aboutsummaryrefslogtreecommitdiffstats
path: root/src/vnet
AgeCommit message (Collapse)AuthorFilesLines
2018-12-26tcp: add more last-ack arcsFlorin Coras1-0/+19
Change-Id: If538bb9d6fb489906099b727a7bfdb9d9af29402 Signed-off-by: Florin Coras <fcoras@cisco.com>
2018-12-26tcp: separate active and passive establish timersFlorin Coras5-94/+107
Change-Id: Ia2241e963cf45765d8d17c65eea781edbf74d4f9 Signed-off-by: Florin Coras <fcoras@cisco.com>
2018-12-25tcp: add fin-wait-1 dispatch arcsFlorin Coras1-0/+19
Change-Id: Ie4cb08f5d9f7fd025f1a8ae610cebb0b0c315d9f Signed-off-by: Florin Coras <fcoras@cisco.com>
2018-12-24FIB: adj src assert fix part 2Neale Ranns1-1/+8
Change-Id: Ic112180e53a55993b06ba18102202d6ac5854def Signed-off-by: Neale Ranns <nranns@cisco.com>
2018-12-24tcp: compute seq_end in tcp_inputFlorin Coras3-50/+41
syn/fin are no longer added to seq_end so they must be considered individually in each state. Change-Id: I5e3047194101c4fca2db9f9ad29a4a6468c397ab Signed-off-by: Florin Coras <fcoras@cisco.com>
2018-12-23FIB: remove assert from adj srcNeale Ranns1-1/+0
this is the case when the ADJ fib is in the non-forwarding trie Change-Id: I7bcda475b3b1e142d16363147dba3a1e2c5a07f9 Signed-off-by: Neale Ranns <nranns@cisco.com>
2018-12-22tcp: improve waitclose in closing statesFlorin Coras6-17/+83
Change-Id: I90056176194cb2a144d49a3cb283653d8d30f051 Signed-off-by: Florin Coras <fcoras@cisco.com>
2018-12-22ethernet-input tagged packets optimizationsDamjan Marion1-269/+474
Change-Id: I21bdd8982d5f357590af8a2a0219bdebbaee4e74 Signed-off-by: Damjan Marion <damarion@cisco.com>
2018-12-22tapv2: coverity woeSteven1-2/+4
coverity complains about fd leaking inside the if statement because there is a goto which bypasses the statement close (fd). The fix is to close (fd) immediately after it is no longer used. Change-Id: Ic5035b07ec1f179ff3db77744843e47aa8067a3c Signed-off-by: Steven <sluong@cisco.com>
2018-12-21http server: improvementsFlorin Coras3-109/+291
- use http sessions to track communication with peer (as opposed to using the raw sessions) - for static server send ok message prior to sending data - static server can now handle GET requests spread over multiple packets. Good for testing http/tcp implementation. Change-Id: I767a790de9a42e7087db5ce8eefd8efaf598c695 Signed-off-by: Florin Coras <fcoras@cisco.com>
2018-12-21MFIB: coverity fixesNeale Ranns2-7/+16
Change-Id: I5c1bc498f7299e175070eb288e40f8d037c9be3a Signed-off-by: Neale Ranns <nranns@cisco.com>
2018-12-21tcp: fix fin_wait_1 condition to send finFlorin Coras4-3/+20
Also add the closed-waiting session state wherein the session still allows the transport to send oustanding data. Change-Id: Ic47807379906ef2010934381ff0b9e53c7e631d8 Signed-off-by: Florin Coras <fcoras@cisco.com>
2018-12-20tcp: fix syn-sent resetFlorin Coras1-7/+9
Change-Id: I4a811672b27c70bf0e9652c175c7f4168ec40ed7 Signed-off-by: Florin Coras <fcoras@cisco.com>
2018-12-20FIB: encode the label stack in the FIB path during table dumpNeale Ranns14-22/+176
Change-Id: I28e8a99b980ad343a4209e673201791b91ceab4e Signed-off-by: Neale Ranns <nranns@cisco.com>
