Age | Commit message (Collapse) | Author | Files | Lines |
|
*** CID 243670: Memory - illegal accesses (OVERRUN)
/src/vnet/ip/ip6_packet.h: 713 in ip6_ext_header_walk()
CID 243670: Memory - illegal accesses (OVERRUN)
Overrunning array "res->eh" of 4 4-byte elements at
element index 5 (byte offset 23) using index "i" (which evaluates to 5).
Type: fix
Fixes: 03092c1
Change-Id: I27e0435cf10534f3b41e11bf7a5629b5428b0651
Signed-off-by: Ole Troan <ot@cisco.com>
|
|
fib_table->ft_locks
name string for parsing the ip table add|del name <tag> command
path list for ip4_specials in mfib
mfib->fib_entry_by_dst_address[0..32]
mfib entry path_ext, msrc->mfes_exts
Type: fix
Signed-off-by: Steven Luong <sluong@cisco.com>
Change-Id: Ia1e0cac577a73608ee1e4b1664b60a66322e81ce
|
|
Type: improvement
Change-Id: Ib39478a2e6991d721c4ba3ea61c97bfb07238016
Signed-off-by: Damjan Marion <damarion@cisco.com>
|
|
There could be a race condition where two fragments of one chain end up
at the same time on different workers, one overwriting others hash
entry. Add a check for that and restart processing on the unlucky worker
who ends up being second from hash table POV. This will then result in a
proper handover to worker now owning this reassembly.
Type: fix
Fixes: de34c35fc73226943538149fae9dbc5cfbdc6e75
Signed-off-by: Klement Sekera <ksekera@cisco.com>
Change-Id: I9eb29c5cb1ffe3b5eb1d5a638e17ab7ba2628d28
|
|
When a message is received, verify that it's sufficiently large to
accomodate any VLAs within message. To do that, we need a way to
calculate message size including any VLAs. This patch adds such
funcionality to vppapigen and necessary C code to use those to validate
message size on receipt. Drop messages which are malformed.
Type: improvement
Signed-off-by: Klement Sekera <ksekera@cisco.com>
Change-Id: I2903aa21dee84be6822b064795ba314de46c18f4
|
|
Zero length fragments are invalid and should be dropped. This patch adds
that.
Type: improvement
Change-Id: Ic6466c39ca8bf376efe06bb3b7f5d7f1ae812866
Signed-off-by: Klement Sekera <ksekera@cisco.com>
|
|
If a fragment arrives with fragment offset = 0 and M = 0, it means that
this is actually a complete packet and per RFC 8200, it should be
treated independently from other fragments. This patch does that.
Fragmentation header is stripped and fragment is forwarded irregardles
of other existing reassemblies in case of full reassembly and treated
the same way as regular packet in shallow virtual reassembly.
Type: improvement
Change-Id: If3322d5e3160cd755b8465a642702a9166d46cc2
Signed-off-by: Klement Sekera <ksekera@cisco.com>
|
|
Refactor and improve boundary checking on IPv6 extension header handling.
Limit parsing of IPv6 extension headers to a maximum of 4 headers and a
depth of 256 bytes.
Type: fix
Signed-off-by: Ole Troan <ot@cisco.com>
Change-Id: Ide40aaa2b482ceef7e92f02fa0caeadb3b8f7556
Signed-off-by: Ole Troan <ot@cisco.com>
|
|
Type: fix
When registering a new FIB node type, no name was required on the API, and so no name was printed.
Signed-off-by: Neale Ranns <neale@graphiant.com>
Change-Id: I8a99cf29c194637a550061b0a5e9782ffe8b31dd
|
|
Fixing the mutliarch versions of vxlan, geneve and friends. Ensures that
main struct is correctly sized for all multiarch permutations.
Type: fix
Fixes: 290526e3c
Signed-off-by: Ray Kinsella <mdr@ashroe.eu>
Change-Id: I7c4c435763a5dcb0c3b429cd4f361d373d480c03
|
|
On interface delete we were not removing
the lock taken by a previous ip_table_bind()
call thus preventing the VRFs to be removed.
Type: fix
Change-Id: I11abbb51a09b45cd3390b23d5d601d029c5ea485
Signed-off-by: Nathan Skrzypczak <nathan.skrzypczak@gmail.com>
|
|
Type: improvement
make the ip_prefix_cmp take const paramenters.
plus some other miscellaneous functions.
Signed-off-by: Neale Ranns <neale@graphiant.com>
Change-Id: Ib69bacfb09483a8a8f8b89900c92d3d55c354ac6
|
|
The node ip6_not_enabled should be marked as sibling of
ip6-drop as both are start nodes of the ip6-drop arc.
