summaryrefslogtreecommitdiffstats
path: root/src/vnet/ip
AgeCommit message (Collapse)AuthorFilesLines
2020-03-25ip: Adding IP tables is no MP safeNeale Ranns1-2/+0
Type: fix it was marked MP safe in the CLI (which it shouldn't be) but it it not marked MP safe on the API. Change-Id: I4bdea498a510a8b406d13d62a899b6d03656f7e8 Signed-off-by: Neale Ranns <nranns@cisco.com>
2020-03-24map: fix translation of icmp6 error messagesAlexander Chernavin1-0/+51
Translation of ICMPv6 error messages to ICMP error messages fails because the sender port is not set that leads to securtiy check failure. With this commit, during ICMPv6 error messages translation, get the sender port value from the inner packet. Type: fix Change-Id: I1ee295a3685fab4837172edfb629a699f49afbee Signed-off-by: Alexander Chernavin <achernavin@netgate.com>
2020-03-20ip: provide extern declaration for ip punt nodesJawahar Santosh Gundapaneni2-0/+2
Type: fix Signed-off-by: Jawahar Santosh Gundapaneni <jgundapa@cisco.com> Change-Id: Ife0f7749a72cc834a3d811f8cf6b5a0840157014
2020-03-20ip: ip API types coverity fixJakub Grajciar1-1/+0
Type: fix Signed-off-by: Jakub Grajciar <jgrajcia@cisco.com> Change-Id: I6b2c7550ae5918c27b02b1173533d2042c6c15c7
2020-03-19ip: change ip API enums address_family and ip_proto size to u8Jakub Grajciar4-41/+51
Type: fix Signed-off-by: Jakub Grajciar <jgrajcia@cisco.com> Change-Id: I73d27520726543d6375caad76a841339f68c3533 Signed-off-by: Jakub Grajciar <jgrajcia@cisco.com>
2020-03-17fib: Always install all routers mcast addressesNeale Ranns2-1/+4
Type: improvement Signed-off-by: Neale Ranns <nranns@cisco.com> Change-Id: Ia8dff15855a81cf29729bdaa3ff28fbe3254fa97
2020-03-17ip: ip_address_t uses ip46_address_tNeale Ranns10-182/+325
Type: improvement type re-use. Signed-off-by: Neale Ranns <nranns@cisco.com> Change-Id: Ic2a2e6babf9ae66a1e53aec53a6cd157e1893dc8
2020-03-03geneve gtpu vxlan vxlan-gpe: VRF-aware bypass nodeNick Zavaritsky5-0/+226
Bypass node MUST NOT intercept a packet if destination IP doesn’t match a local address. However IP address interpretation depends on the VRF, hence bypass node must take that into account. This patch also factors-out common VTEP management and checking code. Type: improvement Signed-off-by: Nick Zavaritsky <nick.zavaritsky@emnify.com> Change-Id: I5665d94882bbf45d15f8da140c7ada528ec7fa94
2020-03-03ip: fix coverity warningDave Barach1-9/+5
Type: fix Ticket: VPP-1837 Signed-off-by: Dave Barach <dave@barachs.net> Change-Id: Ifb310d6378c77ed9d3aae994897ca71ba8c44fa2
2020-02-26vat: add ip api types parser definitionsJakub Grajciar1-2/+18
build vat with src/vnet/ip/ip_types_api.c Type: fix Signed-off-by: Jakub Grajciar <jgrajcia@cisco.com> Change-Id: Iab0f18bf7a89cf9512beab0629bc3a349edec383 Signed-off-by: Jakub Grajciar <jgrajcia@cisco.com>
2020-02-26api: improve api string safetyJakub Grajciar1-2/+2
- Remove vl_api_from_api_string to prevent use of not nul-terminated strings. - Rename vl_api_from_api_to_vec -> vl_api_from_api_to_new_vec to imply a new vector is created. NOT nul terminated. - Add vl_api_from_api_to_new_c_string. Returns nul terminated string in a new vector. - Add vl_api_c_string_to_api_string. Convert nul terminated string to vl_api_string_t - Add vl_api_vec_to_api_string. Convert NON nul terminated vector to vl_api_string_t Type: fix Signed-off-by: Jakub Grajciar <jgrajcia@cisco.com> Change-Id: Iadd59b612c0d960a34ad0dd07a9d17f56435c6ea Signed-off-by: Jakub Grajciar <jgrajcia@cisco.com>
2020-02-25vlib: Punt reason allocation listener enable/disable callbackNeale Ranns1-0/+2
