summaryrefslogtreecommitdiffstats
path: root/src/vnet/ip
AgeCommit message (Collapse)AuthorFilesLines
2022-01-12ip: coverity illegal access in ip6_ext_header_walkOle Troan1-9/+2
*** CID 243670: Memory - illegal accesses (OVERRUN) /src/vnet/ip/ip6_packet.h: 713 in ip6_ext_header_walk() CID 243670: Memory - illegal accesses (OVERRUN) Overrunning array "res->eh" of 4 4-byte elements at element index 5 (byte offset 23) using index "i" (which evaluates to 5). Type: fix Fixes: 03092c1 Change-Id: I27e0435cf10534f3b41e11bf7a5629b5428b0651 Signed-off-by: Ole Troan <ot@cisco.com>
2022-01-09fib: multiple memory leaks upon deleting a VRF tableSteven Luong1-0/+1
fib_table->ft_locks name string for parsing the ip table add|del name <tag> command path list for ip4_specials in mfib mfib->fib_entry_by_dst_address[0..32] mfib entry path_ext, msrc->mfes_exts Type: fix Signed-off-by: Steven Luong <sluong@cisco.com> Change-Id: Ia1e0cac577a73608ee1e4b1664b60a66322e81ce
2021-12-24ip: remove archaic vector code from mtrieDamjan Marion2-86/+12
Type: improvement Change-Id: Ib39478a2e6991d721c4ba3ea61c97bfb07238016 Signed-off-by: Damjan Marion <damarion@cisco.com>
2021-12-20ip: SVR fix race conditionKlement Sekera2-2/+14
There could be a race condition where two fragments of one chain end up at the same time on different workers, one overwriting others hash entry. Add a check for that and restart processing on the unlucky worker who ends up being second from hash table POV. This will then result in a proper handover to worker now owning this reassembly. Type: fix Fixes: de34c35fc73226943538149fae9dbc5cfbdc6e75 Signed-off-by: Klement Sekera <ksekera@cisco.com> Change-Id: I9eb29c5cb1ffe3b5eb1d5a638e17ab7ba2628d28
2021-12-14api: verify message size on receiptKlement Sekera2-1/+7
When a message is received, verify that it's sufficiently large to accomodate any VLAs within message. To do that, we need a way to calculate message size including any VLAs. This patch adds such funcionality to vppapigen and necessary C code to use those to validate message size on receipt. Drop messages which are malformed. Type: improvement Signed-off-by: Klement Sekera <ksekera@cisco.com> Change-Id: I2903aa21dee84be6822b064795ba314de46c18f4
2021-12-14ip: reassembly: drop zero length fragmentsKlement Sekera3-0/+17
Zero length fragments are invalid and should be dropped. This patch adds that. Type: improvement Change-Id: Ic6466c39ca8bf376efe06bb3b7f5d7f1ae812866 Signed-off-by: Klement Sekera <ksekera@cisco.com>
2021-12-10ip: reassembly: handle atomic fragments correctlyKlement Sekera2-45/+93
If a fragment arrives with fragment offset = 0 and M = 0, it means that this is actually a complete packet and per RFC 8200, it should be treated independently from other fragments. This patch does that. Fragmentation header is stripped and fragment is forwarded irregardles of other existing reassemblies in case of full reassembly and treated the same way as regular packet in shallow virtual reassembly. Type: improvement Change-Id: If3322d5e3160cd755b8465a642702a9166d46cc2 Signed-off-by: Klement Sekera <ksekera@cisco.com>
2021-12-03ip: extension header parsing fails for fragment headerOle Troan7-291/+263
Refactor and improve boundary checking on IPv6 extension header handling. Limit parsing of IPv6 extension headers to a maximum of 4 headers and a depth of 256 bytes. Type: fix Signed-off-by: Ole Troan <ot@cisco.com> Change-Id: Ide40aaa2b482ceef7e92f02fa0caeadb3b8f7556 Signed-off-by: Ole Troan <ot@cisco.com>
2021-12-03fib: Fix the display (or lack of) for fib node types in dependent children listsNeale Ranns1-1/+2
Type: fix When registering a new FIB node type, no name was required on the API, and so no name was printed. Signed-off-by: Neale Ranns <neale@graphiant.com> Change-Id: I8a99cf29c194637a550061b0a5e9782ffe8b31dd
