summaryrefslogtreecommitdiffstats
path: root/src/vnet/ip
AgeCommit message (Collapse)AuthorFilesLines
2019-07-31ip: Ensure reassembly runs before IPSec decrypt.Neale Ranns2-2/+6
Type: fix Change-Id: I01eeedf8d5015b07b9422c65afe78bfe8177c22c Signed-off-by: Neale Ranns <nranns@cisco.com>
2019-07-31fib: fix calls to unformat_fib_pathNeale Ranns2-2/+4
Type: fix Ticket: 1728 Change-Id: I679c2b8c5b0f751c9476db3669ab3f6c26dcdd28 Signed-off-by: Neale Ranns <nranns@cisco.com>
2019-07-26dhcp ip: DSCP settings for transmitted DHCP packetsNeale Ranns7-5/+74
Type: feature - Define the ip_dscp_t and use in the IP headers - Add DSCP setting to the DHCP client for use with packet TX Change-Id: If220dde0017ea78793747d65f53e11daf23a28fa Signed-off-by: Neale Ranns <nranns@cisco.com>
2019-07-19ip: admin change affects intf IPv4 addr routesMatthew G Smith1-7/+53
Type: feature When admin status is changed on an interface, add or delete the routes for the IPv4 addresses configured on that interface. This is already being done for IPv6 interface addresses. Change-Id: Ib1e7dc49c499921dd287e075640243520ffa5589 Signed-off-by: Matthew Smith <mgsmith@netgate.com>
2019-07-14api: add DSCP definitions to ip_types.apiPaul Vinciguerra1-0/+46
- also adds ecn definitions. Type: feature Change-Id: Id98d9ae57289425fcfed367f426442173ef4e882 Signed-off-by: Paul Vinciguerra <pvinci@vinciconsulting.com>
2019-07-12ip: Trace the packet from the punt nodeNeale Ranns1-7/+14
Type: feature Change-Id: I01f1cc53efc93b0a7bb588ea6db89a53c971a3f5 Signed-off-by: Neale Ranns <nranns@cisco.com>
2019-07-12ip ipsec: Remove IPSec SPI-0 punt reasonNeale Ranns2-7/+22
Type: fix There's no call for an SPI-0 punt reason with UDP encap, since it's only with UDP encap that the ambiguity between IKE or IPSEC occurs (and SPI=0 determines IKE). Enhance the punt API to dum ponly the reason requested, so a client can use this as a get-ID API Change-Id: I5c6d72b03885e88c489117677e72f1ef5da90dfc Signed-off-by: Neale Ranns <nranns@cisco.com>
2019-07-11ip: Punt node does not free iovecsNeale Ranns3-11/+22
Type: fix Fixes: f7a55ad74c Change-Id: Ic3474e746887f880a8f6246bebc399715bac8e80 Signed-off-by: Neale Ranns <nranns@cisco.com>
2019-07-10ip: fix show ip neigh vector read overflowBenoît Ganne2-19/+24
Both format_ethernet_arp_ip4_entry() and format_ip6_neighbor_ip6_entry() used %s to format flags which is a vector and not a null-terminated C-string. Introduce format_ip_neighbor_flags() instead. Type: fix Fixes: 102ec52bc4 Change-Id: I0c9349fefbeb76471933de358acceb50512a21aa Signed-off-by: Benoît Ganne <bganne@cisco.com>
2019-07-09vppinfra: allocate bihash virtual space on demandDave Barach2-0/+2
Reduces the vpp image virtual size by multiple gigabytes Add a "show bihash" command which displays configured and current virtual space in use by bihash tables. Modify the .py test framework to call "show bihash" on test tear-down Type: refactor Change-Id: Ifc1b7e2c43d29bbef645f6802fa29ff8ef09940c Signed-off-by: Dave Barach <dave@barachs.net>
2019-07-08ip: retain local interface address adjacencyMatthew Smith1-6/+24
Type: feature ip4_local_check_src() was overwriting vnet buffer opaque data on the adjacency for packets with "local" (dpo-receive) destination addresses. Retain the dpo receive index in vnet_buffer()->adj_index[VLIB_TX]. This can allow a graph node to distinguish the interface where the destination address is configured from the interface where the packet was received. This can be useful in correctly handling packets that have been sent to an address configured on a loopback interface. Change-Id: I52a942e85b5302b338a2d0404a37c5ea1a99e89f Signed-off-by: Matthew Smith <mgsmith@netgate.com>
