aboutsummaryrefslogtreecommitdiffstats
path: root/src/vnet/ip
AgeCommit message (Collapse)AuthorFilesLines
2020-05-04fib: midchain adjacency optimisationsNeale Ranns2-44/+79
Type: improvement - inline some common encap fixup functions into the midchain rewrite node so we don't incur the cost of the virtual function call - change the copy 'guess' from ethernet_header (which will never happen) to an ip4 header - add adj-midchain-tx to multiarch sources - don't run adj-midchain-tx as a feature, instead put this node as the adj's next and at the end of the feature arc. - cache the feature arc config index (to save the cache miss going to fetch it) - don't check if features are enabled when taking the arc (since we know they are) the last two changes will also benefit normal adjacencies taking the arc (i.e. for NAT, ACLs, etc) for IPSec: - don't run esp_encrypt as a feature, instead when required insert this node into the adj's next and into the end of the feature arc. this implies that encrypt is always 'the last feature' run, which is symmetric with decrypt always being the first. - esp_encrpyt for tunnels has adj-midchain-tx as next node Change-Id: Ida0af56a704302cf2d7797ded5f118a781e8acb7 Signed-off-by: Neale Ranns <nranns@cisco.com>
2020-05-04misc: binary api fuzz test fixesDave Barach2-3/+4
Add a hook to src/vlibapi/api_shared.c to fuzz (screw up) binary API messages, e.g. by xoring random data into them before processing. We specifically exempt client connection messages, and inband debug CLI messages. We step over msg_id, client index, client context, and sw_if_index. Otherwise, "make test" vectors fail too rapidly to learn anything. The goal is to reduce the number of crashes caused to zero. We're fairly close with this patch. Add vl_msg_api_max_length(void *mp), which returns the maximum plausible length for a binary API message. Use it to hardern vl_api_from_api_to_new_vec(...) which takes an additional argument - message pointer - so it can verify that astr->length is sane. If it's not sane, return a u8 *vector of the form "insane astr->length nnnn\0". Verify array lengths in vl_api_dhcp6_send_client_message_t_handler(...) and vl_api_dhcp6_pd_send_client_message_t_handler(...). Add a fairly effective binary API fuzz hook to the unittest plugin, and modify the "make test" framework.py to pass "api-fuzz { on|off }" to enable API fuzzing: "make API_FUZZ=on TEST=xxx test-debug" or similar Type: improvement Signed-off-by: Dave Barach <dave@barachs.net> Change-Id: I0157267652a163c01553d5267620f719cc6c3bde
2020-04-29ip: use thread local vm instead of thread main for vlib_time_now callsTom Seidenberg2-2/+2
Type: fix Change-Id: I8d68e7c7392dcb748a2a84e72c7b1ca0c6c0eb07 Signed-off-by: Tom Seidenberg <tseidenb@cisco.com>
2020-04-28tests: move defaults from defaultmapping to .api filesPaul Vinciguerra1-9/+9
facilitates use of papi beyond the tests. Type: improvement Change-Id: I3d502d9130b81a7fb65ee69bb06fe55802b28a27 Signed-off-by: Paul Vinciguerra <pvinci@vinciconsulting.com>
2020-04-27ip: reassembly: fix one possible use-after-freeGao Feng2-10/+11
When use the kv->v.memory_owner_thread_index as the index to get the reass in pool, maybe this element is freed by the owner thread because of timeout, too many fragments, and so on. So we should check if do_handoff with kv->v.memory_owner_thread_index before get the reass from pool. Type: fix Signed-off-by: Gao Feng <davidfgao@tencent.com> Change-Id: Ie0f1dc368f86d0fd65292ca0c5e1908348015e09
2020-04-24ip: reassembly: improve type safetyKlement Sekera4-30/+24