2021-11-23vxlan: multiarch optimization of vxlanRay Kinsella1-1/+1
Fixing the mutliarch versions of vxlan, geneve and friends. Ensures that main struct is correctly sized for all multiarch permutations. Type: fix Fixes: 290526e3c Signed-off-by: Ray Kinsella <mdr@ashroe.eu> Change-Id: I7c4c435763a5dcb0c3b429cd4f361d373d480c03
2021-11-23ip: unlock_fib on if deleteNathan Skrzypczak3-0/+20
On interface delete we were not removing the lock taken by a previous ip_table_bind() call thus preventing the VRFs to be removed. Type: fix Change-Id: I11abbb51a09b45cd3390b23d5d601d029c5ea485 Signed-off-by: Nathan Skrzypczak <nathan.skrzypczak@gmail.com>
2021-11-18ip: comparing IP prefixes should not modify themNeale Ranns4-7/+33
Type: improvement make the ip_prefix_cmp take const paramenters. plus some other miscellaneous functions. Signed-off-by: Neale Ranns <neale@graphiant.com> Change-Id: Ib69bacfb09483a8a8f8b89900c92d3d55c354ac6
2021-11-17ip6: ip6_not_enabled_node is a sibling of ip6-dropPaul Atkins1-6/+2
The node ip6_not_enabled should be marked as sibling of ip6-drop as both are start nodes of the ip6-drop arc. Type: fix Signed-off-by: Paul Atkins <patkins@graphiant.com> Change-Id: I212c25444a81b11d8085ba7930ddb67b47502d5c
2021-11-12session: add support for DSCPFilip Tehlar1-5/+6
Type: feature Signed-off-by: Filip Tehlar <ftehlar@cisco.com> Change-Id: I817b1503ada1ae53c1134a85263f9b801d74e88a
2021-11-10vppinfra: new vectorized ip checksum functions incl. csum_and_copyDamjan Marion3-98/+11
Type: improvement Change-Id: Id5810b7f4a6d6e4ce16b73c235b50db5d475ebf7 Signed-off-by: Damjan Marion <damarion@cisco.com>
2021-11-10ip: crash in ip_csum_fold due to illegal instruction shrxSteven Luong1-1/+1
Encounter a crash for the line shrx edi,eax,edi in ip_csum_fold. The target cpu is ivy bridge which does not support shrx instruction. Type: fix Fixes: e6709ff37dc0f3a58ed5ad98aace73fe801f1e9d Signed-off-by: Steven Luong <sluong@cisco.com> Change-Id: Icc922d3b2ebfcfa721f63946a213b6c492874a9a
2021-11-10ip: always set ip rx_sw_if_indexFlorin Coras2-6/+11
Type: improvement Signed-off-by: Florin Coras <fcoras@cisco.com> Change-Id: I43f6bfa028ee37227f27a2fe0303662bf2631b10
2021-11-05ip: remove dead codeDamjan Marion1-3/+0
Type: refactor Change-Id: Ia8e8834b635025d07e1028b1d5779b21c4e05e58 Signed-off-by: Damjan Marion <damarion@cisco.com>
2021-11-04ip: speed up reassembly code compilationKlement Sekera4-50/+36
Refactor code so that code is inlined in one place instead of in multiple to speed up compilation. Type: refactor Change-Id: I41357b89715b66ebdc8c0d5ccd69347a254fc266 Signed-off-by: Klement Sekera <ksekera@cisco.com>
2021-11-04ip: reassembly: avoid reading truncated L4 headersKlement Sekera2-80/+149
Check if L4 headers are truncated and if so, set a flag for (future) consumers instead of reading/writing garbage data. Type: fix Fixes: de34c35fc73226943538149fae9dbc5cfbdc6e75 Change-Id: I0b656ec103a11c356b98a6f36cad98536a78d1dc Signed-off-by: Klement Sekera <ksekera@cisco.com>
2021-11-02ip: fix coverity warningKlement Sekera1-1/+1
Remove unnecessary NULL check of t0, which causes coverity to scream. t0 is always initilised to *something* by doing pool_elt_at_index(). Type: fix Signed-off-by: Klement Sekera <ksekera@cisco.com> Change-Id: I7cf21767c43a24923e490ad40622743c17142fe2
2021-11-02ip: fix build without vector unitDamjan Marion1-0/+13
Change-Id: I102f84d6d72a7f17e62fb8c16a1d4a3234753476 Type: fix Signed-off-by: Damjan Marion <damarion@cisco.com>
2021-10-28ip: improve csum fold on x86_64Damjan Marion1-1/+15
New code seems to be 1.5 clocks faster. old: mov eax,edi shr rdi,0x20 add rdi,rax movzx edx,di shr rdi,0x10 add rdx,rdi movzx eax,dx shr rdx,0x10 add rax,rdx mov rdx,rax shr rdx,0x10 add eax,edx new: mov rax,rdi shr rax,0x20 add eax,edi mov edi,0x10 shrx edi,eax,edi adc ax,di adc ax,0x0 Type: improvement Change-Id: I3c565812c67ff4c3db197a9d4137a6c131b5b66c Signed-off-by: Damjan Marion <damarion@cisco.com>