2019-07-05sctp: move to plugins, disabled by defaultFlorin Coras3-20/+11
Removed sctp buffer metadata from vnet/buffer.h, added it to the plugin. Add registration APIs for plugin-based vlib_buffer_opaque / opaque2 decoders, used by "pcap dispatch trace ..." for display in the wireshark dissector. Type:refactor Not actively maintained. Change-Id: Ie4cb6ba66f68b3b3a7d7d2c63c917fdccf994371 Signed-off-by: Florin Coras <fcoras@cisco.com> Signed-off-by: Dave Barach <dave@barachs.net>
2019-07-03fib: allow route delete with no paths and multipath=0 to remove theNeale Ranns1-10/+5
whole route Type: fix Fixes: 097fa66b Change-Id: I017ab5797670eb278c27c6e306cd8cadaacddf9d Signed-off-by: Neale Ranns <nranns@cisco.com>
2019-07-01ip: fix ip lookup for armFlorin Coras1-27/+10
Type:fix Fixes: cb54e3c Change-Id: I3120eaabdc00a6c1248cf7eb81f2075983836dfd Signed-off-by: Florin Coras <fcoras@cisco.com>
2019-06-28ip: ip-lookup - remove the dead codeNeale Ranns2-65/+27
Type: refactor Change-Id: I791cc63e989df049104420faf74fc28f965b6648 Signed-off-by: Neale Ranns <nranns@cisco.com>
2019-06-26api: refactor format_vl_api_prefix_t return keysPaul Vinciguerra2-5/+5
format_vl_api_prefix_t returns a dict with keys 'address' and 'address_length', but other format_vl_api_prefix functions return a dict with 'prefix', and 'len'. Refactor all format_vl_api_prefix_t to return consistent keys 'address' and 'len'. Type: refactor Change-Id: I5f9558fc2da8742a303266e011102f5b2db80aad Signed-off-by: Paul Vinciguerra <pvinci@vinciconsulting.com>
2019-06-26api: Remove the inlines file and replace with library functionsNeale Ranns1-1/+0
using inlines exposes the users to the internal data types used by VPP, namely vec.h. This file does not compile with a C++ compiler. Type: feature Change-Id: I1544fdd9eae998309f865df61df78571bdb96903 Signed-off-by: Neale Ranns <nranns@cisco.com>
2019-06-24vlib: packet tracer support for pkt thread handoffsDave Barach2-37/+3
Type: feature Change-Id: Ia3d9a47679202c2a47cd3746b50e86c6b8627ef6 Signed-off-by: Dave Barach <dave@barachs.net>
2019-06-18ipsec: ipsec-tun protectNeale Ranns1-1/+16
please consult the new tunnel proposal at: https://wiki.fd.io/view/VPP/IPSec Type: feature Change-Id: I52857fc92ae068b85f59be08bdbea1bd5932e291 Signed-off-by: Neale Ranns <nranns@cisco.com>
2019-06-18fib: fib api updatesNeale Ranns4-1052/+396
Enhance the route add/del APIs to take a set of paths rather than just one. Most unicast routing protocols calcualte all the available paths in one run of the algorithm so updating all the paths at once is beneficial for the client. two knobs control the behaviour: is_multipath - if set the the set of paths passed will be added to those that already exist, otherwise the set will replace them. is_add - add or remove the set is_add=0, is_multipath=1 and an empty set, results in deleting the route. It is also considerably faster to add multiple paths at once, than one at a time: vat# ip_add_del_route 1.1.1.1/32 count 100000 multipath via 10.10.10.11 100000 routes in .572240 secs, 174751.80 routes/sec vat# ip_add_del_route 1.1.1.1/32 count 100000 multipath via 10.10.10.12 100000 routes in .528383 secs, 189256.54 routes/sec vat# ip_add_del_route 1.1.1.1/32 count 100000 multipath via 10.10.10.13 100000 routes in .757131 secs, 132077.52 routes/sec vat# ip_add_del_route 1.1.1.1/32 count 100000 multipath via 10.10.10.14 100000 routes in .878317 secs, 113854.12 routes/sec vat# ip_route_add_del 1.1.1.1/32 count 100000 multipath via 10.10.10.11 via 10.10.10.12 via 10.10.10.13 via 10.10.10.14 100000 routes in .900212 secs, 111084.93 routes/sec Change-Id: I416b93f7684745099c1adb0b33edac58c9339c1a Signed-off-by: Neale Ranns <neale.ranns@cisco.com> Signed-off-by: Ole Troan <ot@cisco.com> Signed-off-by: Paul Vinciguerra <pvinci@vinciconsulting.com>