Type: refactor Change-Id: Ib2d4a11ffa0e1e56ca05705ba8cdf84e6cc66427 Signed-off-by: Klement Sekera <ksekera@cisco.com>
2020-04-24ip: Setting the Link-Local address from the API enables IPv6 on theNeale Ranns4-13/+18
interface Type: fix Signed-off-by: Neale Ranns <nranns@cisco.com> Change-Id: I0b7c189006e30a357cd6be4f3c9c61fded4157cb
2020-04-23ip: Replace Sematics for Interface IP addressesNeale Ranns10-293/+557
Type: feature - replace functions for prefixes attached to interfaces - add ip_interface.[ch] to consoldate the functions Signed-off-by: Neale Ranns <nranns@cisco.com> Change-Id: I9c0c39c09dbf80ea1aadefee02c9bd16f094b6ad
2020-04-22ip: fix format functions for u8 address_familyNeale Ranns1-1/+1
Type: fix Signed-off-by: Neale Ranns <nranns@cisco.com> Change-Id: I8c9f5330879fb8f51792b4476d5f0c873dbe4d7a
2020-04-15urpf: Allow locally generated packets on TXNeale Ranns1-4/+0
Type: fix Change-Id: I87d301aec20b9f5b34997b394493c796188fce14 Signed-off-by: Neale Ranns <nranns@cisco.com>
2020-04-15misc: refactor calc_checksumsDave Barach2-7/+21
Merge two mildly incompatible static inlines, and rename the results vnet_calc_checksums_inline (...). The resulting inline has three additional parameters: int is_ip4, int is_ip6, and int with_gso. All calls manage to pass one or more as compile-time constants, which causes a certain amount of code to disappear in each instantiation. Type: refactor Signed-off-by: Dave Barach <dave@barachs.net> Change-Id: I1a2a0e353b9a7bca20bc81318e8c915617261e1a
2020-04-14urpf: Unicast reverse Path Forwarding (plugin)Neale Ranns7-614/+6
Type: feature - move the IP4 code to plugin - add ip6 support - add suport for uRPF on TX - add tests Change-Id: I074c2debc486d3e79c12fad4b8dbd72c41e841a0 Signed-off-by: Neale Ranns <nranns@cisco.com>
2020-04-09misc: fix error handling in punt_replicateDave Barach1-0/+1
If vlib_buffer_clone (...) fails due to a buffer allocation error, update *n_dispatched with the actual number of clones, not the requested number of clones. Punt_replicate(...) should not set *to_next[0] = bi0. The original buffer is enqueued separately in punt_dispatch_node(...) Type: fix Signed-off-by: Dave Barach <dave@barachs.net> Change-Id: I774ad8f8c1a0633de4cf8ae5530629201c229347
2020-04-08ip: do not clear the locally-originated flagNeale Ranns2-16/+4
Type: fix - doing so in MTU dec, means mtu_inc is broken - there's no need to. if a packet encounters ipX-rewrite a second time then it went through a tunnel the first time and is still locally originated. Change-Id: I0f279c2837b608c1677485fe93f63398ab2737b3 Signed-off-by: Neale Ranns <nranns@cisco.com>
2020-04-07udp session: allow dgram ip fragmentationFlorin Coras1-17/+26
Type: improvement Signed-off-by: Florin Coras <fcoras@cisco.com> Change-Id: Ida8f9e759b4990ea6e34e71dc45bdb3b5eabc27f
2020-04-06ip: reassembly: don't set error if no errorKlement Sekera4-8/+12
Type: fix Signed-off-by: Klement Sekera <ksekera@cisco.com> Change-Id: I9d25129fbf1ea880121b281f41750155286fb489
2020-04-01ip: Fix the AH/ESP protocol numbers on the APINeale Ranns1-2/+2
Type: fix this is mainly cosmetic, assuming users use the symbolic names, since VPP's API types encode/decode functions corrected the values Signed-off-by: Neale Ranns <nranns@cisco.com> Change-Id: Iecbb8102aee64b2565a3fc89a30cad73a935269d
2020-03-25ip: Adding IP tables is no MP safeNeale Ranns1-2/+0
Type: fix it was marked MP safe in the CLI (which it shouldn't be) but it it not marked MP safe on the API. Change-Id: I4bdea498a510a8b406d13d62a899b6d03656f7e8 Signed-off-by: Neale Ranns <nranns@cisco.com>
2020-03-24map: fix translation of icmp6 error messagesAlexander Chernavin1-0/+51