Type: improvement allow clients that allocate punt reasons to pass a callback function that is invoked when the first/last client registers to use/listen on that punt reason. This allows the client to perform some necessary configs that might not otherwise be enabled. IPSec uses this callback to register the ESP proto and UDP handling nodes, that would not otherwise be enabled unless a tunnel was present. Change-Id: I9759349903f21ffeeb253d4271e619e6bf46054b Signed-off-by: Neale Ranns <nranns@cisco.com>
2020-02-21ipsec: IPSec protection for multi-point tunnel interfacesNeale Ranns4-16/+97
Type: feature Signed-off-by: Neale Ranns <nranns@cisco.com> Change-Id: Iaba2ab11bfaa1c8db4023434e3043ac39500f938
2020-02-21ip: Unintialized variables in prefx setup (coverity warning)Neale Ranns2-0/+2
Type: fix Change-Id: I048c9ed423ca2993d2179cdce364ac98980311bb Signed-off-by: Neale Ranns <nranns@cisco.com>
2020-02-11vppinfra: remove the historical mheap memory allocatorDave Barach1-4/+0
The mheap allocator has been turned off for several releases. This commit removes the cmake config parameter, parallel support for dlmalloc and mheap, and the mheap allocator itself. Type: refactor Signed-off-by: Dave Barach <dave@barachs.net> Change-Id: I104f88a1f06e47e90e5f7fb3e11cd1ca66467903
2020-02-11sr: update NH value for Ethernet payloadspcamaril1-1/+2
Upon encapsulation of L2 frames, IETF has replaced the NextHeader value from 59 (IPv6 No Next Header) to 143 (Ethernet). https://www.iana.org/assignments/protocol-numbers/protocol-numbers.xhtml Type: fix Signed-off-by: pcamaril <pcamaril@cisco.com> Change-Id: I88aa5590c81d16700ff7a0bbe6337e113179496e Signed-off-by: pcamaril <pcamaril@cisco.com>
2020-02-11ip: fix ip-local errorsFlorin Coras3-3/+4
Type: fix Signed-off-by: Florin Coras <fcoras@cisco.com> Change-Id: Ie8bc5c9a03e858487cf565b4e9b520e6b496337a
2020-02-10ip: more detailed show reassembly commandsVladimir Ratnikov4-7/+33
Options like: expire_walk_interval_ms,max_reassemblies,timeout_ms can be configured via API, but it's impossible to check them using vppctl, but this can be a useful feature Type: feature Signed-off-by: Vladimir Ratnikov <vratnikov@netgate.com> Change-Id: Iac8a96201a7a70b82e9852edc89b819c5d451a58
2020-02-10ip6: fix l4 checksum with hop-by-hop headerMatthew Smith1-13/+23
L4 checksums for IPv6 should be calculated using a pseudo header that includes the source/destination addresses, payload length, and payload protocol. ip6_tcp_udp_icmp_compute_checksum() was using the payload length and protocol from the IPv6 header. If there is a hop-by-hop header (or any other extension header), the payload length used for the pseudo header should only include the upper layer header and payload and not the extension header bytes. Same deal with the protocol, the upper layer next header value should be used instead of the extension header. Type: fix Fixes: cb9cadad57 Change-Id: Ifa2c9ad41c0fc4eea674f0671255b637c8e01f71 Signed-off-by: Matthew Smith <mgsmith@netgate.com>
2020-02-04ip: translate fragmented icmp to fragmented icmp6Alexander Chernavin1-2/+27
The first translated ICMPv6 packet of a fragmented ICMP message does not have a IPv6 fragment header. All subsequent have. With this commit, add a IPv6 fragment header to the first translated ICMPv6 packet. Type: fix Change-Id: Id89409ce7273cbeed801e2e18a09d3e7c3c4e4bc Signed-off-by: Alexander Chernavin <achernavin@netgate.com>
2020-01-30gre: Tunnel encap/decap flagsNeale Ranns1-1/+1
Type: feature common funcitons across IP-in-IP and GRE tunnels for encap/decap functions Signed-off-by: Neale Ranns <nranns@cisco.com> Change-Id: I325b66824878d843af167adfe5a7a96b0ab90566
2020-01-15ip: align reass.save_rewrite_lengthv20.05-rc0Klement Sekera2-16/+0
