aboutsummaryrefslogtreecommitdiffstats
path: root/src/vnet/ip
AgeCommit message (Collapse)AuthorFilesLines
2024-03-21ip: add support for buffer offload metadata in ip midchainArthur de Kerhor2-23/+0
The offload should be handled by gso node or by the NIC if the latter has the relevant capabilities. But ip midchain is missing the support for buffer offload metadata in case of GSO packet. This patch adds the relevant support to add the buffer metadata if the packet is GSO/IPIP to be handled accordingly. Type: improvement Change-Id: I17f5d71bf4c5f43a85ca3f2fbebfa1426b42ef69 Signed-off-by: Arthur de Kerhor <arthurdekerhor@gmail.com> Signed-off-by: Mohsin Kazmi <sykazmi@cisco.com>
2024-03-15ip: reassembly - return correct valueKlement Sekera2-2/+2
If already enabled, return 0 to indicate success. Type: fix Change-Id: I4a182e14df9b05698ad93d596a97c46a020fd54b Signed-off-by: Klement Sekera <klement.sekera@gmail.com>
2024-03-12misc: remove GNU Indent directivesDamjan Marion39-334/+1
Type: refactor Change-Id: I5235bf3e9aff58af6ba2c14e8c6529c4fc9ec86c Signed-off-by: Damjan Marion <damarion@cisco.com>
2024-03-05ip: force full reassembly before virtualMatthew Smith1-14/+5
Type: improvement The vnet buffer metadata for full IP reassembly and shallow virtual reassembly overlaps. If you have full reassembly and virtual reassembly enabled on the same interface and virtual reassembly happens to process packets first, full reassembly will stomp on the metadata populated by virtual reassembly. Virtual reassembly gets enabled implicitly when NAT feature nodes are enabled. Those NAT feature nodes rely on the virtual reassembly metadata being populated correctly in order to find L4 proto & ports. When NAT and IP full reassembly are both enabled on an interface, NAT can drop fragmented packets because the virtual reassembly metadata can be overwritten by full reassembly. Ensure that full reassembly runs before virtual reassembly. Add a runs_before dependency to ensure that ip4-full-reassembly-feature runs before ip4-sv-reassembly-feature. There was a duplicate VNET_FEATURE_INIT() for ip4-full-reassembly-feature. It seems to have been intended for enabling ip4-full-reassembly-custom as a feature node, but its contents are identical to the earlier VNET_FEATURE_INIT() for ip4-full-reassembly-feature. Removed the duplicate. Change-Id: Ie600b854d4ceb90a7cb736810140d410b8f72447 Signed-off-by: Matthew Smith <mgsmith@netgate.com>
2024-03-05vnet: fix format of deleted sw interfacesVladislav Grishenko4-15/+10
As similar 535364e90459566b603661c3dbe360c72f59ad71 is merged, printing possibly deleted interfaces by index only in all the rest cases. Type: improvement Signed-off-by: Vladislav Grishenko <themiron@yandex-team.ru> Change-Id: I4fa58b382c0279ff893523ba0188fdb9b09e10af
2024-03-04misc: fix icmpMaxime Peim2-1/+1
- fix ICMPv6 lookup FIB (don't reset sw_if_index[VLIB_TX] to -1) - add locally generated flag in ICMPv4 buffers (reflect ICMPv6) Type: fix Change-Id: If25a176a9952cbe185a030f8b136718af1bff9e8 Signed-off-by: Maxime Peim <mpeim@cisco.com>
2024-03-04ip: fix warning on interface ipv6 prefix removeVladislav Grishenko1-1/+1
Type: fix Signed-off-by: Vladislav Grishenko <themiron@yandex-team.ru> Change-Id: I428f52abbdddd9caca9b0f619a0e934f96ac0b4a
2024-03-04fib: fix crash while adding intf-rx routesVladislav Grishenko1-1/+1
Fix crash while adding intf-rx ip4 and ip6 routes via api due invalid exporting of interface rx routes as attached. Also, add missed route path via rx-ip6 cli support. Type: fix Signed-off-by: Vladislav Grishenko <themiron@yandex-team.ru> Change-Id: I15711c8c0787398dd7e3baa4787019bb1f317666
