summaryrefslogtreecommitdiffstats
path: root/src/vnet/vxlan/vxlan.c
AgeCommit message (Collapse)AuthorFilesLines
2021-01-20vxlan: fix SEGV reported in VPP-1962Ed Warnicke1-5/+29
Type: fix Replace vnet_register_interface with ethernet_register_interface Fixes https://jira.fd.io/browse/VPP-1962 Signed-off-by: Ed Warnicke <hagbard@gmail.com> Change-Id: I5f578fc416605429fe1e2b510ad49eb754451d40 Signed-off-by: Ed Warnicke <hagbard@gmail.com>
2021-01-14vxlan: Protect against tunnel config where source is not localNeale Ranns1-2/+11
Type: fix If a tunnel's source is not local then post encap VPP will attempt to receive (via ip4-local) that packet, things go wrong from there. The fix is when stacking the encap forwarding don't accept a receive DPO. This approach is taken, rather than rejecting bad tunnels, because the 'local-ness' of the tunnel's source can change and we can't reject tunnels that were once correctly configured but are no longer. the user will quickly discover their mistake as traffic won't pass. Signed-off-by: Neale Ranns <nranns@cisco.com> Change-Id: I46198422e321606e8baba003112e978a526b4c2f
2020-12-14misc: move to new pool_foreach macrosDamjan Marion1-3/+3
Type: refactor Change-Id: Ie67dc579e88132ddb1ee4a34cb69f96920101772 Signed-off-by: Damjan Marion <damarion@cisco.com>
2020-10-21misc: minimize dependencies on udp.hFlorin Coras1-0/+1
Type: improvement Signed-off-by: Florin Coras <fcoras@cisco.com> Change-Id: Id13f33843b230a1d169560742c4f7b2dc17d8718
2020-08-31flow: code refactorChenmin Sun1-3/+7
This is the code refactor for vnet/flow infra and the dpdk_plugin flow implementation. The main works of the refactor are: 1. Added two base flow type: VNET_FLOW_TYPE_IP4 and VNET_FLOW_TYPE_IP6 as the base the flow type 2. All the other flows are derived from the base flow types 3. Removed some flow types that are not currently supported by the hardware, and VPP won't leverage them either: IP4_GTPU_IP4, IP4_GTPU_IP6, IP6_GTPC, IP6_GTPU, IP6_GTPU_IP4, IP6_GTPU_IP6 4. Re-implemented the vnet/flow cli as well as the dpdk_plugin implementation 5. refine cli prompt 6. refine display info in command "show flow entry" Type: refactor Signed-off-by: Chenmin Sun <chenmin.sun@intel.com> Change-Id: Ica5e61c5881adc73b28335fd83e36ec1cb420c96
2020-03-03geneve gtpu vxlan vxlan-gpe: VRF-aware bypass nodeNick Zavaritsky1-34/+7
Bypass node MUST NOT intercept a packet if destination IP doesn’t match a local address. However IP address interpretation depends on the VRF, hence bypass node must take that into account. This patch also factors-out common VTEP management and checking code. Type: improvement Signed-off-by: Nick Zavaritsky <nick.zavaritsky@emnify.com> Change-Id: I5665d94882bbf45d15f8da140c7ada528ec7fa94
2020-02-17misc: fix coverity warningsDave Barach1-2/+2
Add an ALWAYS_ASSERT (...) macro, to (a) shut up coverity, and (b) check the indicated condition in production images. As in: p = hash_get(...); ALWAYS_ASSERT(p) /* was ASSERT(p) */ elt = pool_elt_at_index(pool, p[0]); This may not be the best way to handle a specific case, but failure to check return values at all followed by e.g. a pointer dereference isn't ok. Type: fix Ticket: VPP-1837 Signed-off-by: Dave Barach <dave@barachs.net> Change-Id: Ia97c641cefcfb7ea7d77ea5a55ed4afea0345acb
2019-12-17vxlan geneve gtpu: fix short helpPaul Vinciguerra1-1/+1
Type: fix Change-Id: Id53eb6ed15f270d747b9831a7b585cbafe515dd2 Signed-off-by: Paul Vinciguerra <pvinci@vinciconsulting.com>
2019-12-05vxlan: fix vxlan hw offload issueChenmin Sun1-1/+3
