I23008cde47d8b7a531346eab02902e2ced18742a
|
|
Type: fix
Signed-off-by: Klement Sekera <ksekera@cisco.com>
Change-Id: I952ba7e042779855e29628d048da7edec1caaafd
|
|
Type: fix
Signed-off-by: Stanislav Zaikin <zstaseg@gmail.com>
Change-Id: I792467b73449074e59c4232b1f82d134c399624c
|
|
Type: fix
After changes made in f840880, VRRP IPv6 cannot reply for neighbor
solicitations requesting the link layer address of the configured
virtual address.
VRRP IPv6 enables the vrrp6-nd-input feature in the ip6-local feature
arc for an interface on which a virtual router is configured. When
neighbor solicitations arrive on that interface, ip6-local should start
feature arc walk for that interface and the messages should be processed
by vrrp6-nd-input. The problem is that currently, the feature arc is
started for the interface obtained from the receive DPO that has
interface unset (i.e. max u32) for local mfib entries. Thus, the feature
arc is started not on the interface the messages were received on and
vrrp6-nd-input is not traversed.
With this fix, if interface obtained from the receive DPO is unset, use
RX interface from the buffer to start the ip46-local feature arc.
Also, enable tests of this case for both IPv4 and IPv6 address families
that are currently tagged as extended and not run on every change. They
configure VRRP with priority 255 and are expected to be stable.
Signed-off-by: Alexander Chernavin <achernavin@netgate.com>
Change-Id: I11ef3d5a7a986e04431e8613d1510b8666094bd7
|
|
Use of _vec_len() to set vector length breaks address sanitizer.
Users should use vec_set_len(), vec_inc_len(), vec_dec_len () instead.
Type: improvement
Change-Id: I441ae948771eb21c23a61f3ff9163bdad74a2cb8
Signed-off-by: Damjan Marion <damarion@cisco.com>
|
|
Type: fix
otherwise punt features are applied multiple times to the same packet if enabled multiple times
Signed-off-by: Neale Ranns <neale@graphiant.com>
Change-Id: If0cbd9065275f68a10fd6d35e4f7a7c7508245e0
|
|
When computing the inner packet checksum, the code wrongly
assumes that the IP version of the inner packet is the
same of the outer one. On the contrary, it is perfectly
possible to encapsulate v6 packets into v4 and viceversa,
so we need to check the IP format of the inner header before
calling vnet_calc_checksums_inline.
Ticket: VPP-2020
Type: fix
Signed-off-by: Mauro Sardara <msardara@cisco.com>
Change-Id: Ia4515563c164f6dd5096832c831a48cb0a29b3ad
Signed-off-by: Mauro Sardara <msardara@cisco.com>
|
|
ply_create() is not thread safe when the ip4_ply_pool expands.
Type: fix
Signed-off-by: Vladislav Grishenko <themiron@yandex-team.ru>
Change-Id: Ie11cc8b1ba587d5e9239a60f4e288492da61368e
|
|
Fixes case when packet to link-local address is received over
gre/mpls or other non-ethernet interface and ip6-ll fib for it
is undefined.
If by a chance ip6-ll fib index is valid, packet will be passed
to some ip6 fib with possibilities to be sent out over unrelated
interface or be looped again into ip6-link-local dpo till oom
and crash.
Type: fix
Signed-off-by: Vladislav Grishenko <themiron@yandex-team.ru>
Change-Id: Ie985f0373ea45e2926db7fb0a1ff951eca0e38f6
|
|
Type: fix
otherwise if two packets arrive with the same source address but from different VRFs, then they are treated as the same and they use the same LB and thus share the same fate. but the lookup, when done, results in two different LBs, and hence the fate can be different.
Signed-off-by: Neale Ranns <neale@graphiant.com>
Change-Id: Id6e16f7c577a561d9ddd7066339fa4385361d07f
|
|
Type: improvement
This also makes the is_white_space function
public
Change-Id: Ifc1c0d4509f3ecae14f09bb5fa7a2eea33c49b09
Signed-off-by: Nathan Skrzypczak <nathan.skrzypczak@gmail.com>
|
|
Type: refactor
Change-Id: I3625eacf9e04542ca8778df5d46075a8654642c7
Signed-off-by: Damjan Marion <damarion@cisco.com>
|
|
There is no need to verify the checksum for packets that have the IP
checksum offload flag set. This uses the same logic as
ip4_ttl_and_checksum_check.