2024-02-22ip6: ECMP hash support for ipv6 fragmentsBenoît Ganne2-11/+27
Type: improvement Change-Id: I41f70e5977fedbf0050205ebe52126ef373ebc06 Signed-off-by: Benoît Ganne <bganne@cisco.com>
2024-02-19vnet: include platform specific un.hTom Jones1-0/+5
On FreeBSD define UNIX_PATH_MAX so it is available in punt.c. FreeBSD's max path is 4 bytes shorter than Linux's. Type: improvement Change-Id: I2c4b7aa11246213575b557fab44669706885e6b7 Signed-off-by: Tom Jones <thj@freebsd.org>
2024-01-29ip: don't export useless error counters for ip6 rewriteArthur de Kerhor1-2/+0
the error node is set to ip6_input in the inline funcition associated with ip6_rewrite. Thus, error counters defined for node ip6 rewrite are never used. Type: fix Change-Id: Id6bef633928b0fff9069498c2e39e9f5bea2cf9b Signed-off-by: Arthur de Kerhor <arthurdekerhor@gmail.com>
2023-10-01fib: Crash when specify a big prefix length from CLI.Gavril Florian2-0/+28
The VPP is crashing when specify a very big prefix length, like ip route add 1.1.1.1/55 via 2.2.2.2 Type: fix Signed-off-by: Gavril Florian <gflorian@3nets.io> Change-Id: Ic491c0b24e07be897ff35ae1e835280f04ab3ea5
2023-09-06ip: punt add punt socket support for icmp6Ole Troan3-31/+77
Punt support for ICMP6 messages allows for an external IPv6 RA advertisement agent. Type: feature Change-Id: I0cc928b747ac1f8335ee9f7c42a3231424825dbc Signed-off-by: Ole Troan <otroan@employees.org>
2023-09-06api: fix mp-safe mark for some messages and add moreVladislav Grishenko1-7/+11
Several api messages were not mp-safe although marked as such because non-zero base id was not taken into account, and therefore some other (from zero base id) were falsely mp-safe instead. Keep messages as mp-safe, as they falsely were before: 10 get_first_msg_id 0 1 12 api_versions 0 1 Messages that are no longer mp-safe as they weren't marked: 15 sockclnt_create 0 1 33 proxy_arp_intfc_dump 0 1 Fix messages to be really mp-safe: 809 bridge_domain_dump 0 1 920 ip_route_add_del 0 1 921 ip_route_add_del_v2 0 1 1362 get_node_graph 0 1 1671 create_vhost_user_if 0 1 1675 create_vhost_user_if_v2 0 1 Additionally mark messages as mp-safe, seems they need no barrier: 1360 show_threads 0 1 1370 show_version 0 1 1372 show_vpe_system_time 0 1 Type: fix Change-Id: Ie6c1e3aa89f26bf51bfbcb7e7c4d9fee885487b7 Signed-off-by: Vladislav Grishenko <themiron@yandex-team.ru>
2023-07-06api: ip - Mark old message versions as deprecatedOndrej Fabry1-0/+5
List of changed messages: - ip_punt_redirect_dump - ip_punt_redirect_details This change is part of VPP API cleanup initiative. Type: fix Signed-off-by: Ondrej Fabry <ofabry@cisco.com> Change-Id: Icf91f760b9bd328110b0f9fc2e421bb954033d21
2023-05-15ip: allow overriding fib index in reassFlorin Coras2-6/+10
Type: improvement Signed-off-by: Florin Coras <fcoras@cisco.com> Change-Id: Ic28da52b9c8286f71e472ef6c3afc23d464f85b0
2023-04-26ip: change icmp4 throttleOle Troan1-1/+1
traceroute sends 3 packets rapidly that triggers and depends on ICMP error generation. The current ICMP4 throttle setting at 1-e3 throttles the last ICMP error and makes traceroute sit in a timeout. Type: fix Change-Id: Ie886303600ad0374dcb6ae311e949154727a93d2 Signed-off-by: Ole Troan <otroan@employees.org>
2023-04-12ip: punt socket - take the tags in Ethernet header into considerationAndrew Yourtchenko1-1/+2