Type: fix Since Vxlan hw offload jumps the ethernet-input node, so needs to adjust the data offset accordingly In original code, the current_data is 0 when arriving vxlan-flow-input node(due to no graph node before it, except the dpdk-input), so this code block cannot find the correct vxlan header: enum { payload_offset = sizeof (ip4_vxlan_header_t) }; vlib_buffer_advance (b0, payload_offset); see code in src/vnet/vxlan/decap.c, function vxlan4_flow_input_node This patch fixes this issue Signed-off-by: Chenmin Sun <chenmin.sun@intel.com> Change-Id: Iab4af7a7dc3b69a117a4c9ea1c59662669a6438c
2019-07-19fib: FIB Entry trackingNeale Ranns1-7/+7
Instead of all clients directly RR sourcing the entry they are tracking, use a deidcated 'tracker' object. This tracker object is a entry delegate and a child of the entry. The clients are then children of the tracker. The benefit of this aproach is that each time a new client tracks the entry it doesn't RR source it. When an entry is sourced all its children are updated. Thus, new clients tracking an entry is O(n^2). With the tracker as indirection, the entry is sourced only once. Type: feature Change-Id: I5b80bdda6c02057152e5f721e580e786cd840a3b Signed-off-by: Neale Ranns <nranns@cisco.com>
2019-06-18fib: fib api updatesNeale Ranns1-7/+5
Enhance the route add/del APIs to take a set of paths rather than just one. Most unicast routing protocols calcualte all the available paths in one run of the algorithm so updating all the paths at once is beneficial for the client. two knobs control the behaviour: is_multipath - if set the the set of paths passed will be added to those that already exist, otherwise the set will replace them. is_add - add or remove the set is_add=0, is_multipath=1 and an empty set, results in deleting the route. It is also considerably faster to add multiple paths at once, than one at a time: vat# ip_add_del_route 1.1.1.1/32 count 100000 multipath via 10.10.10.11 100000 routes in .572240 secs, 174751.80 routes/sec vat# ip_add_del_route 1.1.1.1/32 count 100000 multipath via 10.10.10.12 100000 routes in .528383 secs, 189256.54 routes/sec vat# ip_add_del_route 1.1.1.1/32 count 100000 multipath via 10.10.10.13 100000 routes in .757131 secs, 132077.52 routes/sec vat# ip_add_del_route 1.1.1.1/32 count 100000 multipath via 10.10.10.14 100000 routes in .878317 secs, 113854.12 routes/sec vat# ip_route_add_del 1.1.1.1/32 count 100000 multipath via 10.10.10.11 via 10.10.10.12 via 10.10.10.13 via 10.10.10.14 100000 routes in .900212 secs, 111084.93 routes/sec Change-Id: I416b93f7684745099c1adb0b33edac58c9339c1a Signed-off-by: Neale Ranns <neale.ranns@cisco.com> Signed-off-by: Ole Troan <ot@cisco.com> Signed-off-by: Paul Vinciguerra <pvinci@vinciconsulting.com>
2019-06-04features will register udp ports once configuredJakub Grajciar1-5/+11
plugins: - ipfixcollector vnet: - geneve - vxlan_gpe - vxlan Change-Id: I69a8b4017ee6990f2b4874fe3e94c4520bde7101 Signed-off-by: Jakub Grajciar <jgrajcia@cisco.com>
2019-01-09VXLAN: Prevent duplicate bypass graph nodes.Jon Loeliger1-4/+33
Change-Id: I68cc509b594b09751ff5e0e09bbca187a4a88edd Signed-off-by: Jon Loeliger <jdl@netgate.com>
2018-10-23c11 safe string handling supportDave Barach1-2/+2
Change-Id: Ied34720ca5a6e6e717eea4e86003e854031b6eab Signed-off-by: Dave Barach <dave@barachs.net>
2018-10-14vxlan:fix ip6 tunnel deletionEyal Bari1-1/+2
Change-Id: I70fb7394f85b26f7e632d74fc31ef83597efdd16 Signed-off-by: Eyal Bari <ebari@cisco.com>
2018-10-05vxlan:ip4 decap:remove access to tunnel objectEyal Bari1-20/+30