By aligning vnet_buffer_opaque.ip.save_rewrite_length and vnet_buffer_opaque.ip.reass.save_rewrite_length we prevent shallow virtual reassembly code from overwrite save_rewrite_length, allowing other features down the pipe to rely on this value. A static assert is added to guard this alignment. Type: fix Fixes: f126e746fc01c75bc99329d10ce9127b26b23814 Change-Id: Ie7c7f3abc2a221bbcf2830c0f006a4368088b342 Signed-off-by: Klement Sekera <ksekera@cisco.com>
2020-01-15ip6: during icmp to icmp6 translation truncate error messagesAlexander Chernavin1-2/+2
All translated ICMPv6 packets that exceed the minimal IPv6 MTU get truncated but according to RFC 4443 2.4 only ICMPv6 error messages (type < 128) need to be truncated. With this commit, truncate only ICMPv6 error messages. Type: fix Change-Id: Ic455352de2ff4ff6aa3421b46a2a54923f2d3f80 Signed-off-by: Alexander Chernavin <achernavin@netgate.com>
2020-01-14classify: Reduce the include dependencies on vnet_classify.hNeale Ranns3-1/+2
Type: refactor currently vnet_classify.h is included in ip.h where it's not required. Change-Id: Id55682637601655aa2edda681536a979c8e323bd Signed-off-by: Neale Ranns <nranns@cisco.com>
2020-01-11ip: avoid fib lookup for consecutive pkts having same source IPNitin Saxena1-5/+5
Type: fix Fixes: be2286b0 This patch does following: - If terminating frame has consecutive packets with same source IP, this patch avoids fib lookup for those packets in ip4-local node. This drops cycle count for ip4-local node on both ARM and x86. It being done by enabling dead code in else {} case of ip4_local_check_src_x2() and ip4_local_check_src() functions. - In case all packets in terminating frame have unique source IP (e.g: incrementing), ip4-local is costlier by 2 cycles (broadwell) Change-Id: I472ddc324716cec8bfe601568b8aeb7565f97ab3 Signed-off-by: Nitin Saxena <nsaxena@marvell.com>
2020-01-03ip: API cleanupJakub Grajciar1-25/+26
Use consistent API types. Type: fix Signed-off-by: Jakub Grajciar <jgrajcia@cisco.com> Change-Id: I17b95bba2327049d2b99e59cea79208814a24b22 Signed-off-by: Jakub Grajciar <jgrajcia@cisco.com>
2020-01-03nat: use SVRKlement Sekera7-512/+413
Remove NAT's implementation of shallow virtual reassembly with corresponding CLIs, APIs & tests. Replace with standalone shallow virtual reassembly provided by ipX-sv-reass* nodes. Type: refactor Change-Id: I7e6c7487a5a500d591f6871474a359e0993e59b6 Signed-off-by: Klement Sekera <ksekera@cisco.com>
2020-01-01ip: indent format typo fixNeale Ranns1-8/+6
Type: style Signed-off-by: Neale Ranns <nranns@cisco.com> Change-Id: Idfcd4a363d4582ce69fac83ddc760f2dc4feed52
2019-12-17ip: cleanup punt socket cli helpPaul Vinciguerra1-11/+20
Make the help string consistent with the cli parser. Type: fix Change-Id: I7140bd589c2a94dbf5af5cc633cb495457a6af22 Signed-off-by: Paul Vinciguerra <pvinci@vinciconsulting.com>
2019-12-17ip: Protocol Independent IP NeighborsNeale Ranns21-9426/+1358
Type: feature - ip-neighbour: generic neighbour handling; APIs, DBs, event handling, aging - arp: ARP protocol implementation - ip6-nd; IPv6 neighbor discovery implementation; separate ND, MLD, RA - ip6-link; manage link-local addresses - l2-arp-term; events separated from IP neighbours, since they are not the same. vnet retains just enough education to perform ND/ARP packet construction. arp and ip6-nd to be moved to plugins soon. Change-Id: I88dedd0006b299344f4c7024a0aa5baa6b9a8bbe Signed-off-by: Neale Ranns <nranns@cisco.com>
2019-12-16vppinfra: bihash walk cb typedef and continue/stop controlsNeale Ranns5-7/+13
Type: feature Change-Id: I28f7a658be3f3beec9ea32635b60d1d3a10d9b06 Signed-off-by: Neale Ranns <nranns@cisco.com>