2019-06-18api: string type to convert to vectorOle Troan1-0/+1
Previous use of strndup() required user to remember to call free(). Now return a vector pointing directly to the API message string. Of course user must remember to copy the string out if lifetime is longer than API message lifetime. Change-Id: Ib5e2b3d52d258e1a42ea9ea9a9e04abbe360e2bf Type: fix Signed-off-by: Ole Troan <ot@cisco.com>
2019-06-18ip: reassembly-separate feature and custom codeKlement Sekera2-62/+65
This change is made fix a crash, because is_feature flag semantics turn out to be different from "custom app code" semantics. Introduce a flag which custom plugins/apps can use to instead of tying that code to is_feature flag. Change-Id: Ief5898711e68529f9306cfac54c4dc9b3650f9e3 Ticket: N/A Type: fix Fixes: 21aa8f1022590b8b5caf819b4bbd485de0f1dfe5 Signed-off-by: Klement Sekera <ksekera@cisco.com> Signed-off-by: Ole Troan <ot@cisco.com>
2019-06-17ip: consolidate IPv6 link-local-address functions.Jon Loeliger2-18/+1
Two codes diverged in the packet processor And sorry I could not use them both Long I stood being but one developer And studied one as far as I could To where the code said bitwise OR Then took the other, as just could see, And having perhaps the better bit, Because it followed the RFC And used the cryptic XOR in C, Had run them both a fair bit. And both equally ran that morning With packets dropped and flowing. Oh, I flagged the first for dropping! Yet knowing bug leads to debuging I hoped I'd never be returning. I shall be commiting this with a sigh Somewhere ages and ages hence: Two codes diverged by a bit, and I, I made the packets flow on by, And that has made all the difference. Type: fix Change-Id: If2698726d5501fde76211994f8efc37119345352 Signed-off-by: Jon Loeliger <jdl@netgate.com>
2019-06-11ip: punt coverity fix of CLI inputNeale Ranns1-1/+4
Type: fix Change-Id: Ia73cbe2fba0a364d966daed0b5d5d2ac7499f86d Signed-off-by: Neale Ranns <nranns@cisco.com>
2019-06-07ip: ip4 lookup performance bump with the usual receipeNeale Ranns1-435/+378
2.77e1 v. 2.81e1 Type: performance Change-Id: I896ec77818603f17aaa622073dafc626570326f1 Signed-off-by: Neale Ranns <nranns@cisco.com>
2019-06-06IP-Punt-redirect: allow the use of a FIB path to describe how toNeale Ranns7-383/+429
redirect Change-Id: I2a3ba2a3d73ea8511e3a511855b041432328f0a8 Signed-off-by: Neale Ranns <nranns@cisco.com>
2019-06-06reassembly: support more custom options for appsKlement Sekera2-49/+145
Change-Id: Ib9f98fba5a724480ca95f11a762002c53e08df70 Signed-off-by: Klement Sekera <ksekera@cisco.com>
2019-06-04punt: fix the set_punt API/CLI which was rejecting valid portsNeale Ranns1-11/+11
add a UT for the API Change-Id: I93fb6ec2c5f74b991bf7f229250a30c0395b8e24 Signed-off-by: Neale Ranns <nranns@cisco.com>
2019-06-04Punt: specify packets by IP protocol TypeNeale Ranns11-38/+282
Change-Id: I0c2d6fccd95146e52bb88ca4a6e84554d5d6b2ed Signed-off-by: Neale Ranns <nranns@cisco.com>
2019-06-03ARP: add feature arcNeale Ranns3-17/+25