The punt socket code rewinds the current_data pointer by sizeof (ethernet_header_t), which is incorrect if the header is tagged - resulting in truncated destination MAC address. Use ethernet_buffer_header_size() instead, which takes tags into account. Also add the unittest that verifies the issue and the fix. Type: fix Change-Id: I6352a174df144ca1e4230390c126f4b698724ebc Signed-off-by: Andrew Yourtchenko <ayourtch@gmail.com>
2023-03-31ip: support flow-hash gtpv1teidTakeru Hayasaka8-14/+98
support with GTPv1 TEID added to the flow hash. This can able to ECMP to PGW and parallelization. Type: feature Change-Id: I6f758579027caf6123831ef2db7afe17e424a6eb Signed-off-by: Takeru Hayasaka <hayatake396@gmail.com>
2023-03-23vnet: throttling configuration improvementMaxime Peim2-2/+2
To allow a more flexible throttling configuration, the number of bits used in the throttling bitmap can be chosen. Type: improvement Signed-off-by: Maxime Peim <mpeim@cisco.com> Change-Id: I7bfe391dd64729011b03f3e5b89408dfc340e036
2023-02-02ip: fix ip ACL tracesBenoît Ganne1-6/+9
If we match a next table, we must save its index in the trace instead of the index of the 1st table. Type: fix Change-Id: Idd862242e7fc200eb3ab29b17a26131b844af2c0 Signed-off-by: Benoît Ganne <bganne@cisco.com>
2023-01-19ip: add the missing offload checkMohsin Kazmi1-2/+2
Type: fix Signed-off-by: Mohsin Kazmi <sykazmi@cisco.com> Change-Id: I64283648985c98e81f315da32a451cef6e60f933
2022-12-02vnet: fix trace flag copying in icmp4Klement Sekera1-1/+1
Type: fix Signed-off-by: Klement Sekera <klement.sekera@gmail.com> Change-Id: I0a947b74e40499327910c1ed10923f7a869039d6
2022-11-09ip: fix unformat_ip_address forcing version to IP4 for some IP6 addressesAndrew Yourtchenko1-9/+10
dd2f12ba made use of ip46_address_is_ip4() in order to determine whether the address is ipv4 or ipv6 within unformat_ip_address - however, its logic is correct only for some addresses. e.g. a valid IPv6 address of :: (unspecified) will result in "true" result. This is probably not an issue for most of the cases (the unspecified address is quite rare), however if the unformat_ip_address is used as part of the prefix parsing, the ::/0 is a fairly often utilized construct, which gets parsed as 0.0.0.0 Solution: return the old logic, but use a temporary variable to avoid overwriting the target memory on failure. Type: fix Fixes: dd2f12ba6ab952d9d66f4d9ba89ffde6309b1ff2. Change-Id: I272f740dfdf07036cec68516e153f0701a53233d Signed-off-by: Andrew Yourtchenko <ayourtch@gmail.com>
2022-10-17ip: fix the pseudo header checksumMohsin Kazmi1-4/+2
Type: fix Signed-off-by: Mohsin Kazmi <sykazmi@cisco.com> Change-Id: I5eb83cbd0f8534dc50ecb907b3582717e8709aa2
2022-10-12ip: migrate ip4 full reassembly to use vlib_buffer_enqueue_to_nextDamjan Marion1-155/+144
Type: improvement Change-Id: Ibf683c9ba8a2751e0b40920f6735cfe0a35a6e6d Signed-off-by: Damjan Marion <dmarion@me.com>
2022-10-12ip: simpler and faster ip4_full_reass_drop_allDamjan Marion1-41/+19
Type: improvement Change-Id: I4a75583ce718ba6466cd09ca8373fd43988ef62a Signed-off-by: Damjan Marion <dmarion@me.com>
2022-10-12misc: fix issues reported by clang-15Damjan Marion2-6/+0
Type: improvement Change-Id: I3fbbda0378b72843ecd39a7e8592dedc9757793a Signed-off-by: Damjan Marion <dmarion@me.com>
2022-10-05ip: reassembly - custom context instead of VRFMohammed Hawari2-40/+137
Change-Id: Id8d6ab96a710cdd207068cf19a6363bbcd584de4 Type: improvement Signed-off-by: Mohammed Hawari <mohammed@hawari.fr>
2022-10-05ip: reassembly - custom context of ipv6Mohammed Hawari2-26/+129