2019-12-13ip: SVR: fix wrong return valueKlement Sekera2-2/+2
Type: fix Change-Id: I9498b660bf2045bb6aac96d19bb9456a14b35847 Signed-off-by: Klement Sekera <ksekera@cisco.com>
2019-12-10ip: use explicit types in apiOle Troan1-73/+74
Type: fix Signed-off-by: Ole Troan <ot@cisco.com> Change-Id: I1fd190da28a765ba430952539c291a741aaa3dce
2019-12-10api: multiple connections per processDave Barach3-3/+3
Type: feature Signed-off-by: Dave Barach <dave@barachs.net> Change-Id: I2272521d6e69edcd385ef684af6dd4eea5eaa953
2019-12-08ip: coverity fixjohny1-8/+6
Delete Null-checking "p0" in function ip6_tcp_udp_icmp_bad_length, because it's not necessary. Type: fix Signed-off-by: johny <jan.cavojsky@pantheon.tech> Change-Id: I2bf43a60c1c1d76e42581df27f2285c9e9563093
2019-12-05ip: fix cancel termination after receive malformed ip6 packetjohny2-5/+68
This fix is for cancel termination of vpp after receive malformed packet type of ip6.To avoid termination of vpp are checked if are missing data in packet. This occours, when payload length in ip6 header packet is more than real count of data in packet. When this error occours, packet is ignore. Type: fix Ticket: VPP-1693, VPP-1694 Change-Id: I9d9ecea7b75c8702cb31aa8051c8d4d7ce19659d Signed-off-by: johny <jan.cavojsky@pantheon.tech>
2019-12-04fib: Decouple source from priority and behaviourNeale Ranns1-1/+1
Type: feature the fib_source_t enum alone no longer defines the priority and behaviour, instead each source must be allocated these attributes. This allows the creation of other sources by the plugins (and soon over the API). Signed-off-by: Neale Ranns <nranns@cisco.com> Change-Id: I890ee820fbc16079ee417ea1fbc163192806e853
2019-12-04gso: remove the interface countMohsin Kazmi2-29/+13
Type: refactor Change-Id: I51405b9d09fb6fb03d08569369fdd4e11c647908 Signed-off-by: Mohsin Kazmi <sykazmi@cisco.com>
2019-12-04ip6: Fix improper MCAST adj test in IPv6 router solicitationJon Loeliger1-1/+1
Type: fix Fixes: cb9cadad578297ffd78fa8a33670bdf1ab669e7e Change-Id: Id6de9780da41db5d762fe042f533cfaf21ed7b73 Reported-by: Rajith PR <rajith@rtbrick.com> Signed-off-by: Jon Loeliger <jdl@netgate.com>
2019-12-04ip: populate ip_reassembly_get_reply correctlyMatthew Smith1-3/+4
Type: fix Fixes: de34c35fc The API handler for requests to retrieve IP reassembly settings was modified to support shallow virtual reassembly. It retrieves settings into local variables now instead of directly into the reply message. The fields in the reply message were not being populated using those variables. So the reply message was being sent with all 0's, except in the is_ip6 field. Also, the max_reassembly length field in the reply message was not being populated. Change-Id: I80b071340fdc190c3a0b1f7294a03f14b6e00ecc Signed-off-by: Matthew Smith <mgsmith@netgate.com>
2019-12-03fib: constify the adjacency in the rewrite nodesNeale Ranns2-2/+2
Type: refactor Signed-off-by: Neale Ranns <nranns@cisco.com> Change-Id: I3aad20b35d89fc541fdf185096d71ca12b09a6e2
2019-12-03ipip: Tunnel flags controlling copying data to/from payload/encapNeale Ranns5-2/+146
Type: feature Signed-off-by: Neale Ranns <nranns@cisco.com> Change-Id: I9467f11775936754406892b8e9e275f989ac9b30
2019-11-27ip: init l3_hdr_offset when pushing an ip4 headerFlorin Coras1-6/+4
Type: fix Change-Id: I87503b9a981724b1f3ff1c45a4a5f7a43024ca76 Signed-off-by: Florin Coras <fcoras@cisco.com>
2019-11-26fib: Table ReplaceNeale Ranns2-131/+126