Type: fix
Signed-off-by: Aloys Augustin <aloaugus@cisco.com>
Change-Id: I177b07212a992362a4c965c074dcecf1e504c593
|
|
Type: fix
The l2unfragmentable size is not included in the calculation of 'max', the maximum amount of data that can be added to a fragment, therefore the fragments created are too big.
Signed-off-by: Neale Ranns <neale@graphiant.com>
Change-Id: Id1e949ad98203b6f8ea2f55322ef6fa3d507e2a6
|
|
While setting an ACL, a user can specify the adjacency to follow after
the input ACL node. Thus, we may skip a lookup and enter directly a
local node (ex: ip4_local). To prevent the local source check from
failing, we need to specify the fib index. And, we have to do it just
before exiting the input ACL node because the l2_classify object
is overlapping with the fib_index in the vnet_buffer_opaque_t struct.
We could have added a padding to avoid this overlap but there is no
place for that in the structure.
Type: fix
Signed-off-by: Arthur de Kerhor <arthurdekerhor@gmail.com>
Change-Id: I383c36e4aec08d181f966f28565aefed950d2a74
|
|
Type: fix
- IPv6 fragmentation did not work if the packet spaneed multiple buffers, because the 'len' calculation to did max out at the size of a buffer
- IPv6 fragmentation did not work when the l2unfragmentable size was non-zero, it was not used in the correct places
- IPv6oMPLS fragmentation would fragment all IPv6, it should do so only for link local
- IPv6oMPLS should send back TooBig ICMP6 for non locally generated
Signed-off-by: Neale Ranns <neale@graphiant.com>
Change-Id: Ie8f02cdfdd7b7e8474e62b6d0acda8f20c371184
|
|
Type: improvement
For error conditions, such as TTL expired, dest unreach, etc, Rate limit the sending of ICMP error messages.
The rate limiting is done based on src,dst IP address of the received packet.
the rate limit has been chosen, somewhat arbitrarily, to be 1e-3. This is the same limit as the ARP throttling.
Signed-off-by: Neale Ranns <neale@graphiant.com>
Change-Id: I4a0b791cde8c941a9bf37de6aa5da56779d3cef4
|
|
ip6_ext_hdr_chain_t->eh is IP6_EXT_HDR_MAX elements.
Type: fix
Change-Id: I28b8d610d8f5c0c520c8391c37b86e837655ab12
Signed-off-by: Benoît Ganne <bganne@cisco.com>
|
|
Type: refactor
check for pool expansion in the DPO allocation, just in case.
Signed-off-by: Neale Ranns <neale@graphiant.com>
Change-Id: I6ba7dd66313630d3f24a51700ab4486ba43d856b
|
|
Type: refactor
To be consistent with the location of the IPv4 responder
Signed-off-by: Neale Ranns <neale@graphiant.com>
Change-Id: Ie3a5c3ecc10755317591d7ff57b74770c2798e77
|
|
Type: refactor
IP4 does not depend on TCP (it's the other way around).
This upside down dependency leads to some nasty circular includes when trying to use ip46_address.h in interface.h
Signed-off-by: Neale Ranns <neale@graphiant.com>
Change-Id: I4a1bd21543b08b9c1cf1e5563da738414734a878
|
|
IGMP packets with Router Alert option are delivered to ip4-local
without going through ip4-lookup. Make sure fib_index is initialized
properly.
Type: fix
Change-Id: Iab090a33c4c759b6d7f68c28a0b3f4da7a9de864
Signed-off-by: Benoît Ganne <bganne@cisco.com>
|
|
This also changes the behavior of the nat44-ei hairpinning feature.
Rather then enabling the feature on every nat interface, it is enabled
only on local0.
Type: improvement
Signed-off-by: Filip Varga <fivarga@cisco.com>
Signed-off-by: Florin Coras <fcoras@cisco.com>
Change-Id: I4e16a83c9e328aa75fc61df508b620ef743ca775
|
|
Add API to disable full reassembly of "forus" packets. Mark packets
passing through ip[4|6]-local nodes with a new buffer flag and check for
that flag in reassembly.