Type: fix
Signed-off-by: Paul Atkins <patkins@graphiant.com>
Change-Id: I212c25444a81b11d8085ba7930ddb67b47502d5c
|
|
Type: feature
Signed-off-by: Filip Tehlar <ftehlar@cisco.com>
Change-Id: I817b1503ada1ae53c1134a85263f9b801d74e88a
|
|
Type: improvement
Change-Id: Id5810b7f4a6d6e4ce16b73c235b50db5d475ebf7
Signed-off-by: Damjan Marion <damarion@cisco.com>
|
|
Encounter a crash for the line
shrx edi,eax,edi
in ip_csum_fold. The target cpu is ivy bridge which does not support
shrx instruction.
Type: fix
Fixes: e6709ff37dc0f3a58ed5ad98aace73fe801f1e9d
Signed-off-by: Steven Luong <sluong@cisco.com>
Change-Id: Icc922d3b2ebfcfa721f63946a213b6c492874a9a
|
|
Type: improvement
Signed-off-by: Florin Coras <fcoras@cisco.com>
Change-Id: I43f6bfa028ee37227f27a2fe0303662bf2631b10
|
|
Type: refactor
Change-Id: Ia8e8834b635025d07e1028b1d5779b21c4e05e58
Signed-off-by: Damjan Marion <damarion@cisco.com>
|
|
Refactor code so that code is inlined in one place instead of in
multiple to speed up compilation.
Type: refactor
Change-Id: I41357b89715b66ebdc8c0d5ccd69347a254fc266
Signed-off-by: Klement Sekera <ksekera@cisco.com>
|
|
Check if L4 headers are truncated and if so, set a flag for (future)
consumers instead of reading/writing garbage data.
Type: fix
Fixes: de34c35fc73226943538149fae9dbc5cfbdc6e75
Change-Id: I0b656ec103a11c356b98a6f36cad98536a78d1dc
Signed-off-by: Klement Sekera <ksekera@cisco.com>
|
|
Remove unnecessary NULL check of t0, which causes coverity to scream. t0
is always initilised to *something* by doing pool_elt_at_index().
Type: fix
Signed-off-by: Klement Sekera <ksekera@cisco.com>
Change-Id: I7cf21767c43a24923e490ad40622743c17142fe2
|
|
Change-Id: I102f84d6d72a7f17e62fb8c16a1d4a3234753476
Type: fix
Signed-off-by: Damjan Marion <damarion@cisco.com>
|
|
New code seems to be 1.5 clocks faster.
old:
mov eax,edi
shr rdi,0x20
add rdi,rax
movzx edx,di
shr rdi,0x10
add rdx,rdi
movzx eax,dx
shr rdx,0x10
add rax,rdx
mov rdx,rax
shr rdx,0x10
add eax,edx
new:
mov rax,rdi
shr rax,0x20
add eax,edi
mov edi,0x10
shrx edi,eax,edi
adc ax,di
adc ax,0x0
Type: improvement
Change-Id: I3c565812c67ff4c3db197a9d4137a6c131b5b66c
Signed-off-by: Damjan Marion <damarion@cisco.com>
|
|
When an mfib entry was created with both paths and entry_flags then
the entry flags were being ignored. If there are no paths then the
flags were passed into mfib_table_entry_update, but in the case where
the entry didn't exist and there were paths and flags, the entry was
created within mfib_table_entry_paths_update() which used a default
of MFIB_ENTRY_FLAG_NONE.
Pass the flags through into the mfib_table_entry_paths_update fn. All
existing callers other than the create case will now pass in
MFIB_ENTRY_FLAG_NONE.
Type: fix
Signed-off-by: Paul Atkins <patkins@graphiant.com>
Change-Id: I256375ba2fa863a62a88474ce1ea6bf2accdd456
|
|
Type: improvement
This adds a new ip[46]-receive node, sibling
of ip[46]-local. Its goal is to set
vnet_buffer (b)->ip.rx_sw_if_index to the
sw_if_index of the local interface.
In dependant nodes further down the line (e.g.
hoststack) we then set sw_if_idx[rx] to this
value. So that we know which local interface
did receive the packet.
The TCP issue this fixes is that :
On accepts, we were setting tc->sw_if_index
to the source sw_if_index. We should use
the dest sw_if_index, so that packets
coming back on this connection have the
right source sw_if_index. And also setting
it in the tx-ed packet.
Change-Id: I569ed673e15c21e71f365c3ad45439b05bd14a9f
Signed-off-by: Nathan Skrzypczak <nathan.skrzypczak@gmail.com>
|
|
Type: fix
When VPP generates an ICMP echo reply in response to an incoming
echo request to a local address, set VNET_BUFFER_F_LOCALLY_ORIGINATED
on the buffer. It will prevent ip6-rewrite from decrementing the hop
limit.
Outbound IPv4 echo replies also get this flag set.