store local/remote addresses + vrf + vni in hash key store complete decap info in hash value (sw_if_index + next_index + error) this removes the need to access the tunnel object when matching both unicast and mcast. however for mcast handling it requires 3 hash lookups: * one failed unicast lookup (by src+dst addrs) * lookup by mcast(dst) addr . * unicast lookup (tunnel local ip as dst + pkt's src addr) where previously it needed 2: * lookup by src to find unicast tunnel + compare dst to local addr (failing for mcast) * lookup by mcast to find the mcast tunnel Change-Id: I7a3485d130a54194b8f7e2df0431258db36eceeb Signed-off-by: Eyal Bari <ebari@cisco.com>
2018-09-24Trivial: Clean up some typos.Paul Vinciguerra1-6/+6
Change-Id: I085615fde1f966490f30ed5d32017b8b088cfd59 Signed-off-by: Paul Vinciguerra <pvinci@vinciconsulting.com>
2018-07-31fix 'sh vxlan tunnels'Neale Ranns1-15/+4
this receipe: /* Get a line of input. */ if (!unformat_user (input, unformat_line_input, line_input)) return 0; only works if there is more data following the registered command name. So it is not so good for show commands... Change-Id: I54249865a44526ade4b40e2d6207138a2d056e40 Signed-off-by: Neale Ranns <neale.ranns@cisco.com>
2018-07-23fix vector index range checksEyal Bari1-1/+1
Change-Id: I63c36644c9d93f2c3ec6606ca0205b407499de4e Signed-off-by: Eyal Bari <ebari@cisco.com>
2018-07-09vxlan:use bihash_16_8 for ipv4 lookupEyal Bari1-23/+44
Change-Id: I0d4630c88d6caacffcd073ebaa12766dfc893f70 Signed-off-by: Eyal Bari <ebari@cisco.com>
2018-07-05vxlan:use bihash_24_8 for ipv6 lookupEyal Bari1-22/+62
* added the fib index into the key * conform coding style for vxlan.h * added "show vxlan tunnel raw" command to dump bihash Change-Id: Icc96e41abb648e96de5b4605b035f68f9e20f8a9 Signed-off-by: Eyal Bari <ebari@cisco.com>
2018-06-13vxlan:offload RX floweyal bari1-0/+128
ip4 vxlan cli/api (using flow infra) to create flows and enable them on different hardware (currently tested with i40e) to offload a vxlan tunnel onto hw: set flow-offload vxlan hw TwentyFiveGigabitEthernet3/0/0 rx vxlan_tunnel1 to remove offload: set flow-offload vxlan hw TwentyFiveGigabitEthernet3/0/0 rx vxlan_tunnel1 del TODO:ipv6 handling Change-Id: I70e61f792ef8e3f007d03d7df70e97ea4725b101 Signed-off-by: Eyal Bari <ebari@cisco.com>
2018-05-07vxlan:vxlan.c conform coding styleEyal Bari1-354/+374
Change-Id: I9937912cd760698e39044e8ae022a90b58c8db30 Signed-off-by: Eyal Bari <ebari@cisco.com>
2018-05-02Fix CentOS 7 build issue with vxlanMatthew Smith1-2/+4
Two vxlan union/struct initializations caused gcc on CentOS 7 to puke. Modified them to make the build work again. Change-Id: Iad667444b86cfde5ee4329993b520028d3b593ad Signed-off-by: Matthew Smith <mgsmith@netgate.com>
2018-05-02vxlan:encap - use vnet rewriteeyal bari1-14/+10
moving the rewrite into the tunnel struct Change-Id: Iec74b48e13456d32957e826cffb5ea35a8ebd1a0 Signed-off-by: Eyal Bari <ebari@cisco.com>
2018-04-25vxlan:remove single bucket load-balance dpo'sEyal Bari1-9/+23
from encap path Change-Id: I62a8d13495355ad5e687f13b86c2a5d360bb2b7f Signed-off-by: Eyal Bari <ebari@cisco.com>
2018-03-27vxlan:refactor add del command functionEyal Bari1-102/+43
Change-Id: I33ba5a011100baf1c786f9a63a0cf3d2e1020493 Signed-off-by: Eyal Bari <ebari@cisco.com>
2018-02-23VXLAN: Instance numbers now properly freed upon delete.Jon Loeliger1-1/+1
Fixes a small bookkeeping oversight where the VXLAN instance numbers were being freed erroneously by their device_instance number rather than the correct user_instance number. Change-Id: I08f6b2089c7a14cc8a8cb91f04f850f60ecec43b Signed-off-by: Jon Loeliger <jdl@netgate.com>
2018-02-16Minor VXLAN/GRE Tunnel Encap Optimization and CleanupJohn Lo1-9/+2
Change-Id: I62a2a6524b72115a4239fbd7dc9ac8fdc35e20ed Signed-off-by: John Lo <loj@cisco.com>