2021-10-21fib: respect mfib entry flags on create with pathsPaul Atkins2-5/+4
When an mfib entry was created with both paths and entry_flags then the entry flags were being ignored. If there are no paths then the flags were passed into mfib_table_entry_update, but in the case where the entry didn't exist and there were paths and flags, the entry was created within mfib_table_entry_paths_update() which used a default of MFIB_ENTRY_FLAG_NONE. Pass the flags through into the mfib_table_entry_paths_update fn. All existing callers other than the create case will now pass in MFIB_ENTRY_FLAG_NONE. Type: fix Signed-off-by: Paul Atkins <patkins@graphiant.com> Change-Id: I256375ba2fa863a62a88474ce1ea6bf2accdd456
2021-10-21ip: Add ip46-local node for local swif[rx]Nathan Skrzypczak2-34/+108
Type: improvement This adds a new ip[46]-receive node, sibling of ip[46]-local. Its goal is to set vnet_buffer (b)->ip.rx_sw_if_index to the sw_if_index of the local interface. In dependant nodes further down the line (e.g. hoststack) we then set sw_if_idx[rx] to this value. So that we know which local interface did receive the packet. The TCP issue this fixes is that : On accepts, we were setting tc->sw_if_index to the source sw_if_index. We should use the dest sw_if_index, so that packets coming back on this connection have the right source sw_if_index. And also setting it in the tx-ed packet. Change-Id: I569ed673e15c21e71f365c3ad45439b05bd14a9f Signed-off-by: Nathan Skrzypczak <nathan.skrzypczak@gmail.com>
2021-10-21ip6: set local flag on outbound echo replyMatthew Smith1-0/+4
Type: fix When VPP generates an ICMP echo reply in response to an incoming echo request to a local address, set VNET_BUFFER_F_LOCALLY_ORIGINATED on the buffer. It will prevent ip6-rewrite from decrementing the hop limit. Outbound IPv4 echo replies also get this flag set. Change-Id: Iaa229294eb158edb58cf1bf1b7a90da281321406 Signed-off-by: Matthew Smith <mgsmith@netgate.com>
2021-10-20ip6: fix IPv6 address calculation error using "ip route add" CLIJieqiang Wang1-20/+3
Using VPP CLI "ip route add" to add static IPv6 entries outputs wrong results. Fix this error by correctly calculating IPv6 addresses with different increased ranges and grouping ip4/ip6 prefix calculation functionality into two functions. Type: fix Signed-off-by: Jieqiang Wang <jieqiang.wang@arm.com> Reviewed-by: Lijian Zhang <lijian.zhang@arm.com> Reviewed-by: Tianyu Li <tianyu.li@arm.com> Change-Id: If954876301ca2095f9331799a086f75db936f246
2021-10-18interface: add api test fileFilip Tehlar1-15/+8
Type: improvement Signed-off-by: Filip Tehlar <ftehlar@cisco.com> Change-Id: Ib07029204ecf12bf2adb5a39afa54bc98fb81f34
2021-10-12fib: fix the drop counter for ipv6 RPF failuresNeale Ranns1-0/+6
Type: fix the only change to the mfib forwarding node is to set the error code, the rest is checkstyle formatting. The traces previously showed some bogus reason: 00:04:27:325550: ip6-mfib-forward-rpf entry 10 itf -1 flags 00:04:27:325551: ip6-drop fib:0 adj:10 flow:0 UDP: fe80::b203:eaff:fe02:604 -> ff02::1:2 tos 0x00, flow label 0x651ed, hop limit 1, payload length 64 UDP: 546 -> 547 length 64, checksum 0xec9a 00:04:27:325551: error-drop rx:GigabitEthernet6/0/0 00:04:27:325553: drop ip6-input: drops due to concurrent reassemblies limit Signed-off-by: Neale Ranns <neale@graphiant.com> Change-Id: I294684c36edc346b4ebdd83ba66888b3b2197704
2021-10-11ip: fix fib and mfib locksNathan Skrzypczak3-17/+10
