summaryrefslogtreecommitdiffstats
path: root/src/vnet/ip
AgeCommit message (Collapse)AuthorFilesLines
2020-11-05ip: fix doxygen doc for address add/del commandBenoît Ganne1-2/+2
Type: docs Change-Id: I96d5cdb41bd938f06d2d72f2625bf1b3d2c5b1b4 Signed-off-by: Benoît Ganne <bganne@cisco.com>
2020-11-02ipsec: Tunnel SA DSCP behaviourNeale Ranns3-4/+29
Type: feature - use tunnel_encap_decap_flags to control the copying of DSCP/ECN/etc during IPSEC tunnel mode encap. - use DSCP value to have fixed encap value. Signed-off-by: Neale Ranns <nranns@cisco.com> Change-Id: If4f51fd4c1dcbb0422aac9bd078e5c14af5bf11f
2020-10-28misc: Break the big IP header files to improve compile timeNeale Ranns17-659/+842
Type: refactor Signed-off-by: Neale Ranns <neale.ranns@cisco.com> Change-Id: Id1801519638a9b97175847d7ed58824fb83433d6
2020-10-21ip: convert u32 entry_flags to vl_api_mfib_entry_flags_t on mroute APINeale Ranns2-2/+4
Type: fix This is not an API change, it's the same values, just a different named type. also use VppEnum values in tests Signed-off-by: Neale Ranns <nranns@cisco.com> Change-Id: I3a18b529514f3cc9467ae4e8ac3e88d067fc776b
2020-10-21misc: minimize dependencies on udp.hFlorin Coras1-2/+0
Type: improvement Signed-off-by: Florin Coras <fcoras@cisco.com> Change-Id: Id13f33843b230a1d169560742c4f7b2dc17d8718
2020-10-19ip: Move the IP6 fib into ip6_[m]fib.cNeale Ranns4-122/+1
Type: improvement reduce the compile time by moving the bihash includes out of ip[46].h Signed-off-by: Neale Ranns <nranns@cisco.com> Change-Id: I6b9216e10aff1013071f9238b3e1ebbdd205bd80
2020-10-12ip: IP6 incorrectly disabled on removing first ip6 prefixNeale Ranns1-1/+3
Type: fix reference counting on the ip6 state was broken, meaning that disabling one of serveral ip6 configs on an interface, completely ip6 disabled the interface. Signed-off-by: Neale Ranns <nranns@cisco.com> Change-Id: Ie3af51587310ffe871ad2a9cbd927e15a3ececa9
2020-10-07misc: Purge unused pg includesNeale Ranns2-2/+0
Type: style Signed-off-by: Neale Ranns <nranns@cisco.com> Change-Id: I26a19e42076e031ec5399d5ca05cb49fd6fbe1cd
2020-10-05ipsec: Use bihash for tunnel lookupNeale Ranns1-0/+1
Type: improvement Change-Id: I0c82722dfce990345fe6eeecdb335678543367e0 Signed-off-by: Neale Ranns <nranns@cisco.com>
2020-10-02ip: Fix unformat_ip_prefixNathan Skrzypczak1-1/+4
Type: fix Change-Id: I73629ccf7d5a49da3858899dc727cc180fb53003 Signed-off-by: Nathan Skrzypczak <nathan.skrzypczak@gmail.com>
2020-09-28classify: preformance improvements in classifiersRay Kinsella1-285/+649
Reworked the code to reduce line fill buffer pressure. Improved compiler loop unrolling, over the existing complex hand-unrolling. Updated the code to use vlib_get_buffers & vlib_buffer_enqueue_to_next. Type: improvement Signed-off-by: Ray Kinsella <mdr@ashroe.eu> Change-Id: I7dca7515ba91672eaf50a6eecd13811210cf0006
2020-09-23ip: use main heap for mtrie, part 2 (remove args)Damjan Marion2-32/+0
Type: improvement Change-Id: I8c28c845c75657852f1e513e2832771fad6b90b7 Signed-off-by: Damjan Marion <damarion@cisco.com>
2020-09-21ip: use main heap for mtrieDamjan Marion2-51/+0
Main heap can be hugepage backed so it is more efficient to use main heap instead of allocating special heap just for mtrie.... Type: improvement Change-Id: I210912ab8567c043205ddfc10fdcfde9a0fa7757 Signed-off-by: Damjan Marion <damarion@cisco.com>
2020-09-18fib: skip byte swap on n_paths in mroute detailsMatthew Smith1-2/+2