2018-12-20delete policer classify repeat count drop packets when action is DROPcohu1-5/+0
Change-Id: Id912bc570f42b1709596a917ecf5e56c237ce192 Signed-off-by: cohu <cong.hu@tieto.com>
2018-12-20reassembly: replace asserts with error countersKlement Sekera4-128/+272
Change-Id: Iaa39aea990bc04147f6a049215e990a567d30106 Signed-off-by: Klement Sekera <ksekera@cisco.com>
2018-12-19session: add cli option to dump session elogFlorin Coras3-3/+31
Change-Id: I1f42644f143bb65ee764c0f869b402595126adac Signed-off-by: Florin Coras <fcoras@cisco.com>
2018-12-19tcp: fix fin in syn-rcvdFlorin Coras2-11/+18
Change-Id: Iba7c08c9edcf76ea24d00d5ea9e0586e9f94df4e Signed-off-by: Florin Coras <fcoras@cisco.com>
2018-12-19tcp: add more state machine arcsFlorin Coras1-5/+79
This mostly adds explicit drops or resets for state and flag combinations that would've been otherwise dropped with a warning message. It also adds some valid RST handlers. Change-Id: Ib0d19a0939fe275befeb29cf072b87b1a79937ce Signed-off-by: Florin Coras <fcoras@cisco.com>
2018-12-19tcp/session: notify transport of close when tx fifo is not emptyFlorin Coras4-22/+29
Disconnect transport even if tx fifo is not empty and have transport deal with the problem. In case of tcp, add timer to fin_wait_1. If it expires and we're still in established state, cleanup but only after waiting for session tx events to cleanup. Change-Id: I45759a3c43dd096bb2c03daf5372416c30678d62 Signed-off-by: Florin Coras <fcoras@cisco.com>
2018-12-19session: handle close before app accept replyFlorin Coras3-7/+5
Change-Id: Ic35bbf55851087d70bfacc1eab4dea4285f98c86 Signed-off-by: Florin Coras <fcoras@cisco.com>
2018-12-18tcp/session: drop connections if message queue is fullFlorin Coras4-21/+28
Also cleanup session table when transport closes and app didn't reply to the close notification. Change-Id: Ie3d518e3afff73437561561b46dbf695c24632ad Signed-off-by: Florin Coras <fcoras@cisco.com>
2018-12-18MFIB: recurse resolution through an MFIB entryNeale Ranns23-177/+1630
Change-Id: I8dc261e40b8398c5c8ab6bb69ecebbd0176055d9 Signed-off-by: Neale Ranns <nranns@cisco.com>
2018-12-18PAPI: Add MACAddress object wrapper for vl_api_mac_address_tOle Troan5-18/+9
Change the definition of vl_api_mac_address_t to an aliased type. Change-Id: I1434f316d0fad6a099592f39bceeb8faeaf1d134 Signed-off-by: Ole Troan <ot@cisco.com>
2018-12-18tcp: cleanup connections if handshake failsFlorin Coras1-3/+2
Change-Id: If109d6772cbd58f4f2a56ae7ec593639d1fa1b96 Signed-off-by: Florin Coras <fcoras@cisco.com>
2018-12-17tcp: fix handling of broken syn optionsFlorin Coras4-5/+15
Change-Id: Ia8b2a077ba4897ddd15cf33221b191cd7a3f1d33 Signed-off-by: Florin Coras <fcoras@cisco.com>
2018-12-17tcp: accept rst that fail pawsFlorin Coras1-9/+9
Change-Id: I945d1644a23b6a3d50c9beaffc732d2b6facd974 Signed-off-by: Florin Coras <fcoras@cisco.com>
2018-12-17stats: Deprecate old stats frameworkOle Troan1-74/+0
Change-Id: Iecdf0e5767115ef0570e9ea7212dc4644cf4afbd Signed-off-by: Ole Troan <ot@cisco.com>
2018-12-17vcl/session: handle reset/disconnect before app acceptFlorin Coras4-13/+22