2018-02-15Optimize GRE Tunnel and add support for ERSPAN encapJohn Lo1-4/+0
Change GRE tunnel to use the interface type where the same encap node is used as output node for all GRE tunnels, instead of having dedicated output and tx node for each tunnel. This allows for more efficient tunnel creation and deletion at scale tested at 1000's of GRE tunnels. Add support for ERSPAN encap as another tunnel type, in addition to the existing L3 and TEB types. The GRE ERSPAN encap supported is type 2 thus GRE encap need to include sequence number and GRE- ERSPAN tunnel can be created with user secified ERSPAN session ID. The GRE tunnel lookup hash key is updated to inclue tunnel type and session ID, in addition to SIP/DIP and FIB index. Thus, GRE-ERSPAN tunnel can be created, with the appropriate session ID, to be used as output interface for SPAN config to send mirrored packets. Change interface naming so that all GRE tunnels, irrespective of tunnel type, uses "greN" where N is the instance number. Removed interface reuse on tunnel creation and deletion to enable unfied tunnel interface name. Add support of user specified instance on GRE tunnel creation. Thus, N in the "greN" interface name can optionally be specified by user via CLI/API. Optimize GRE tunnel encap DPO stacking to bypass load-balance DPO node since packet output on GRE tunnel always belong to the same flow after 5-tupple hash. Change-Id: Ifa83915744a1a88045c998604777cc3583f4da52 Signed-off-by: John Lo <loj@cisco.com>
2018-02-14vxlan:remove interface recycle mechanismEyal Bari1-66/+11
vxlan interfaces no longer create tx nodes and are "cheap" to create and delete Change-Id: I7628d8ce86ec88609ed08162c94f5bc95df0d9f4 Signed-off-by: Eyal Bari <ebari@cisco.com>
2018-02-07VXLAN: Allow user to specify a custom vxlan tunnel instance id.Jon Loeliger1-16/+90
If one is not selected by the user, the next available id will be allocated, thus maintaining backward compatibility. Change-Id: I4691ed0638b8072f9cfa9f20b9fe4f981e708800 Signed-off-by: Jon Loeliger <jdl@netgate.com>
2018-02-01FIB: Consolidate several copies of fib_ip_proto() into one.Jon Loeliger1-6/+0
Rather than having multiple copies of the same function scattered around, promote the function into the FIB PROTOCOL definitions in fib_types.h. Change-Id: I11c4d85931167d3a5f3dc1278afecc8845b23cd7 Signed-off-by: Jon Loeliger <jdl@netgate.com>
2018-01-24Improve tunnel interface creation performanceJohn Lo1-19/+10
Modify interface creation to allow creation of tunnel interfaces without dedicated per tunnel output and tx nodes which are not used for most tunnel types. Also changed interface-output node function vnet_per_buffer_interface_output() so it does not rely on hw_if_index as the next node index which is not flexible nor efficient for large scale tunnel interfaces. The improvenemts are done for VXLAN, VXLAN-GPE, GENEVE and GTPU tunnels. GRE tunnel is still using per tunnel output nodes which will be changed in a separate patch with other GRE enhencements. Change-Id: I4123c01c0d2ead814417a867adb8c8a407e4df55 Signed-off-by: John Lo <loj@cisco.com>
2018-01-13Improve "show xxx tunnel" and "show int addr" outputJohn Lo1-16/+13
Improve "show xxx tunnel" output functions format_xxx_tunnel() for GRE, VXLAN, VXLAN-GPE, GENEVE and GTPU tunnels to make their output more consistent and provide better information. Improved the output of "show int addr" to make its info more consistent with tunnels and provide fib-index info. Change-Id: Icd4b5b85a5bec417f8ee19afea336c770ad3b4c5 Signed-off-by: John Lo <loj@cisco.com>