Type: fix While preparing to send a ip_mroute_details API message, the number of paths for a multicast route is stored in an int in send_ip_mroute_details(). Before the value in the int is copied into the field n_paths in the API message, the byte order is swapped. This results in n_paths getting set to 0. Change the int to a u8 and omit the byte swap so API clients can receive data on multicast route paths. Change-Id: Ie6dcb0f7b135c5b5deeeb2e44147560dbbb12507 Signed-off-by: Matthew Smith <mgsmith@netgate.com>
2020-09-17teib: Use ip_address_t not ip46_address_tNeale Ranns1-0/+1
Type: improvement Change-Id: Ica75c4e43d6198658a1954640c7ac56ea68bb39a Signed-off-by: Neale Ranns <nranns@cisco.com>
2020-09-04ip: enhance vtep4_check of tunnel by vector wayZhiyong Yang1-0/+42
This patch aims to improve decap performance by reducing expensive hash_get callings as less as possible using AVX512 on XEON. e.g. vxlan, vxlan_gpe, geneve, gtpu. For the existing code, if vtep4 of the current packet match the last vtep4_key_t well, expensive hash computation can be avoided and the code returns directly. This patch improves tunnel decap multiple flows case greatly by leveraging 512bit vector register on XEON accommodating 8 vtep4_keys. It enhances the possiblity of avoiding unnecessary hash computing once hash key of the current packet hits any one of 8 in the 512bit cache. The oldest element in vtep4_cache_t is updated in round-robin order. vlib_get_buffers is also leveraged in the meanwhile. Type: improvement Signed-off-by: Zhiyong Yang <zhiyong.yang@intel.com> Signed-off-by: Ray Kinsella <mdr@ashroe.eu> Signed-off-by: Junfeng Wang <drenfong.wang@intel.com> Change-Id: I313103202bd76f2dd638cd942554721b37ddad60
2020-09-01ip: fix ip zero checksum verificationBenoît Ganne3-8/+9
In one's complement, there are two representations of zero: the all zero and the all one bit values, often referred to as +0 and -0. See RFC 1624 section 3 for more details. This used to be taken care of in ip4_header_checksum(), but it is no longer the case. The check ip->checksum == ip4_header_checksum (ip) is no longer correct in the -0 case. Always use ip4_header_checksum_is_valid() instead (which behaves correctly since 9a79a1ab931c3b5a7ae07d6f0fcfef7c4368a2c4). Type: fix Fixes: e5f0050c7a5d411f96af6401797529d58825e2af Change-Id: Iacc6b60645a834287b085aecb9e3fdb4554cf0cf Signed-off-by: Benoît Ganne <bganne@cisco.com>
2020-09-01ip: improve ip4_header_checksum_is_validDamjan Marion1-5/+12
It is cheaper to include checksum field in calculation and simply compare result with zero. Type: improvement Change-Id: I6f77632c0a4d2f2c632d044d3a5d2fcf2b5bac62 Signed-off-by: Damjan Marion <damarion@cisco.com>
2020-08-31vppinfra: convert A_extend_to_B to B_from_A format of vector inlinesDamjan Marion1-8/+8
Make it shorter and same format when converting to biggor or smaller types. Type: refactor Change-Id: I443d67e18ae65d779b4d9a0dce5406f7d9f0e4ac Signed-off-by: Damjan Marion <damarion@cisco.com>
2020-08-31ip: fix compiling error with gcc-10Jieqiang Wang1-0/+12
Building VPP using gcc-10 fails because of the array bounds check error for function ip4_header_checksum(), with option field in IPv4 header exceeding the ip4_header_t bound. Fix this error by turning off the array bounds check option for function ip4_header_checksum(). Change-Id: I68cc241ae9e403d35ac2e320549506dc6565a0b6 Type: fix Signed-off-by: Jieqiang Wang <jieqiang.wang@arm.com>
2020-08-31cnat: Destination based NATNeale Ranns1-0/+35
Type: feature Signed-off-by: Neale Ranns <nranns@cisco.com> Change-Id: I64a99a4fbc674212944247793fd5c1fb701408cb