Translation of ICMPv6 error messages to ICMP error messages fails because the sender port is not set that leads to securtiy check failure. With this commit, during ICMPv6 error messages translation, get the sender port value from the inner packet. Type: fix Change-Id: I1ee295a3685fab4837172edfb629a699f49afbee Signed-off-by: Alexander Chernavin <achernavin@netgate.com>
2020-03-20ip: provide extern declaration for ip punt nodesJawahar Santosh Gundapaneni2-0/+2
Type: fix Signed-off-by: Jawahar Santosh Gundapaneni <jgundapa@cisco.com> Change-Id: Ife0f7749a72cc834a3d811f8cf6b5a0840157014
2020-03-20ip: ip API types coverity fixJakub Grajciar1-1/+0
Type: fix Signed-off-by: Jakub Grajciar <jgrajcia@cisco.com> Change-Id: I6b2c7550ae5918c27b02b1173533d2042c6c15c7
2020-03-19ip: change ip API enums address_family and ip_proto size to u8Jakub Grajciar4-41/+51
Type: fix Signed-off-by: Jakub Grajciar <jgrajcia@cisco.com> Change-Id: I73d27520726543d6375caad76a841339f68c3533 Signed-off-by: Jakub Grajciar <jgrajcia@cisco.com>
2020-03-17fib: Always install all routers mcast addressesNeale Ranns2-1/+4
Type: improvement Signed-off-by: Neale Ranns <nranns@cisco.com> Change-Id: Ia8dff15855a81cf29729bdaa3ff28fbe3254fa97
2020-03-17ip: ip_address_t uses ip46_address_tNeale Ranns10-182/+325
Type: improvement type re-use. Signed-off-by: Neale Ranns <nranns@cisco.com> Change-Id: Ic2a2e6babf9ae66a1e53aec53a6cd157e1893dc8
2020-03-03geneve gtpu vxlan vxlan-gpe: VRF-aware bypass nodeNick Zavaritsky5-0/+226
Bypass node MUST NOT intercept a packet if destination IP doesn’t match a local address. However IP address interpretation depends on the VRF, hence bypass node must take that into account. This patch also factors-out common VTEP management and checking code. Type: improvement Signed-off-by: Nick Zavaritsky <nick.zavaritsky@emnify.com> Change-Id: I5665d94882bbf45d15f8da140c7ada528ec7fa94
2020-03-03ip: fix coverity warningDave Barach1-9/+5
Type: fix Ticket: VPP-1837 Signed-off-by: Dave Barach <dave@barachs.net> Change-Id: Ifb310d6378c77ed9d3aae994897ca71ba8c44fa2
2020-02-26vat: add ip api types parser definitionsJakub Grajciar1-2/+18
build vat with src/vnet/ip/ip_types_api.c Type: fix Signed-off-by: Jakub Grajciar <jgrajcia@cisco.com> Change-Id: Iab0f18bf7a89cf9512beab0629bc3a349edec383 Signed-off-by: Jakub Grajciar <jgrajcia@cisco.com>
2020-02-26api: improve api string safetyJakub Grajciar1-2/+2
- Remove vl_api_from_api_string to prevent use of not nul-terminated strings. - Rename vl_api_from_api_to_vec -> vl_api_from_api_to_new_vec to imply a new vector is created. NOT nul terminated. - Add vl_api_from_api_to_new_c_string. Returns nul terminated string in a new vector. - Add vl_api_c_string_to_api_string. Convert nul terminated string to vl_api_string_t - Add vl_api_vec_to_api_string. Convert NON nul terminated vector to vl_api_string_t Type: fix Signed-off-by: Jakub Grajciar <jgrajcia@cisco.com> Change-Id: Iadd59b612c0d960a34ad0dd07a9d17f56435c6ea Signed-off-by: Jakub Grajciar <jgrajcia@cisco.com>
2020-02-25vlib: Punt reason allocation listener enable/disable callbackNeale Ranns1-0/+2
Type: improvement allow clients that allocate punt reasons to pass a callback function that is invoked when the first/last client registers to use/listen on that punt reason. This allows the client to perform some necessary configs that might not otherwise be enabled. IPSec uses this callback to register the ESP proto and UDP handling nodes, that would not otherwise be enabled unless a tunnel was present. Change-Id: I9759349903f21ffeeb253d4271e619e6bf46054b Signed-off-by: Neale Ranns <nranns@cisco.com>