Enable IP6 "forus" full reassembly by default to be consistent with
existing IP4 setting.
Type: improvement
Change-Id: I7067792fcd4304182654237968e4c4d9293c6143
Signed-off-by: Klement Sekera <ksekera@cisco.com>
|
|
Replace unconditional usage of
buffer->total_length_not_including_first_buffer with a logic checking
whether that length is set to a valid value.
Type: fix
Fixes: 17478e4eb81d384f171ca27c9110a051cd434f16
Signed-off-by: Klement Sekera <ksekera@cisco.com>
Change-Id: I161d0957d62cc23826edd821aa5560bcfc5c1a33
|
|
Initialize ip6 memory owner thread index in reassembly context to avoid
unnecessary handovers.
Type: fix
Fixes: 630ab5846bceddf8d663e9f488a2dc0378949827
Signed-off-by: Klement Sekera <ksekera@cisco.com>
Change-Id: I2996caf1f82a0649c97d481b74dce24a96dce326
|
|
*** CID 243670: Memory - illegal accesses (OVERRUN)
/src/vnet/ip/ip6_packet.h: 713 in ip6_ext_header_walk()
CID 243670: Memory - illegal accesses (OVERRUN)
Overrunning array "res->eh" of 4 4-byte elements at
element index 5 (byte offset 23) using index "i" (which evaluates to 5).
Type: fix
Fixes: 03092c1
Change-Id: I27e0435cf10534f3b41e11bf7a5629b5428b0651
Signed-off-by: Ole Troan <ot@cisco.com>
|
|
fib_table->ft_locks
name string for parsing the ip table add|del name <tag> command
path list for ip4_specials in mfib
mfib->fib_entry_by_dst_address[0..32]
mfib entry path_ext, msrc->mfes_exts
Type: fix
Signed-off-by: Steven Luong <sluong@cisco.com>
Change-Id: Ia1e0cac577a73608ee1e4b1664b60a66322e81ce
|
|
Type: improvement
Change-Id: Ib39478a2e6991d721c4ba3ea61c97bfb07238016
Signed-off-by: Damjan Marion <damarion@cisco.com>
|
|
There could be a race condition where two fragments of one chain end up
at the same time on different workers, one overwriting others hash
entry. Add a check for that and restart processing on the unlucky worker
who ends up being second from hash table POV. This will then result in a
proper handover to worker now owning this reassembly.
Type: fix
Fixes: de34c35fc73226943538149fae9dbc5cfbdc6e75
Signed-off-by: Klement Sekera <ksekera@cisco.com>
Change-Id: I9eb29c5cb1ffe3b5eb1d5a638e17ab7ba2628d28
|
|
When a message is received, verify that it's sufficiently large to
accomodate any VLAs within message. To do that, we need a way to
calculate message size including any VLAs. This patch adds such
funcionality to vppapigen and necessary C code to use those to validate
message size on receipt. Drop messages which are malformed.
Type: improvement
Signed-off-by: Klement Sekera <ksekera@cisco.com>
Change-Id: I2903aa21dee84be6822b064795ba314de46c18f4
|
|
Zero length fragments are invalid and should be dropped. This patch adds
that.
Type: improvement
Change-Id: Ic6466c39ca8bf376efe06bb3b7f5d7f1ae812866
Signed-off-by: Klement Sekera <ksekera@cisco.com>
|
|
If a fragment arrives with fragment offset = 0 and M = 0, it means that
this is actually a complete packet and per RFC 8200, it should be
treated independently from other fragments. This patch does that.
Fragmentation header is stripped and fragment is forwarded irregardles
of other existing reassemblies in case of full reassembly and treated
the same way as regular packet in shallow virtual reassembly.
Type: improvement
Change-Id: If3322d5e3160cd755b8465a642702a9166d46cc2
Signed-off-by: Klement Sekera <ksekera@cisco.com>
|
|
Refactor and improve boundary checking on IPv6 extension header handling.
Limit parsing of IPv6 extension headers to a maximum of 4 headers and a
depth of 256 bytes.
Type: fix
Signed-off-by: Ole Troan <ot@cisco.com>
Change-Id: Ide40aaa2b482ceef7e92f02fa0caeadb3b8f7556
Signed-off-by: Ole Troan <ot@cisco.com>
|