Change-Id: Ia5ec7fc0c71e6a0ad1b43df24bb6b88e616d260d Type: improvement Signed-off-by: Mohammed Hawari <mohammed@hawari.fr>
2022-09-30fib: fix dpo-receive address in ip6-ll fibsVladislav Grishenko1-1/+6
Need to fill frp_addr for local path, it's used by dpo-receive. If not, address output can be invalid: $ sudo vppctl sh ip6-ll fe80::dcad:ff:fe00:3/128 IP6-link-local:loop3, fib_index:2, locks:[IPv6-nd:1, ] fe80::dcad:ff:fe00:3/128 fib:2 index:55 locks:2 IPv6-nd refs:1 entry-flags:connected,import,local, src-flags:added,contributing,active, path-list:[72] locks:2 flags:shared,local, uPRF-list:58 len:0 itfs:[] path:[82] pl-index:72 ip6 weight=1 pref=0 receive: oper-flags:resolved, cfg-flags:local,glean, [@0]: dpo-receive: 8000:100:fe80::dcad:ff on loop3 forwarding: unicast-ip6-chain [@0]: dpo-load-balance: [proto:ip6 index:57 buckets:1 uRPF:58 to:[0:0]] [0] [@2]: dpo-receive: 8000:100:fe80::dcad:ff on loop3 Type: fix Change-Id: Ib9874c5eac74af789e721098d512a1058cb8e404 Signed-off-by: Vladislav Grishenko <themiron@yandex-team.ru>
2022-09-27vnet: fix ip4 version and IHL checkDmitry Valter2-3/+11
Validate version and IHL regardless of present options. Originally VPP would accept seriously damaged headers in case IHL != 5. Type: fix Signed-off-by: Dmitry Valter <d-valter@yandex-team.ru> Change-Id: Ifd59622efa63dfad7f6e4858dec40ccac3274574
2022-09-19igmp: validate ip router alert option lengthVladislav Grishenko1-0/+5
It's known there're one or more 32-bit increments in the ip header. So just check ip router alert option length with minimal performance impact, and don't care of the total options length. Type: fix Signed-off-by: Vladislav Grishenko <themiron@yandex-team.ru> Signed-off-by: Dmitry Valter <d-valter@yandex-team.ru> Change-Id: I46dd06516f793846b931a1dc8612f2735f8d24d3
2022-09-14ip: show fib index in ip4 reassembly traceDamjan Marion1-28/+25
Type: improvement Change-Id: I371237803e2c3cb0e1b42b94f422867465e2bff6 Signed-off-by: Damjan Marion <dmarion@me.com>
2022-09-05ip: fix punt socket overflowBenoît Ganne1-3/+6
client_pathname is usually smaller than pc->caddr.sun_path. snprint() ensures we stop at the NULL character or sizeof(sun_path) whichever comes 1st. It also guarantees NULL character termination. Type: fix Change-Id: I9fc2a706beab931d50d32d03f7fafca7c6c2fb0b Signed-off-by: Benoît Ganne <bganne@cisco.com>
2022-08-18ip: Use .api declarative counters for ICMP.Neale Ranns5-85/+246
Type: improvement Signed-off-by: Neale Ranns <neale@graphiant.com> Change-Id: I3d36faa60075658fd59eb5bbe16efcb48664691b
2022-08-11ip: Use .api declared error countersNeale Ranns17-386/+648
Type: improvement Signed-off-by: Neale Ranns <neale@graphiant.com> Change-Id: I822ead1495edb96ee62e53dc5920aa6c565e3621
2022-06-29classify: use 32 bits hashBenoît Ganne1-16/+16
classify hash used to be stored as u64 in buffer metadata, use 32 bits instead: - on almost all our supported arch (x86 and arm64) we use crc32c intrinsics to compute the final hash: we really get a 32-bits hash - the hash itself is used to compute a 32-bits bucket index by masking upper bits: we always discard the higher 32-bits - this allows to increase the l2 classify buffer metadata padding such as it does not overlap with the ip fib_index metadata anymore. This overlap is an issue when using the 'set metadata' action in the ip ACL node which updates both fields Type: fix Change-Id: I5d35bdae97b96c3cae534e859b63950fb500ff50 Signed-off-by: Benoît Ganne <bganne@cisco.com>