2020-08-25flow: add vnet/flow formal APIChenmin Sun1-0/+12
This patch adds the API for vnet/flow infra. Currently this API supports the below flow types: VNET_FLOW_TYPE_IP4_N_TUPLE VNET_FLOW_TYPE_IP6_N_TUPLE VNET_FLOW_TYPE_IP4_N_TUPLE_TAGGED VNET_FLOW_TYPE_IP6_N_TUPLE_TAGGED VNET_FLOW_TYPE_IP4_L2TPV3OIP VNET_FLOW_TYPE_IP4_IPSEC_ESP VNET_FLOW_TYPE_IP4_IPSEC_AH VNET_FLOW_TYPE_IP4_GTPU All the above flows are tested with Intel E810/X710 NIC Type: feature Signed-off-by: Chenmin Sun <chenmin.sun@intel.com> Change-Id: Icb8ae20cab9bdad6b120dddc3bd4fb1d85634f3f
2020-08-20ip: vnet_ip_mroute_cmd payload_proto fixElias Rudberg1-6/+6
Make sure payload_proto variable is set properly in vnet_ip_mroute_cmd() function. This avoids using an uninitialized payload_proto value which could lead to assertion failure when using e.g. the ip mroute add command. Type: fix Signed-off-by: Elias Rudberg <elias.rudberg@bahnhof.net> Change-Id: I8b1d1df02e80150836b7b0448814d8f99747eeed
2020-08-14ip: add VNET_IP_TABLE_ADD_DEL_FUNCTIONSteven Luong2-0/+132
vrf table may be dynamically added or deleted. When the table is deleted, clients who use the corresponding vrf table may need a callback to do the clean up. The mechanism added here is cloned from VNET_SW_INTERFACE_ADD_DEL_FUNCTION. Type: improvement Signed-off-by: Steven Luong <sluong@cisco.com> Change-Id: I08635c715cd7361a6c359b90890dd3545b0da94c
2020-07-28ip: svr: improve performance for non-fragmentsKlement Sekera1-0/+206
Type: improvement Signed-off-by: Klement Sekera <ksekera@cisco.com> Change-Id: Ia77ce41a8f1a032c5e027c4bb47347752cfda0a9
2020-07-28ip: fix punt cli to only consumes a line of inputBenoît Ganne1-4/+25
Type: fix Change-Id: Idb6f82e08b29e3805ed2133acb5fd7226148f672 Signed-off-by: Benoît Ganne <bganne@cisco.com>
2020-07-16ip: optimize ip4_header_checksum, take 2Damjan Marion1-32/+72
- add 64-bit version - remove byte swaps, as they are actually not needed Type: improvement Change-Id: Ia1efe54ee80b4ae7633b9ab36b3154c3357006d7 Signed-off-by: Damjan Marion <damarion@cisco.com>
2020-07-16ip: optimize ip4_header_checksumDamjan Marion1-62/+55
Type: improvement Change-Id: I67bacb90a3dd8a9bd7beb4975ad0fe344675b65f Signed-off-by: Damjan Marion <damarion@cisco.com>
2020-07-14ip: fix format_ip6_address_and_mask() bugChenmin Sun1-3/+2
Previously there's a format_ip4_address in format_ip6... This patch fixes this typo Type: fix Signed-off-by: Chenmin Sun <chenmin.sun@intel.com> Change-Id: Ice124db6594720ed35a992d069341f399c331e1d
2020-07-06ip: set ip4 mask for ip_copy and ip_set when dealing with ip4 typejiangxiaoming1-2/+8
Type: fix Signed-off-by: jiangxiaoming <jiangxiaoming@outlook.com> Change-Id: I3ace7dfe3ddacb4f7fa7a974a2ffe2b3cf902ff9
2020-07-02ip: fix the order in ip4 punt redirectMohsin Kazmi1-2/+2
Type: fix Fixes: a84cb715f5a4366dd2f32de18ad92bec566924da Change-Id: Id448d6ae9cfdd3122e8187121c509412835117c5 Signed-off-by: Mohsin Kazmi <sykazmi@cisco.com>
2020-06-26ip: fix the punt redirect for ip4Mohsin Kazmi1-6/+9
Type: fix Change-Id: I39341f201209931392f315ead5adfddd8b567caf Signed-off-by: Mohsin Kazmi <sykazmi@cisco.com>
2020-06-12ip: allocate ip4 mtrie pages in htlb memoryDave Barach3-2/+48
No change in default behavior. To use htlb pages for the ip4 mtrie, use the "ip" command-line option "mtrie-hugetlb". Type: improvement Signed-off-by: Dave Barach <dave@barachs.net> Change-Id: I5497e426a47200edff2c7e15563ed6a42af12e7f
2020-06-10ip: reassembly: LRU algorithm should eliminate the longest unused nodeszhengdelun2-2/+2