- arp-input, registered with the ethernet protocol dispatcher, performs basic checks and starts the arc - arp-reply; first feature on the arc replies to requests and learns from responses (no functional change) - arp-proxy; checks against the proxy DB arp-reply and arp-proxy are enabled when the interface is appropriately configured. Change-Id: I7d1bbabdb8c8b8187cac75e663daa4a5a7ce382a Signed-off-by: Neale Ranns <nranns@cisco.com>
2019-05-31VPP-1692: move NULL pointer checkDave Barach1-5/+5
TBH, this looks like merge damage or some such. Perfectly fine NULL pointer check, about three lines after it was needed. Change-Id: I52831062e30533a59fb76b644ee5ae389676d2ae Signed-off-by: Dave Barach <dave@barachs.net>
2019-05-30IP load-balance; perf improvement using the usual reciepeNeale Ranns2-305/+233
before and after: ip4-load-balance 1.54e1 ip4-load-balance 1.36e1 p.s. Quad loops were not beneficial Change-Id: I7bc01fc26288f0490af74db2b1b7993526c3d982 Signed-off-by: Neale Ranns <nranns@cisco.com>
2019-05-28Punt: socket register for exception dispatched/punted packets based on reasonNeale Ranns11-796/+1474
- add to the Punt API to allow different descriptions of the desired packets: UDP or exceptions - move the punt nodes into punt_node.c - improve tests (test that the correct packets are punted to the registered socket) Change-Id: I1a133dec88106874993cba1f5a439cd26b2fef72 Signed-off-by: Neale Ranns <nranns@cisco.com>
2019-05-28Add an ip6 local hop-by-hop protocol demux tableDave Barach3-22/+341
Add a minimal ip6 hbh header processing test. ioam plugin: use ip6_local_hop_by_hop_register_protocol() in udp_ping_init(). Please test the ioam plugin udp_ping path AYEC, so I can publish the patch. Change-Id: I74e35276d6c38c31022026cfd238fad5e4a54485 Signed-off-by: Dave Barach <dave@barachs.net>
2019-05-24ip4/6-reassembly fixesVijayabhaskar Katamreddy2-2/+11
When multichained fragments comes into reassembly, followed by buffer Linearization or dropping the buffer for other reasons inbetween disturbs the multichained mbuf linking. When packet is transmitted, followed by freeing of the buffers, woudl result in double free and packet corruptions Change-Id: Ib5711d54e61fdd6a67deb30dad0b2a14afb9c2da Signed-off-by: Vijayabhaskar Katamreddy <vkatamre@cisco.com>
2019-05-24Remove historical ip4 icmp OAM codeDave Barach1-0/+7
Add a registration overwritten warning to ip4_icmp_register_type(...) Change-Id: I6c2aabdb979b54ec49e827225acc74559ac4caab Signed-off-by: Dave Barach <dave@barachs.net>
2019-05-23Optimize codejackiechen19851-9/+4
Replace enqueue code with marcro vlib_validate_buffer_enqueue_x1 Change-Id: I4b454b1d73fa5adbaf5f40cf45dc8975878ac93b Signed-off-by: jackiechen1985 <xiaobo.chen@tieto.com>
2019-05-22stats: support multiple works for error countersOle Troan1-24/+0
The current code only allowed access to the main thread error counters. That is not so useful for a multi worker instance. No return a vector indexed by thread of counter_t values. Type: fix Change-Id: Ie322c8889c0c8175e1116e71de04a2cf453b9ed7 Signed-off-by: Ole Troan <ot@cisco.com>
2019-05-20reassembly: prevent long chain attackKlement Sekera8-13/+86
limit max # of fragments to 3 per packet by default add API option to configure the limit at runtime Change-Id: Ie4b9507bf5c6095b9a5925972b37fe0032f4f9e8 Signed-off-by: Klement Sekera <ksekera@cisco.com>
2019-05-16init / exit function orderingDave Barach1-41/+19