2018-01-05Unify and cleanup usage of hash_set/unset_mem by various tunnelsJohn Lo1-23/+7
Move the functions hash_set_key_copy() and hash_unset_key_free() which are dupilicated in various tunnel support code modules to hash.h as hash_set_mem_alloc() and hash_unset_mem_free() to be used by all. Change-Id: I40723cabe29072ab7feb1804c221f28606d8e4fe Signed-off-by: John Lo <loj@cisco.com>
2017-11-26FIB: store the node type not the function pointer.Neale Ranns1-2/+0
Saves memory at no appreciable performance cost. before: DBGvpp# sh fib mem FIB memory Name Size in-use /allocated totals Entry 80 7 / 150 560/12000 after: DBGvpp# sh fib mem FIB memory Name Size in-use /allocated totals Entry 72 7 / 7 504/504 Change-Id: Ic5d3920ceb57b54260dc9af2078c26484335fef1 Signed-off-by: Neale Ranns <nranns@cisco.com>
2017-08-08L2 over MPLSNeale Ranns1-1/+1
[support for VPWS/VPLS] - switch to using dpo_proto_t rather than fib_protocol_t in fib_paths so that we can describe L2 paths - VLIB nodes to handle pop/push of MPLS labels to L2 Change-Id: Id050d06a11fd2c9c1c81ce5a0654e6c5ae6afa6e Signed-off-by: Neale Ranns <nranns@cisco.com>
2017-04-13Remove unsed parameter from fib_table_entry_special_add() (only used in FIB ↵Neale Ranns1-1/+1
tests). The DPO was incorrectly initialised with FIB_PROTO_MAX Change-Id: I962df9e162e4dfb6837a5ce79ea795d5ff2d7315 Signed-off-by: Neale Ranns <nranns@cisco.com>
2017-04-06VXLAN:fix tunnel delete not returning sw_if_indexEyal Bari1-0/+1
when tunnel is deleted reply should include the tunnel's sw_if_index instead of ~0 Change-Id: Ie5e04f4feab9cf2c90f0e155ec0fb9ca839a956d Signed-off-by: Eyal Bari <ebari@cisco.com>
2017-03-07CLI: hide deleted interfacesEyal Bari1-0/+7
Added a new interface flag - HIDDEN Indicates that the interface does not appear in CLI/API. Added three new interface functions: vnet_sw_interface_is_api_visible - indicates if the sw_if_index should be displayed vnet_swif_is_api_visible - variant for sw_interface vnet_sw_interface_is_api_valid - tests if the given if_index exists and is visible for future use by api functions Changed the unformat function to only accept visible interfaces Changed vxlan to add the HIDDEN flag to deleted interfaces This is the first part in a series to hide deleted interfaces from the API Change-Id: Ib43cc5cf1c450856560faf4e84126eb3671038e2 Signed-off-by: Eyal Bari <ebari@cisco.com>
2017-02-27fix:vxlan mcast adj - added as ucast dpo adjEyal Bari1-1/+1
Change-Id: Ic2447313075cd46f265202dffaaac894f48ddf6d Signed-off-by: Eyal Bari <ebari@cisco.com>
2017-02-22VPP-635: CLI Memory leak with invalid parameterBilly McFall1-19/+62
In the CLI parsing, below is a common pattern: /* Get a line of input. */ if (!unformat_user (input, unformat_line_input, line_input)) return 0; while (unformat_check_input (line_input) != UNFORMAT_END_OF_INPUT) { if (unformat (line_input, "x")) x = 1; : else return clib_error_return (0, "unknown input `%U'", format_unformat_error, line_input); } unformat_free (line_input); The 'else' returns if an unknown string is encountered. There a memory leak because the 'unformat_free(line_input)' is not called. There is a large number of instances of this pattern. Replaced the previous pattern with: /* Get a line of input. */ if (!unformat_user (input, unformat_line_input, line_input)) return 0; while (unformat_check_input (line_input) != UNFORMAT_END_OF_INPUT) { if (unformat (line_input, "x")) x = 1; : else { error = clib_error_return (0, "unknown input `%U'", format_unformat_error, line_input); goto done: } } /* ...Remaining code... */ done: unformat_free (line_input); return error; } In multiple files, 'unformat_free (line_input);' was never called, so there was a memory leak whether an invalid string was entered or not. Also, there were multiple instance where: error = clib_error_return (0, "unknown input `%U'", format_unformat_error, line_input); used 'input' as the last parameter instead of 'line_input'. The result is that output did not contain the substring in error, instead just an empty string. Fixed all of those as well. There are a lot of file, and very mind numbing work, so tried to keep it to a pattern to avoid mistakes. Change-Id: I8902f0c32a47dd7fb3bb3471a89818571702f1d2 Signed-off-by: Billy McFall <bmcfall@redhat.com> Signed-off-by: Dave Barach <dave@barachs.net>
2017-02-02VXLAN: further unify ip4/ip6 ctl plane handlingEyal Bari1-81/+53
fix wrong udp error codes in decap ip6 handling Change-Id: Ibf791a995128d38b31725c1ee67ec9d1c9dffca2 Signed-off-by: Eyal Bari <ebari@cisco.com>
2017-01-31VXLAN: small changes for brevityEyal Bari1-49/+16
Change-Id: I9cfff0196845c6f1161848aa49442aa4df81b20e Signed-off-by: Eyal Bari <ebari@cisco.com>
2017-01-31Add vxlan-bypass feature to IP6 forwarding pathJohn Lo1-0/+171
Add vxlan-bypass feature which can be enabled on the IP6 underlay interface which receive VXLAN packets to accelerate VXLAN decap processing. The CLI to enable/disable it is: set interface ip6 vxlan-bypass <interface> [del] The vxlan-bypass feature is already supported on the IP4 underlay interface. The CLI to enable/disable it is: set interface ip vxlan-bypass <interface> [del] Move vxlan-bypass API/CLI support code from decap.c to vxlan.c. Also fixed two issues in the VXLAN decap path in the vxlan-input node: 1. Add verification of VXLAN packet FIB index with the encap-vrf-id of the VXLAN tunnel. 2. Fix checking of VXLANoIPv6 packet mcast DIP against that of the IP6 mcast VXLAN tunnel. Change-Id: I2bad4074a468c48fbb8bb5ac64f6437190756ed2 Signed-off-by: John Lo <loj@cisco.com>
2017-01-27IP Multicast FIB (mfib)Neale Ranns1-30/+82
- IPv[46] mfib tables with support for (*,G/m), (*,G) and (S,G) exact and longest prefix match - Replication represented via a new replicate DPO. - RPF configuration and data-plane checking - data-plane signals sent to listening control planes. The functions of multicast forwarding entries differ from their unicast conterparts, so we introduce a new mfib_table_t and mfib_entry_t objects. However, we re-use the fib_path_list to resolve and build the entry's output list. the fib_path_list provides the service to construct a replicate DPO for multicast. 'make tests' is added to with two new suites; TEST=mfib, this is invocation of the CLI command 'test mfib' which deals with many path add/remove, flag set/unset scenarios, TEST=ip-mcast, data-plane forwarding tests. Updated applications to use the new MIFB functions; - IPv6 NS/RA. - DHCPv6 unit tests for these are undated accordingly. Change-Id: I49ec37b01f1b170335a5697541c8fd30e6d3a961 Signed-off-by: Neale Ranns <nranns@cisco.com>
2017-01-20VXLAN - Add IPv6 tunnels src ref countEyal Bari1-69/+66
and refactored hash table mem keys access hash_set_key_dup - same as hash_set_mem but duplicates the key hash_unset_key_free - same as hash_unset_mem but frees the key Change-Id: I18cdcf7e41c57faa615d6337acaf8d1ad058a4c1 Signed-off-by: Eyal Bari <ebari@cisco.com>
2017-01-03vxlan fix mcast tunnel deleteEyal Bari1-22/+26
Change-Id: I15f7ff1e957718e808bfad811895deaacb85d2a3 Signed-off-by: Eyal Bari <ebari@cisco.com>
2016-12-28Reorganize source tree to use single autotools instanceDamjan Marion1-0/+899
Change-Id: I7b51f88292e057c6443b12224486f2d0c9f8ae23 Signed-off-by: Damjan Marion <damarion@cisco.com>