2020-02-21ipsec: IPSec protection for multi-point tunnel interfacesNeale Ranns4-16/+97
Type: feature Signed-off-by: Neale Ranns <nranns@cisco.com> Change-Id: Iaba2ab11bfaa1c8db4023434e3043ac39500f938
2020-02-21ip: Unintialized variables in prefx setup (coverity warning)Neale Ranns2-0/+2
Type: fix Change-Id: I048c9ed423ca2993d2179cdce364ac98980311bb Signed-off-by: Neale Ranns <nranns@cisco.com>
2020-02-11vppinfra: remove the historical mheap memory allocatorDave Barach1-4/+0
The mheap allocator has been turned off for several releases. This commit removes the cmake config parameter, parallel support for dlmalloc and mheap, and the mheap allocator itself. Type: refactor Signed-off-by: Dave Barach <dave@barachs.net> Change-Id: I104f88a1f06e47e90e5f7fb3e11cd1ca66467903
2020-02-11sr: update NH value for Ethernet payloadspcamaril1-1/+2
Upon encapsulation of L2 frames, IETF has replaced the NextHeader value from 59 (IPv6 No Next Header) to 143 (Ethernet). https://www.iana.org/assignments/protocol-numbers/protocol-numbers.xhtml Type: fix Signed-off-by: pcamaril <pcamaril@cisco.com> Change-Id: I88aa5590c81d16700ff7a0bbe6337e113179496e Signed-off-by: pcamaril <pcamaril@cisco.com>
2020-02-11ip: fix ip-local errorsFlorin Coras3-3/+4
Type: fix Signed-off-by: Florin Coras <fcoras@cisco.com> Change-Id: Ie8bc5c9a03e858487cf565b4e9b520e6b496337a
2020-02-10ip: more detailed show reassembly commandsVladimir Ratnikov4-7/+33
Options like: expire_walk_interval_ms,max_reassemblies,timeout_ms can be configured via API, but it's impossible to check them using vppctl, but this can be a useful feature Type: feature Signed-off-by: Vladimir Ratnikov <vratnikov@netgate.com> Change-Id: Iac8a96201a7a70b82e9852edc89b819c5d451a58
2020-02-10ip6: fix l4 checksum with hop-by-hop headerMatthew Smith1-13/+23
L4 checksums for IPv6 should be calculated using a pseudo header that includes the source/destination addresses, payload length, and payload protocol. ip6_tcp_udp_icmp_compute_checksum() was using the payload length and protocol from the IPv6 header. If there is a hop-by-hop header (or any other extension header), the payload length used for the pseudo header should only include the upper layer header and payload and not the extension header bytes. Same deal with the protocol, the upper layer next header value should be used instead of the extension header. Type: fix Fixes: cb9cadad57 Change-Id: Ifa2c9ad41c0fc4eea674f0671255b637c8e01f71 Signed-off-by: Matthew Smith <mgsmith@netgate.com>
2020-02-04ip: translate fragmented icmp to fragmented icmp6Alexander Chernavin1-2/+27
The first translated ICMPv6 packet of a fragmented ICMP message does not have a IPv6 fragment header. All subsequent have. With this commit, add a IPv6 fragment header to the first translated ICMPv6 packet. Type: fix Change-Id: Id89409ce7273cbeed801e2e18a09d3e7c3c4e4bc Signed-off-by: Alexander Chernavin <achernavin@netgate.com>
2020-01-30gre: Tunnel encap/decap flagsNeale Ranns1-1/+1
Type: feature common funcitons across IP-in-IP and GRE tunnels for encap/decap functions Signed-off-by: Neale Ranns <nranns@cisco.com> Change-Id: I325b66824878d843af167adfe5a7a96b0ab90566
2020-01-15ip: align reass.save_rewrite_lengthv20.05-rc0Klement Sekera2-16/+0
By aligning vnet_buffer_opaque.ip.save_rewrite_length and vnet_buffer_opaque.ip.reass.save_rewrite_length we prevent shallow virtual reassembly code from overwrite save_rewrite_length, allowing other features down the pipe to rely on this value. A static assert is added to guard this alignment. Type: fix Fixes: f126e746fc01c75bc99329d10ce9127b26b23814 Change-Id: Ie7c7f3abc2a221bbcf2830c0f006a4368088b342 Signed-off-by: Klement Sekera <ksekera@cisco.com>