Also further improves reset handling. Change-Id: I6e517632f700f181761726b965134e0c217eb06d Signed-off-by: Florin Coras <fcoras@cisco.com>
2018-12-16VPP-1523: harden reassemblyKlement Sekera1-5/+3
Change-Id: I00d7b38bd99e81e3921ce08cce50d613f11de36e Signed-off-by: Klement Sekera <ksekera@cisco.com>
2018-12-16IP6-MFIB: replace the radix tree with bihash (VPP-1526)Neale Ranns11-156/+204
Change-Id: I7a48890c075826fbd8c75436dfdc5ffff230a693 Signed-off-by: Neale Ranns <nranns@cisco.com>
2018-12-14VPP-1510: add support for punt deletePavel Kotucek1-1/+12
Change-Id: Ibd7b1b13da0861f67e5e9e73bf6539199b3c82ea Signed-off-by: Pavel Kotucek <pavel.kotucek@pantheon.tech>
2018-12-13reassembly: fix internal buffer count accountingKlement Sekera1-0/+3
Change-Id: I6af2c8552aeafe0abc8b8c3e5af1a05640e95919 Signed-off-by: Klement Sekera <ksekera@cisco.com>
2018-12-13VPP-1522: harden reassembly codeKlement Sekera2-24/+40
Change-Id: Ib5a20bff7d8a340ecf50bcd4a023d6bf36382ba3 Signed-off-by: Klement Sekera <ksekera@cisco.com>
2018-12-13tcp: drop handshake ack with fin setFlorin Coras1-1/+1
Change-Id: I529c34235ad2b0e4c730959bb1b8c9d50a83738c Signed-off-by: Florin Coras <fcoras@cisco.com>
2018-12-13make build failure.Paul Vinciguerra2-4/+4
[84/597] Building C object vnet/CMakeFiles/vnet.dir/ip/ip_types_api.c.o FAILED: ccache /usr/lib/ccache/cc -DWITH_LIBSSL=1 -Dvnet_EXPORTS -I/vpp/src -I. -Iinclude -march=corei7 -mtune=corei7-avx -g -O2 -DFORTIFY_SOURCE=2 -fstack-protector -fPIC -Werror -fPIC -Wno-address-of-packed-member -Wall -MMD -MT vnet/CMakeFiles/vnet.dir/ip/ip_types_api.c.o -MF vnet/CMakeFiles/vnet.dir/ip/ip_types_api.c.o.d -o vnet/CMakeFiles/vnet.dir/ip/ip_types_api.c.o -c /vpp/src/vnet/ip/ip_types_api.c /vpp/src/vnet/ip/ip_types_api.c: In function 'ip_address_union_encode': /vpp/src/vnet/ip/ip_types_api.c:70:13: error: incompatible type for argument 1 of 'memcpy' memcpy (out->ip6, &in->ip6, sizeof (out->ip6)); ^ In file included from /usr/include/string.h:635:0, from /vpp/src/vppinfra/string.h:55, from /vpp/src/vppinfra/mem.h:55, from /vpp/src/vppinfra/vec.h:42, from /vpp/src/vppinfra/error.h:53, from /vpp/src/vppinfra/hash.h:41, from /vpp/src/vnet/ip/ip.h:43, from /vpp/src/vnet/ip/ip_types_api.h:23, from /vpp/src/vnet/ip/ip_types_api.c:16: /usr/include/x86_64-linux-gnu/bits/string3.h:50:42: note: expected 'void * restrict' but argument is of type 'vl_api_ip6_address_t {aka struct _vl_api_ip6_address}' __NTH (memcpy (void *__restrict __dest, const void *__restrict __src, ^ /vpp/src/vnet/ip/ip_types_api.c:72:13: error: incompatible type for argument 1 of 'memcpy' memcpy (out->ip4, &in->ip4, sizeof (out->ip4)); ^ In file included from /usr/include/string.h:635:0, from /vpp/src/vppinfra/string.h:55, from /vpp/src/vppinfra/mem.h:55, from /vpp/src/vppinfra/vec.h:42, from /vpp/src/vppinfra/error.h:53, from /vpp/src/vppinfra/hash.h:41, from /vpp/src/vnet/ip/ip.h:43, from /vpp/src/vnet/ip/ip_types_api.h:23, from /vpp/src/vnet/ip/ip_types_api.c:16: /usr/include/x86_64-linux-gnu/bits/string3.h:50:42: note: expected 'void * restrict' but