Type: fix Signed-off-by: zhengdelun <xszhengdelun@gmail.com> Change-Id: I3f6240b4c0798f85960acc55a193a0cbf0c67ea4
2020-06-08vxlan: Fixed checksum caclculation offsetVladimir Isaev2-14/+7
VXLAN uses csum_offload for IPv6 packets. But without gso node we have csum calculated only for inner packet. This patch adds support for outer header csum calculation. Checksum for inner packet should be calculated before interface-output node (for example in vxlan node). Type: fix Signed-off-by: Mohsin Kazmi <sykazmi@cisco.com> Signed-off-by: Vladimir Isaev <visaev@netgate.com> Change-Id: Ica68429ede4426293769207cd83c791ebe72fe56
2020-06-01ip: fix IPv6 mask to prefix length conversionAndreas Schultz1-10/+5
make sure we don't pass a 0 (zero) to log2. Type: fix Signed-off-by: Andreas Schultz <andreas.schultz@travelping.com> Change-Id: Ib3386ad4686835d3836f48294cee4058e897847a
2020-05-27ethernet: fix DMAC check and skip unnecessary ones (VPP-1868)John Lo2-0/+14
Fix and optimize DMAC check in ethernet-input node to utilize NIC or driver which support L3 DMAC-filtering mode so that DMAC check can be bypassed safely for interfaces/sub-interfaces in L3 mode. Checking of interface in L3-DMAC-filtering state to avoid DMAC check require the following: a) Fix interface driver init sequence for devices which supports L3 DMAC-filtering to indicate its capability and initialize interface to L3 DMAC-filtering state. b) Fix ethernet_set_flags() function and its associated callback flags_change() functions registered by various drivers in interface infra to provide proper L3 DMAC filtering status. Maintain interface/sub-interface L3 config count so DMAC checks can be bypassed if L3 forwarding is not setup on any main/sub-interfaces. Type: fix Ticket: VPP-1868 Signed-off-by: John Lo <loj@cisco.com> Change-Id: I204d90459c13e9e486cfcba4e64e3d479bc9f2ae
2020-05-27ip: reassembly: use correct IP header offsetKlement Sekera1-2/+7
Type: fix Ticket: VPP-1883 Signed-off-by: Klement Sekera <ksekera@cisco.com> Change-Id: Icf50a645e114fa3b7bd974f8c82f5ceebfcedcd7
2020-05-21ip: Dual loop error in midchain chksumNeale Ranns1-1/+1
Type: fix Change-Id: Idf7c80b7d81f796bd0512bca4276bcfcf2af241a Signed-off-by: Neale Ranns <nranns@cisco.com>
2020-05-15misc: removed executable bits from source filesRay Kinsella1-0/+0
Identified and removed executable bit from source files in the tree. find . -perm 755 -name *.[ch] -exec chmod a-x {} \; Type: improvement Signed-off-by: Ray Kinsella <mdr@ashroe.eu> Change-Id: I00710d59fcc46ce5be5233109af4c8077daff74b
2020-05-14ip: fix interface ip address del sw_if_index checkyedg4-6/+27
Type: fix Signed-off-by: Ye donggang <yedg@wangsu.com> Change-Id: Ia9f72ff2be455ecd4ff3d16e884c5a50f9df69fe
2020-05-06docs: clean up make docs jobPaul Vinciguerra1-1/+1
Type: docs Change-Id: I9b5e5137eb4c1e89f6e8d7a278cd11a0fd496471 Signed-off-by: Paul Vinciguerra <pvinci@vinciconsulting.com>
2020-05-05api: ip: add IP_ROUTE_LOOKUP APIChristian Hopps2-0/+83
Add an IP_ROUTE_LOOKUP function that does either an exact match or longest prefix match in a given fib table for a given prefix returning the match if present. Add API test. Type: improvement Signed-off-by: Christian Hopps <chopps@labn.net> Change-ID: I67ec5a61079f4acf1349a9c646185f91f5f11806
2020-05-04fib: midchain adjacency optimisationsNeale Ranns2-44/+79