The vlib init function subsystem now supports a mix of procedural and formally-specified ordering constraints. We should eliminate procedural knowledge wherever possible. The following schemes are *roughly* equivalent: static clib_error_t *init_runs_first (vlib_main_t *vm) { clib_error_t *error; ... do some stuff... if ((error = vlib_call_init_function (init_runs_next))) return error; ... } VLIB_INIT_FUNCTION (init_runs_first); and static clib_error_t *init_runs_first (vlib_main_t *vm) { ... do some stuff... } VLIB_INIT_FUNCTION (init_runs_first) = { .runs_before = VLIB_INITS("init_runs_next"), }; The first form will [most likely] call "init_runs_next" on the spot. The second form means that "init_runs_first" runs before "init_runs_next," possibly much earlier in the sequence. Please DO NOT construct sets of init functions where A before B actually means A *right before* B. It's not necessary - simply combine A and B - and it leads to hugely annoying debugging exercises when trying to switch from ad-hoc procedural ordering constraints to formal ordering constraints. Change-Id: I5e4353503bf43b4acb11a45fb33c79a5ade8426c Signed-off-by: Dave Barach <dave@barachs.net>
2019-05-10Update ping cli .short_help.Paul Vinciguerra1-2/+2
Change-Id: I5c414a158a8a6b243128127c608ab0fbb5a9405b Signed-off-by: Paul Vinciguerra <pvinci@vinciconsulting.com>
2019-05-06ip4_load_balance: leverage vlib_get_buffersZhiyong Yang1-13/+11
vlib_get_buffers can save 1.2 clocks/pkt from 16.1 to 14.9 clocks/pkt on Skylake. Change-Id: I79d8b58b192280af5e5a5f73562b6301e1821cec Signed-off-by: Zhiyong Yang <zhiyong.yang@intel.com>
2019-04-30reassembly: avoid race-conditionsKlement Sekera1-12/+26
Change-Id: Ibf5c283217a985e43a562f1969573eeb26ee6017 Signed-off-by: Klement Sekera <ksekera@cisco.com>
2019-04-24ip4_lookup_inline: leverage vlib_get_buffers to improve perfZhiyong Yang1-32/+27
vlib_get_buffers can save at least 1.2 clocks/pkt for ip4_lookup_inline on Haswell. Change-Id: I730fc346cec4d2eb5ca364308e45268bda4d5f89 Signed-off-by: Zhiyong Yang <zhiyong.yang@intel.com>
2019-04-14ip4: don't format upper layer if it's a fragmentfaicker.mo1-0/+3
Parsing ipv4 upper layer is not meaningful if it's a fragment packet except the first. Change-Id: I442fb7ec01244fde8c4f7656a8ba633d0aa0f97e Signed-off-by: Faicker Mo <faicker.mo@ucloud.cn>
2019-04-10API: Fix shared memory only action handlers.Ole Troan1-5/+4
Some API action handlers called vl_msg_ai_send_shmem() directly. That breaks Unix domain socket API transport. A couple (bond / vhost) also tried to send a sw_interface_event directly, but did not send the message to all that had registred interest. That scheme never worked correctly. Refactored and improved the interface event code. Change-Id: Idb90edfd8703c6ae593b36b4eeb4d3ed7da5c808 Signed-off-by: Ole Troan <ot@cisco.com>
2019-04-10Make tcp/udp/icmp compute checksum safer for buffer-chain caseJohn Lo2-2/+2
Change-Id: I046e481a67fbeffdaa8504c8d77d232b986a61ee Signed-off-by: John Lo <loj@cisco.com>
2019-04-08fixing typosJim Thompson4-7/+7
Change-Id: I215e1e0208a073db80ec6f87695d734cf40fabe3 Signed-off-by: Jim Thompson <jim@netgate.com>
2019-03-28Punt InfraNeale Ranns1-2/+2
A punt/exception path that provides: 1) clients that use the infra 2) clients can create punt reasons 3) clients can register to recieve packets that are punted for a given reason to be sent to the desired node. 4) nodes which punt packets fill in the {reason,protocol} of the buffere (in the meta-data) and send to the new node "punt-dispatch" 5) punt-dispatch sends packets to the registered nodes or drops Change-Id: Ia4f144337f1387cbe585b4f375d0842aefffcde5 Signed-off-by: Neale Ranns <nranns@cisco.com>
2019-03-28IPSEC: run encrpyt as a feautre on the tunnelNeale Ranns2-14/+42
Change-Id: I6527e3fd8bbbca2d5f728621fc66b3856b39d505 Signed-off-by: Neale Ranns <nranns@cisco.com>