argument is of type 'vl_api_ip4_address_t {aka struct _vl_api_ip4_address}' __NTH (memcpy (void *__restrict __dest, const void *__restrict __src, ^ /vpp/src/vnet/ip/ip_types_api.c: At top level: cc1: error: unrecognized command line option '-Wno-address-of-packed-member' [-Werror] cc1: all warnings being treated as errors [84/597] Building C object vnet/CMakeFiles/vnet.dir/ip/ip4_forward.c.o ninja: build stopped: subcommand failed. Makefile:691: recipe for target 'vpp-build' failed make[1]: *** [vpp-build] Error 1 make[1]: Leaving directory '/vpp/build-root' Makefile:394: recipe for target 'test' failed make: *** [test] Error 2 DBGvpp# show cpu Model name: Intel(R) Core(TM) i7-4870HQ CPU @ 2.50GHz Microarchitecture: Haswell (Crystalwell) Flags: sse3 ssse3 sse41 sse42 avx avx2 aes invariant_tsc Base frequency: 2.49 GHz DBGvpp# show version verbose Version: v19.01-rc0~447-g3be662f Compiled by: vagrant Compile host: vpp Compile date: Mon Dec 10 14:55:24 PST 2018 Compile location: /vpp Compiler: GCC 5.4.0 20160609 Current PID: 14104 Change-Id: I6ff03bc5ad1c3517256e244b6986e9a1507a3349 Signed-off-by: Paul Vinciguerra <pvinci@vinciconsulting.com>
2018-12-13Fix VPP-1530 Classify session creation errorjackiechen19851-1/+1
Change-Id: I6f877be6b3a1ef7100607560d430400bb824b6ba Signed-off-by: jackiechen1985 <xiaobo.chen@tieto.com>
2018-12-13tcp: fix handling of no wscale in synsFlorin Coras2-1/+6
Change-Id: I7219a8d315b312812acafd9d2709fba8b4a2a679 Signed-off-by: Florin Coras <fcoras@cisco.com>
2018-12-13tcp: validate seq for handshake ackFlorin Coras1-0/+8
Change-Id: Ifc0584d781efc30904069ea17c0afbb68c49c442 Signed-off-by: Florin Coras <fcoras@cisco.com>
2018-12-13session/tcp: support tx flush markFlorin Coras7-4/+47
For tcp this means that the last enqueued data goes out with a psh bit set. Change-Id: I29d357ecae6f02e748b59a7b799150ec73d14ba2 Signed-off-by: Florin Coras <fcoras@cisco.com>
2018-12-13ip4_rewrite_inline: fix variable errorZhiyong Yang1-2/+2
Change-Id: I0470b4b13095583fe018f565f100342fab45715e Signed-off-by: Zhiyong Yang <zhiyong.yang@intel.com>
2018-12-12fix spurious error setting SA on ipsec intfMatthew Smith1-1/+1
Reverse the polarity on test to determine if old SA session deletion succeeded. 0 == success, not failure. Change-Id: I499cb04c7f13165e6c92367d4385057b77fe3836 Signed-off-by: Matthew Smith <mgsmith@netgate.com>
2018-12-12Change ipsec feature node namesPierre Pfister6-32/+32
ipsec4-output and ipsec6-output were conflicting with ipsec interface names ("ipsec<id>") and vnet/interface.c autogenerated output node ("<ifname>-output"). Changing feature names seems to be the less invasive option. This patch also changes "input" feature names for consistency. Change-Id: I4ba10d07e9ba09df20aa2500104252b06b55f8f7 Signed-off-by: Pierre Pfister <ppfister@cisco.com>
2018-12-11Add IPSec interface FIB index for TX packetPierre Pfister6-6/+36