Type: feature from the API doc, a table replace is: " The use-case is that, for some unspecified reason, the control plane has a very different set of entries it wants in the table than VPP currently has. The CP would thus like to 'replace' VPP's current table only by specifying what the new set of entries shall be, i.e. it is not going to delete anything that already eixts. the CP delcartes the start of this procedure with this begin_replace API Call, and when it has populated all the entries it wants, it calls the below end_replace API. From this point on it is of coursce free to add and delete entries as usual. The underlying mechanism by which VPP implements this replace is purposefully left unspecified. " In the FIB, the algorithm is implemented using mark and sweep. Algorithm goes: 1) replace_begin: this marks all the entries in that table as 'stale' 2) download all the entries that should be in this table - this clears the stale flag on those entries 3) signal the table converged: ip_table_replace_end - this removes all entries that are still stale this procedure can be used when an agent first connects to VPP, as an alternative to dump and diff state reconciliation. Change-Id: I168edec10cf7670866076b129ebfe6149ea8222e Signed-off-by: Neale Ranns <nranns@cisco.com>
2019-11-15tests: Remove the unrequired VPP IP address/prefix class wrappersNeale Ranns1-2/+2
Type: refactor Change-Id: I204f3f8eebc5f5d5a377e91262f91c615fd00168 Signed-off-by: Neale Ranns <nranns@cisco.com>
2019-11-12ip: IP address and prefix types (moved from LISP)Neale Ranns3-16/+386
Type: refactor Change-Id: I2c6b59013bfd21136a2955442c779685f951932b Signed-off-by: Neale Ranns <nranns@cisco.com>
2019-11-11ip: functional interface to ip fragmentationOle Troan4-159/+98
This provides a functional interface to IP fragmentation. Allowing external features to fragment. Supports arbitrary encap size, for e.g. MPLS or inner fragmentation of tunnels. This also removed dual loop in MAP that was fundamentally broken. Type: fix Signed-off-by: Ole Troan <ot@cisco.com> Change-Id: Ia89ecec8ee3cbe2416edbe87630fdb714898c2a8 Signed-off-by: Ole Troan <ot@cisco.com>
2019-11-10dhcp: ipv6 prefix delegation improvementsDave Barach1-1/+17
Autoconfigure router advertisements for delegated prefixes. Clean up a longstanding issue. If vpp receives a dhcpv6 renew reply, do NOT reset per-delegated-prefix timers. That prevented vpp from sending a solicit to renew the delegation on time. That, in turn caused the RA code to send advertisements with valid_time = preferred_time = 0. That causes almost any downstream client to throw away its delegated address. Miscellaneous changes o src/vnet/ip/ip6_neighbor.c - always memset elements allocated from pools to zero. DGMS. o Remove debug spew from the ipv6 connection-tracker plugin Type: feature Signed-off-by: Dave Barach <dave@barachs.net> Change-Id: I428feccdc47efdc413898600e0d62916928a6eb7
2019-11-06tcp: IPv6 flow label supportTarun Gupta1-4/+25
Type:feature For cases when proxy is in use IPv6 flow label received in origin pkt needs to be added to ipv6 header of outgoing pkts from proxy to original destination and vice versa. Signed-off-by: Tarun Gupta <tarungup@cisco.com> Change-Id: I143f7e67237c0f865333078628a016b50ad5e630 Signed-off-by: Tarun Gupta <tarungup@cisco.com>
2019-11-05ip: Fragmentation fixesNeale Ranns5-115/+155
Type: fix if the packet is about to be fragmented, then don't call any of the actions that expect the rewrite to have been written. 1) don't double count packets thru the adjacency (original & fragments) 2) don't double decrement the TTL for fragments 3) return to ip4-midchain post ip-frag if that's where we started. 4) only run midchain/mcast fixups if not fragmenting (if no errors) Change-Id: Ib2866787a42713ee5871b87b597d8f74b901044b Signed-off-by: Neale Ranns <nranns@cisco.com>