2022-06-14ip: reassembly - Add node level stats, fix customapp behaviorVijayabhaskar Katamreddy2-16/+77
Type: fix Added stats for success and failure cases Fixed Custom app behaviors for the error / drop cases Signed-off-by: Vijayabhaskar Katamreddy <vkatamre@cisco.com> Change-Id: Id6e981c7be5c5b3cee5af2df505666d5558da470
2022-06-10ip: improve ip ACL tracesBenoît Ganne1-8/+23
Type: improvement Change-Id: I85c73cb940d81d0b249eda0d57de135bcd798418 Signed-off-by: Benoît Ganne <bganne@cisco.com>
2022-06-01ip: unformat_ip_address should no modify its argument on failureBenoît Ganne1-8/+9
When failing to match an ip address, we should not reset the ip address that could have been initialized by a previous match. Type: fix Change-Id: I026766391eb3eb8230f75f66bf4b681e774741d9 Signed-off-by: Benoît Ganne <bganne@cisco.com>
2022-05-27ip: reassembly - Fixing buffer leaks, corruption in v6 reasmVijayabhaskar Katamreddy2-42/+117
Type: fix *Buffer leaks and corruptions during internal errors, either overriding or missing to add the buffer to the list Signed-off-by: Vijayabhaskar Katamreddy <vkatamre@cisco.com> Change-Id: I1ead1eca1cde10a36d60dbfcfe36ca6375690b03
2022-05-26ip: reassembly - pacing reassembly timeouts for v6Vijayabhaskar Katamreddy1-9/+35
Type: fix Pace the main thread activity for reassembly timeouts, to avoid barrier syncs Signed-off-by: Vijayabhaskar Katamreddy <vkatamre@cisco.com> Change-Id: Iebe9a38d2a7a6471afa6621f12bb545668dc8384
2022-05-25docs: update spelling word list and fix typosDave Wallace1-5/+5
- update wordlist and fix typos so that 'make docs-spell' passes - sort spelling_wordlist.txt - update docs maintainers list Type: docs Signed-off-by: Dave Wallace <dwallacelf@gmail.com> Change-Id: I38ac7850c604c323427d2bb6877ea98bd10bcc38
2022-05-23ip: reassembly - fixing stepping index in a better wayVijayabhaskar Katamreddy1-8/+8
Type: fix pool_is_free_index() check is performed only for the first element Signed-off-by: Vijayabhaskar Katamreddy <vkatamre@cisco.com> Change-Id: Icadc715a9b54761ec69805a134a69a262137536d
2022-05-23ip: reassembly - adding custom reassembly nodeVijayabhaskar Katamreddy1-13/+75
Type: fix Custom node functionality is missing in v6, so bringing in similar to v4 functionality into ip6 as well Signed-off-by: Vijayabhaskar Katamreddy <vkatamre@cisco.com> Change-Id: I28b0be2fc55a00bfc0b456b1caaa1dcf5641a44e
2022-05-19api: refactor api data storageDamjan Marion1-4/+4
single struct to hold all api handler, flags, etc. Provide functions to toggle flags instead of writing directly to internal data. Type: refactor Change-Id: I4730d7290e57489de8eda34a72211527e015b721 Signed-off-by: Damjan Marion <damarion@cisco.com>
2022-05-19 ip: reassembly - pacing reassembly timeoutsVijayabhaskar Katamreddy1-4/+29
Type: fix Pace the main thread activity for reassembly timeouts, to avoid barrier syncs Signed-off-by: Vijayabhaskar Katamreddy <vkatamre@cisco.com> Change-Id: If8c62a05c7d28bfa6ac530c2cd5124834b4e8a70
2022-05-19ip: reassembly - increasing the nbuckets for reassVijayabhaskar Katamreddy2-47/+84
Type: fix Adding stats from debugging point of view Signed-off-by: Vijayabhaskar Katamreddy <vkatamre@cisco.com> Change-Id: I3118d3fd5d630fad80a42ab960e30459789123cf
2022-05-18ip: reassembly - increasing the nbuckets for reassVijayabhaskar Katamreddy2-2/+6
Type: fix as number of reass contexts increasing based on workers, increasing the number of nbuckets for bihash Signed-off-by: Vijayabhaskar Katamreddy <vkatamre@cisco.com> Change-Id: I83d061a709ecb8845ce745b18d03fdefc795787f