2020-01-15ip6: during icmp to icmp6 translation truncate error messagesAlexander Chernavin1-2/+2
All translated ICMPv6 packets that exceed the minimal IPv6 MTU get truncated but according to RFC 4443 2.4 only ICMPv6 error messages (type < 128) need to be truncated. With this commit, truncate only ICMPv6 error messages. Type: fix Change-Id: Ic455352de2ff4ff6aa3421b46a2a54923f2d3f80 Signed-off-by: Alexander Chernavin <achernavin@netgate.com>
2020-01-14classify: Reduce the include dependencies on vnet_classify.hNeale Ranns3-1/+2
Type: refactor currently vnet_classify.h is included in ip.h where it's not required. Change-Id: Id55682637601655aa2edda681536a979c8e323bd Signed-off-by: Neale Ranns <nranns@cisco.com>
2020-01-11ip: avoid fib lookup for consecutive pkts having same source IPNitin Saxena1-5/+5
Type: fix Fixes: be2286b0 This patch does following: - If terminating frame has consecutive packets with same source IP, this patch avoids fib lookup for those packets in ip4-local node. This drops cycle count for ip4-local node on both ARM and x86. It being done by enabling dead code in else {} case of ip4_local_check_src_x2() and ip4_local_check_src() functions. - In case all packets in terminating frame have unique source IP (e.g: incrementing), ip4-local is costlier by 2 cycles (broadwell) Change-Id: I472ddc324716cec8bfe601568b8aeb7565f97ab3 Signed-off-by: Nitin Saxena <nsaxena@marvell.com>
2020-01-03ip: API cleanupJakub Grajciar1-25/+26
Use consistent API types. Type: fix Signed-off-by: Jakub Grajciar <jgrajcia@cisco.com> Change-Id: I17b95bba2327049d2b99e59cea79208814a24b22 Signed-off-by: Jakub Grajciar <jgrajcia@cisco.com>
2020-01-03nat: use SVRKlement Sekera7-512/+413
Remove NAT's implementation of shallow virtual reassembly with corresponding CLIs, APIs & tests. Replace with standalone shallow virtual reassembly provided by ipX-sv-reass* nodes. Type: refactor Change-Id: I7e6c7487a5a500d591f6871474a359e0993e59b6 Signed-off-by: Klement Sekera <ksekera@cisco.com>
2020-01-01ip: indent format typo fixNeale Ranns1-8/+6
Type: style Signed-off-by: Neale Ranns <nranns@cisco.com> Change-Id: Idfcd4a363d4582ce69fac83ddc760f2dc4feed52
2019-12-17ip: cleanup punt socket cli helpPaul Vinciguerra1-11/+20
Make the help string consistent with the cli parser. Type: fix Change-Id: I7140bd589c2a94dbf5af5cc633cb495457a6af22 Signed-off-by: Paul Vinciguerra <pvinci@vinciconsulting.com>
2019-12-17ip: Protocol Independent IP NeighborsNeale Ranns21-9426/+1358
Type: feature - ip-neighbour: generic neighbour handling; APIs, DBs, event handling, aging - arp: ARP protocol implementation - ip6-nd; IPv6 neighbor discovery implementation; separate ND, MLD, RA - ip6-link; manage link-local addresses - l2-arp-term; events separated from IP neighbours, since they are not the same. vnet retains just enough education to perform ND/ARP packet construction. arp and ip6-nd to be moved to plugins soon. Change-Id: I88dedd0006b299344f4c7024a0aa5baa6b9a8bbe Signed-off-by: Neale Ranns <nranns@cisco.com>
2019-12-16vppinfra: bihash walk cb typedef and continue/stop controlsNeale Ranns5-7/+13
Type: feature Change-Id: I28f7a658be3f3beec9ea32635b60d1d3a10d9b06 Signed-off-by: Neale Ranns <nranns@cisco.com>
2019-12-13ip: SVR: fix wrong return valueKlement Sekera2-2/+2
Type: fix Change-Id: I9498b660bf2045bb6aac96d19bb9456a14b35847 Signed-off-by: Klement Sekera <ksekera@cisco.com>
2019-12-10ip: use explicit types in apiOle Troan1-73/+74
Type: fix Signed-off-by: Ole Troan <ot@cisco.com> Change-Id: I1fd190da28a765ba430952539c291a741aaa3dce