This patches fixes an issue that could cause fib locks to underflow: if an API user deletes a fib and quickly recreates it, the fib may not have been actually deleted. As a result, the lock would not be incremented on the create call leading to the fib potentially disappearing afterwards - or to the lock to underflow when the fib is deleted again. In order to keep the existing API semantics, we use the locks with API and CLI source as flags. This means we need to use a different counter for the interface-related locks. This also prevents an issue where an interface being bound to a vrf via API and released via CLI could mess up the lock counter. Finally, this will help with cleaning up the interface-related locks on interface deletion in a later patch. Type: fix Change-Id: I93030a7660646d6dd179ddf27fe4e708aa11b90e Signed-off-by: Nathan Skrzypczak <nathan.skrzypczak@gmail.com> Signed-off-by: Aloys Augustin <aloaugus@cisco.com>
2021-10-07ip: fix path MTU node errors definitionBenoît Ganne3-3/+7
The path mtu node uses errors defined by ip fragmentation. Type: fix Change-Id: I1f173955919a4f555ab0309cd8201ec342a0ae92 Signed-off-by: Benoît Ganne <bganne@cisco.com>
2021-10-06ip: check if interface has link-local address (addition)Artem Glazychev1-1/+6
previous - b31fbc47f5fcf8234c757558d7b0285348774086 Type: fix Signed-off-by: Artem Glazychev <artem.glazychev@xored.com> Change-Id: I7ea2d693d3ad5bf41ece066b3511fbfa156c1e4b
2021-10-06docs: vnet comment nitfixesNathan Skrzypczak1-3/+4
Type: improvement Change-Id: Iac01d7830b53819ace8f199554be10ab89ecdb97 Signed-off-by: Nathan Skrzypczak <nathan.skrzypczak@gmail.com>
2021-10-06ip: add classifier-based ACLs support on ip puntBenoît Ganne1-234/+184
This feature allows one to add classifier-based ACLs on packets punted from the ip infra, eg. to only whitelist specific sender(s). Type: feature Change-Id: Idab37b188583efbca980038875fc3e540cb2e880 Signed-off-by: Benoît Ganne <bganne@cisco.com>
2021-10-04ip: fix punt for ipv6Benoît Ganne1-4/+9
Type: fix Change-Id: I583c30e9b63c0b0b6cd5fef0b2cb9ed7ec9856e2 Signed-off-by: Benoît Ganne <bganne@cisco.com>
2021-10-01devices: add support for pseudo header checksumMohsin Kazmi1-0/+54
Type: improvement Linux uses pseudo header checksum when checksum of l4 is offloaded. This patch adds similar support in virtual interfaces. Change-Id: I6a94d1104e59356f95057e7c122e3be9cd8659a3 Signed-off-by: Aloys Augustin <aloaugus@cisco.com> Signed-off-by: Mohsin Kazmi <sykazmi@cisco.com>
2021-09-27misc: api move continuedFlorin Coras1-0/+1
Move control ping and change dependencies from vpe.api_types to memclnt.api_types Type: refactor Signed-off-by: Florin Coras <fcoras@cisco.com> Change-Id: I9f8bc442e28738c48d64d1f6794082c8c4f5725b
2021-09-27ip: fix ip table allocation randomnessAloys Augustin1-1/+1
This prevents going through the same sequence every time the api is called. Type: fix Change-Id: I3ca3587ab5d1c060e2913ca88501b8dbcdd9c196 Signed-off-by: Aloys Augustin <aloaugus@cisco.com>
2021-09-27misc: move part of vpe apis to vlibmemoryFlorin Coras1-2/+0
VPE apis are actually vlib apis. This moves those that are not tightly coupled with vapi to vlib_api Type: refactor Signed-off-by: Florin Coras <fcoras@cisco.com> Change-Id: I456a64ce49a0cdeff4a0931c6ea513cb639f683e Signed-off-by: Ole Troan <ot@cisco.com>
2021-09-24ip: set error number on failed intf addrMatthew Smith2-2/+8
Type: fix A subinterface that does not have exact match enabled cannot have an IP address configured on it. When this is validated in the functions which add an interface IP address for IPv4 and IPv6, a clib_error_t * is returned but api_errno is not set. The API handler uses the value of vnet_main.api_errno to set the return value in it's reply. Since it was not set, the API reports the operation succeeded. Set vnet_main.api_errno if vnet_sw_interface_supports_addressing() returns a non-null value when adding/deleting an interface IP address. Change-Id: I257a30d21788986102a2a719235e714ff16a24e8 Signed-off-by: Matthew Smith <mgsmith@netgate.com>