This patch adds a configuration parameter to IPSec tunnels, enabling custom FIB selection for encapsulated packets. Although this option could also be used for policy-based IPSec, this change only enables it for virtual-tunnel-interface mode. Note that this patch does change the API default behavior regarding TX fib selection for encapsulated packets. Previous behavior was to use the same FIB after and before encap. The new default behavior consists in using the FIB 0 as default. Change-Id: I5c212af909940a8cf6c7e3971bdc7623a2296452 Signed-off-by: Pierre Pfister <ppfister@cisco.com>
2018-12-11Fix [csit-dev] CSIT IPv6 IPSec transport mode tests are failingjackiechen19851-1/+9
Change-Id: I7893a8fd5b3e15063675597c0e9bd1cd0b49ef0e Signed-off-by: jackiechen1985 <xiaobo.chen@tieto.com>
2018-12-10IP-local: any IP can appear as the source (VPP-1522)Neale Ranns1-3/+15
Change-Id: Ib0d9b533d72c899b77c9a7bd1daa9b4a55b7221c Signed-off-by: Neale Ranns <nranns@cisco.com>
2018-12-07FIB recusrion loop checks traverse midchain adjacenciesNeale Ranns10-149/+338
if a tunnel's destination address is reachable through the tunnel (see example config belwo) then search for and detect a recursion loop and don't stack the adjacency. Otherwise this results in a nasty surprise. DBGvpp# loop cre DBGvpp# set int state loop0 up DBGvpp# set int ip addr loop0 10.0.0.1/24 DBGvpp# create gre tunnel src 10.0.0.1 dst 1.1.1.1 DBGvpp# set int state gre0 up DBGvpp# set int unnum gre0 use loop0 DBGvpp# ip route 1.1.1.1/32 via gre0 DBGvpp# sh ip fib 1.1.1.1 ipv4-VRF:0, fib_index:0, flow hash:[src dst sport dport proto ] locks:[src:plugin-hi:2, src:default-route:1, ] 1.1.1.1/32 fib:0 index:11 locks:4 <<< this is entry #11 src:CLI refs:1 entry-flags:attached, src-flags:added,contributing,active, path-list:[14] locks:2 flags:shared,looped, uPRF-list:12 len:1 itfs:[2, ] path:[14] pl-index:14 ip4 weight=1 pref=0 attached-nexthop: oper-flags:recursive-loop,resolved, cfg-flags:attached, 1.1.1.1 gre0 (p2p) [@0]: ipv4 via 0.0.0.0 gre0: mtu:9000 4500000000000000fe2fb0cc0a0000010101010100000800 stacked-on entry:11: <<<< and the midchain forwards via entry #11 [@2]: dpo-drop ip4 src:recursive-resolution refs:1 src-flags:added, cover:-1 forwarding: unicast-ip4-chain [@0]: dpo-load-balance: [proto:ip4 index:13 buckets:1 uRPF:12 to:[0:0]] [0] [@6]: ipv4 via 0.0.0.0 gre0: mtu:9000 4500000000000000fe2fb0cc0a0000010101010100000800 stacked-on entry:11: [@2]: dpo-drop ip4 DBGvpp# sh adj 1 [@1] ipv4 via 0.0.0.0 gre0: mtu:9000 4500000000000000fe2fb0cc0a0000010101010100000800 stacked-on entry:11: [@2]: dpo-drop ip4 flags:midchain-ip-stack midchain-looped <<<<< this is a loop counts:[0:0] locks:4 delegates: children: {path:14} Change-Id: I39b82bd1ea439be4611c88b130d40289fa0c1b59 Signed-off-by: Neale Ranns <nranns@cisco.com>
2018-12-07tcp: improve check for invalid sack blocksFlorin Coras1-1/+3
Change-Id: Ic6a6202a2d5aca33eee7fc6ff8eeaa1db9b58525 Signed-off-by: Florin Coras <fcoras@cisco.com>
2018-12-07tcp: measure us rtt with syn-ackFlorin Coras1-0/+1
Change-Id: I20820145377060e12aeeb23b433206c79fd88332 Signed-off-by: Florin Coras <fcoras@cisco.com>
2018-12-07tcp: fix timestamp check and pawsFlorin Coras1-5/+2
Change-Id: I5a5ee48755befc370a1f89ddbb0d91f164ed564f Signed-off-by: Florin Coras <fcoras@cisco.com>