Type: improvement - inline some common encap fixup functions into the midchain rewrite node so we don't incur the cost of the virtual function call - change the copy 'guess' from ethernet_header (which will never happen) to an ip4 header - add adj-midchain-tx to multiarch sources - don't run adj-midchain-tx as a feature, instead put this node as the adj's next and at the end of the feature arc. - cache the feature arc config index (to save the cache miss going to fetch it) - don't check if features are enabled when taking the arc (since we know they are) the last two changes will also benefit normal adjacencies taking the arc (i.e. for NAT, ACLs, etc) for IPSec: - don't run esp_encrypt as a feature, instead when required insert this node into the adj's next and into the end of the feature arc. this implies that encrypt is always 'the last feature' run, which is symmetric with decrypt always being the first. - esp_encrpyt for tunnels has adj-midchain-tx as next node Change-Id: Ida0af56a704302cf2d7797ded5f118a781e8acb7 Signed-off-by: Neale Ranns <nranns@cisco.com>
2020-05-04misc: binary api fuzz test fixesDave Barach2-3/+4
Add a hook to src/vlibapi/api_shared.c to fuzz (screw up) binary API messages, e.g. by xoring random data into them before processing. We specifically exempt client connection messages, and inband debug CLI messages. We step over msg_id, client index, client context, and sw_if_index. Otherwise, "make test" vectors fail too rapidly to learn anything. The goal is to reduce the number of crashes caused to zero. We're fairly close with this patch. Add vl_msg_api_max_length(void *mp), which returns the maximum plausible length for a binary API message. Use it to hardern vl_api_from_api_to_new_vec(...) which takes an additional argument - message pointer - so it can verify that astr->length is sane. If it's not sane, return a u8 *vector of the form "insane astr->length nnnn\0". Verify array lengths in vl_api_dhcp6_send_client_message_t_handler(...) and vl_api_dhcp6_pd_send_client_message_t_handler(...). Add a fairly effective binary API fuzz hook to the unittest plugin, and modify the "make test" framework.py to pass "api-fuzz { on|off }" to enable API fuzzing: "make API_FUZZ=on TEST=xxx test-debug" or similar Type: improvement Signed-off-by: Dave Barach <dave@barachs.net> Change-Id: I0157267652a163c01553d5267620f719cc6c3bde
2020-04-29ip: use thread local vm instead of thread main for vlib_time_now callsTom Seidenberg2-2/+2
Type: fix Change-Id: I8d68e7c7392dcb748a2a84e72c7b1ca0c6c0eb07 Signed-off-by: Tom Seidenberg <tseidenb@cisco.com>
2020-04-28tests: move defaults from defaultmapping to .api filesPaul Vinciguerra1-9/+9
facilitates use of papi beyond the tests. Type: improvement Change-Id: I3d502d9130b81a7fb65ee69bb06fe55802b28a27 Signed-off-by: Paul Vinciguerra <pvinci@vinciconsulting.com>
2020-04-27ip: reassembly: fix one possible use-after-freeGao Feng2-10/+11
When use the kv->v.memory_owner_thread_index as the index to get the reass in pool, maybe this element is freed by the owner thread because of timeout, too many fragments, and so on. So we should check if do_handoff with kv->v.memory_owner_thread_index before get the reass from pool. Type: fix Signed-off-by: Gao Feng <davidfgao@tencent.com> Change-Id: Ie0f1dc368f86d0fd65292ca0c5e1908348015e09
2020-04-24ip: reassembly: improve type safetyKlement Sekera4-30/+24
Type: refactor Change-Id: Ib2d4a11ffa0e1e56ca05705ba8cdf84e6cc66427 Signed-off-by: Klement Sekera <ksekera@cisco.com>
2020-04-24ip: Setting the Link-Local address from the API enables IPv6 on theNeale Ranns4-13/+18
interface Type: fix Signed-off-by: Neale Ranns <nranns@cisco.com> Change-Id: I0b7c189006e30a357cd6be4f3c9c61fded4157cb