2021-09-22ip: add ip_table_allocate to apiAloys Augustin5-15/+111
Set tableID = ~0 for auto selection unused ID https://jira.fd.io/browse/VPP-1993 Type: improvement Change-Id: I4eec2cc1d18fc025196cb6ac4c9a4b374388eb56 Signed-off-by: Artem Glazychev <artem.glazychev@xored.com> Signed-off-by: Aloys Augustin <aloaugus@cisco.com>
2021-09-16vxlan: improve to use the hardware offloadMohsin Kazmi1-1/+2
Type: improvement Signed-off-by: Mohsin Kazmi <sykazmi@cisco.com> Change-Id: Ic0fa4f83048a280a7d1b04198c0f903798562d2d
2021-09-13interface: fix init fib_index_by_sw_if_indexNathan Skrzypczak2-17/+18
Type: fix The init of fib_index_by_sw_if_index wasn't setting default value to 0. Which we now need for setting interfaces unnumbered Change-Id: Ie5be9b5e5373ef055557a871ad4d1c45fbfc1dee Signed-off-by: Nathan Skrzypczak <nathan.skrzypczak@gmail.com>
2021-09-13ip: show ip table CLINathan Skrzypczak1-0/+77
Type: feature Thought this might be useful when using many VRF to get the list of allocated VRFs and corresponding names Change-Id: If9d2c6612d4215e7576315d66d1eb130fcecfa13 Signed-off-by: Nathan Skrzypczak <nathan.skrzypczak@gmail.com>
2021-08-17ip: reassembly cleanupKlement Sekera4-246/+139
Remove unused parameters and fix warnings. Type: fix Signed-off-by: Klement Sekera <ksekera@cisco.com> Change-Id: I2d0e7b84b56817999283ecb6be606159dcb26a28
2021-08-14ip: Fix crash in ip address add on sub-int without exact-matchPim van Pelt2-12/+6
Type: fix Creating a sub-int without exact-match set, and subsequently adding an IPv4 or IPv6 address will crash VPP. This fix catches this situation and refuses to allow the caller to add an IPv4 or IPv6 address on an ethernet sub-int that does not have exact-match set. TESTED: Before this change, the following crashes VPP: ``` DBGvpp# cre sub TenGigabitEthernet3/0/0 1 dot1q 10 TenGigabitEthernet3/0/0.1 DBGvpp# set interface ip address TenGigabitEthernet3/0/0.1 2001:db8::1/64 <crash> ``` After the change, VPP refuses to act: ``` DBGvpp# cre sub TenGigabitEthernet3/0/0 1 dot1q 10 TenGigabitEthernet3/0/0.1 DBGvpp# set interface ip address TenGigabitEthernet3/0/0.1 192.0.2.1/30 set interface ip address: sub-interface without exact-match doesn't support IP addressing DBGvpp# set interface ip address TenGigabitEthernet3/0/0.1 2001:db8:1/64 set interface ip address: sub-interface without exact-match doesn't support IP addressing ``` Signed-off-by: Pim van Pelt <pim@ipng.nl> Change-Id: I42997db314225cd186ebb54013b5717ace7f7bd6
2021-08-13ip: punt redirect add nh in apiNathan Skrzypczak9-100/+243
Type: feature Change-Id: Ia970f444ba2f38b7a42ea94942c906f1b541511b Signed-off-by: Nathan Skrzypczak <nathan.skrzypczak@gmail.com>
2021-08-13ip: source address selectionOle Troan4-34/+259
Implement a simple source address selection algorithm for IPv4 and IPv6. IPv6 does not yet implement RFC6724 but supports link-locals. ping now chooses correct source address for link-local destination. Added ping support for link-local multicast (e.g. allnodes). Type: feature Signed-off-by: Ole Troan <ot@cisco.com> Change-Id: I1a3382c1f7d4ace0386c2c19e4e47b045b73a3ed Signed-off-by: Ole Troan <ot@cisco.com>
2021-08-11fib: A 16-8-8 and a 8-8-8-8 versions of an ip4_fib_tNeale Ranns2-18/+11
Type: feature The difference being the MTRIE type they contain. THE FIB continues to use the 16-8-8 version. Signed-off-by: Neale Ranns <neale@graphiant.com> Change-Id: I5a54d4e6e6cc639f18a3fb65ef2925507a7ef1de
2021-08-11ip: [re]introduce the 8-8-8-8 stride MTRIENeale Ranns2-50/+215
Type: improvement there's a time-space trade-off between the 16-8-8 and 8-8-8-8 stride. FIB continues to use the 16-8-8. Other features are now free to make the choice. Signed-off-by: Neale Ranns <neale@graphiant.com> Change-Id: I6691a163486ce62e75e629f6ef0c990f253df8e5