Change-Id: Iaa229294eb158edb58cf1bf1b7a90da281321406
Signed-off-by: Matthew Smith <mgsmith@netgate.com>
|
|
Using VPP CLI "ip route add" to add static IPv6 entries outputs wrong
results. Fix this error by correctly calculating IPv6 addresses with
different increased ranges and grouping ip4/ip6 prefix calculation
functionality into two functions.
Type: fix
Signed-off-by: Jieqiang Wang <jieqiang.wang@arm.com>
Reviewed-by: Lijian Zhang <lijian.zhang@arm.com>
Reviewed-by: Tianyu Li <tianyu.li@arm.com>
Change-Id: If954876301ca2095f9331799a086f75db936f246
|
|
Type: improvement
Signed-off-by: Filip Tehlar <ftehlar@cisco.com>
Change-Id: Ib07029204ecf12bf2adb5a39afa54bc98fb81f34
|
|
Type: fix
the only change to the mfib forwarding node is to set the error code, the rest is checkstyle formatting.
The traces previously showed some bogus reason:
00:04:27:325550: ip6-mfib-forward-rpf
entry 10 itf -1 flags
00:04:27:325551: ip6-drop
fib:0 adj:10 flow:0
UDP: fe80::b203:eaff:fe02:604 -> ff02::1:2
tos 0x00, flow label 0x651ed, hop limit 1, payload length 64
UDP: 546 -> 547
length 64, checksum 0xec9a
00:04:27:325551: error-drop
rx:GigabitEthernet6/0/0
00:04:27:325553: drop
ip6-input: drops due to concurrent reassemblies limit
Signed-off-by: Neale Ranns <neale@graphiant.com>
Change-Id: I294684c36edc346b4ebdd83ba66888b3b2197704
|
|
This patches fixes an issue that could cause
fib locks to underflow: if an API user deletes
a fib and quickly recreates it, the fib may not
have been actually deleted. As a result, the
lock would not be incremented on the create call
leading to the fib potentially disappearing
afterwards - or to the lock to underflow when
the fib is deleted again.
In order to keep the existing API semantics,
we use the locks with API and CLI source as flags.
This means we need to use a different counter
for the interface-related locks.
This also prevents an issue where an interface being
bound to a vrf via API and released via CLI could
mess up the lock counter.
Finally, this will help with cleaning up the
interface-related locks on interface deletion
in a later patch.
Type: fix
Change-Id: I93030a7660646d6dd179ddf27fe4e708aa11b90e
Signed-off-by: Nathan Skrzypczak <nathan.skrzypczak@gmail.com>
Signed-off-by: Aloys Augustin <aloaugus@cisco.com>
|
|
The path mtu node uses errors defined by ip fragmentation.
Type: fix
Change-Id: I1f173955919a4f555ab0309cd8201ec342a0ae92
Signed-off-by: Benoît Ganne <bganne@cisco.com>
|
|
previous - b31fbc47f5fcf8234c757558d7b0285348774086
Type: fix
Signed-off-by: Artem Glazychev <artem.glazychev@xored.com>
Change-Id: I7ea2d693d3ad5bf41ece066b3511fbfa156c1e4b
|
|
Type: improvement
Change-Id: Iac01d7830b53819ace8f199554be10ab89ecdb97
Signed-off-by: Nathan Skrzypczak <nathan.skrzypczak@gmail.com>
|
|
This feature allows one to add classifier-based ACLs on packets punted
from the ip infra, eg. to only whitelist specific sender(s).
Type: feature
Change-Id: Idab37b188583efbca980038875fc3e540cb2e880
Signed-off-by: Benoît Ganne <bganne@cisco.com>
|
|
Type: fix
Change-Id: I583c30e9b63c0b0b6cd5fef0b2cb9ed7ec9856e2
Signed-off-by: Benoît Ganne <bganne@cisco.com>
|
|
Type: improvement
Linux uses pseudo header checksum when checksum of l4 is offloaded.
This patch adds similar support in virtual interfaces.
Change-Id: I6a94d1104e59356f95057e7c122e3be9cd8659a3
Signed-off-by: Aloys Augustin <aloaugus@cisco.com>
Signed-off-by: Mohsin Kazmi <sykazmi@cisco.com>
|
|
Move control ping and change dependencies from vpe.api_types to
memclnt.api_types
Type: refactor
Signed-off-by: Florin Coras <fcoras@cisco.com>
Change-Id: I9f8bc442e28738c48d64d1f6794082c8c4f5725b
|
|
This prevents going through the same sequence every time the api is
called.
Type: fix
Change-Id: I3ca3587ab5d1c060e2913ca88501b8dbcdd9c196
Signed-off-by: Aloys Augustin <aloaugus@cisco.com>
|
|
VPE apis are actually vlib apis. This moves those that are not tightly
coupled with vapi to vlib_api
Type: refactor
Signed-off-by: Florin Coras <fcoras@cisco.com>
Change-Id: I456a64ce49a0cdeff4a0931c6ea513cb639f683e
Signed-off-by: Ole Troan <ot@cisco.com>
|
|
Type: fix
A subinterface that does not have exact match enabled cannot have
an IP address configured on it. When this is validated in the functions
which add an interface IP address for IPv4 and IPv6, a clib_error_t * is
returned but api_errno is not set. The API handler uses the value of
vnet_main.api_errno to set the return value in it's reply. Since it was
not set, the API reports the operation succeeded.
Set vnet_main.api_errno if vnet_sw_interface_supports_addressing() returns
a non-null value when adding/deleting an interface IP address.
Change-Id: I257a30d21788986102a2a719235e714ff16a24e8
Signed-off-by: Matthew Smith <mgsmith@netgate.com>
|
|
Set tableID = ~0 for auto selection unused ID
https://jira.fd.io/browse/VPP-1993
Type: improvement
Change-Id: I4eec2cc1d18fc025196cb6ac4c9a4b374388eb56
Signed-off-by: Artem Glazychev <artem.glazychev@xored.com>
Signed-off-by: Aloys Augustin <aloaugus@cisco.com>
|
|
Type: improvement
Signed-off-by: Mohsin Kazmi <sykazmi@cisco.com>
Change-Id: Ic0fa4f83048a280a7d1b04198c0f903798562d2d
|
|
Type: fix
The init of fib_index_by_sw_if_index wasn't
setting default value to 0. Which we now
need for setting interfaces unnumbered
Change-Id: Ie5be9b5e5373ef055557a871ad4d1c45fbfc1dee
Signed-off-by: Nathan Skrzypczak <nathan.skrzypczak@gmail.com>
|
|
Type: feature
Thought this might be useful when using
many VRF to get the list of allocated
VRFs and corresponding names
Change-Id: If9d2c6612d4215e7576315d66d1eb130fcecfa13
Signed-off-by: Nathan Skrzypczak <nathan.skrzypczak@gmail.com>
|
|
Remove unused parameters and fix warnings.
Type: fix
Signed-off-by: Klement Sekera <ksekera@cisco.com>
Change-Id: I2d0e7b84b56817999283ecb6be606159dcb26a28
|
|
Type: fix
Creating a sub-int without exact-match set, and subsequently adding an
IPv4 or IPv6 address will crash VPP. This fix catches this situation and
refuses to allow the caller to add an IPv4 or IPv6 address on an
ethernet sub-int that does not have exact-match set.
TESTED:
Before this change, the following crashes VPP:
```
DBGvpp# cre sub TenGigabitEthernet3/0/0 1 dot1q 10
TenGigabitEthernet3/0/0.1
DBGvpp# set interface ip address TenGigabitEthernet3/0/0.1 2001:db8::1/64
<crash>
```
After the change, VPP refuses to act:
```
DBGvpp# cre sub TenGigabitEthernet3/0/0 1 dot1q 10
TenGigabitEthernet3/0/0.1
DBGvpp# set interface ip address TenGigabitEthernet3/0/0.1 192.0.2.1/30
set interface ip address: sub-interface without exact-match doesn't support IP addressing
DBGvpp# set interface ip address TenGigabitEthernet3/0/0.1 2001:db8:1/64
set interface ip address: sub-interface without exact-match doesn't support IP addressing
```
Signed-off-by: Pim van Pelt <pim@ipng.nl>
Change-Id: I42997db314225cd186ebb54013b5717ace7f7bd6
|
|
Type: feature
Change-Id: Ia970f444ba2f38b7a42ea94942c906f1b541511b
Signed-off-by: Nathan Skrzypczak <nathan.skrzypczak@gmail.com>
|
|
Implement a simple source address selection algorithm
for IPv4 and IPv6.
IPv6 does not yet implement RFC6724 but supports link-locals.
ping now chooses correct source address for link-local destination.
Added ping support for link-local multicast (e.g. allnodes).
Type: feature
Signed-off-by: Ole Troan <ot@cisco.com>
Change-Id: I1a3382c1f7d4ace0386c2c19e4e47b045b73a3ed
Signed-off-by: Ole Troan <ot@cisco.com>
|
|
Type: feature
The difference being the MTRIE type they contain.
THE FIB continues to use the 16-8-8 version.
Signed-off-by: Neale Ranns <neale@graphiant.com>
Change-Id: I5a54d4e6e6cc639f18a3fb65ef2925507a7ef1de
|
|
Type: improvement
there's a time-space trade-off between the 16-8-8 and 8-8-8-8 stride.
FIB continues to use the 16-8-8. Other features are now free to make the
choice.
Signed-off-by: Neale Ranns <neale@graphiant.com>
Change-Id: I6691a163486ce62e75e629f6ef0c990f253df8e5
|