aboutsummaryrefslogtreecommitdiffstats
path: root/src/vnet
AgeCommit message (Collapse)AuthorFilesLines
2021-09-16session: Add sock_name option to add_nsNathan Skrzypczak5-44/+183
This adds a new API call to add session namespaces It now takes a netns and a sock_name. (1) If no netns is passed, sock_name will be used as socket path. Defaulting to /run/vpp/app_ns_sockets/${ns_id} (2) If a netns is passed, the sock_name has to be abstract (i.e. start with '@'). It will default to `@vpp/session/${ns_id}` and will be created in the provided netns. Type: feature Change-Id: I90e9a8e5ecca2cabe7c05335663e33c8506dc9e7 Signed-off-by: Nathan Skrzypczak <nathan.skrzypczak@gmail.com>
2021-09-16vxlan: improve to use the hardware offloadMohsin Kazmi3-84/+49
Type: improvement Signed-off-by: Mohsin Kazmi <sykazmi@cisco.com> Change-Id: Ic0fa4f83048a280a7d1b04198c0f903798562d2d
2021-09-16ip6-nd: add ip6-nd proxyMohsin Kazmi6-2/+451
Type: feature Change-Id: I91f72f5802db195d1a15424d67c1b6e518168f9f Signed-off-by: Mohsin Kazmi <sykazmi@cisco.com>
2021-09-15tap: set device name on creation via TUNSETIFFDuncan Eastoe1-17/+8
Type: fix Currently when a new TAP/TUN device is created from tap_create_if() via the TUNSETIFF ioctl(), a name is allocated by the kernel (eg. tap0). If the caller supplied a name this is subsequently set via netlink, after the device has been created. Now we request the kernel to create the new device with the caller's requested name in the first instance, thus avoiding the need to rename the device, and therefore avoiding a window where the device exists with a different name. This can be beneficial, for example, when writing systemd-udevd link files [1]. Having the TAP/TUN devices created with the requested name ensures they can be correctly matched by the OriginalName option. Writing link files might be necessary, for example, to avoid VPP and systemd-udevd racing to set the MAC address on a newly created TAP interface. systemd-udevd can be configured to not manipulate the MAC addresses of matched interfaces. These changes also resolve an issue where the created device would not be renamed if the caller requested it be moved to a different network namespace, since vnet_netlink_set_link_name() was not called in that case. [1] https://www.freedesktop.org/software/systemd/man/systemd.link.html Signed-off-by: Duncan Eastoe <duncan@graphiant.com> Change-Id: I3d657632856d03979d6b914225c3c841c379e0a1
2021-09-13interface: fix init fib_index_by_sw_if_indexNathan Skrzypczak8-43/+18
Type: fix The init of fib_index_by_sw_if_index wasn't setting default value to 0. Which we now need for setting interfaces unnumbered Change-Id: Ie5be9b5e5373ef055557a871ad4d1c45fbfc1dee Signed-off-by: Nathan Skrzypczak <nathan.skrzypczak@gmail.com>
2021-09-13tcp session: initialize sw_if_index at connect timeFlorin Coras5-12/+13
Type: fix Signed-off-by: Florin Coras <fcoras@cisco.com> Change-Id: Id0e67a9ce9c5d8bca2cd7a30493f03a02a46dc46
2021-09-13ip: show ip table CLINathan Skrzypczak1-0/+77
Type: feature Thought this might be useful when using many VRF to get the list of allocated VRFs and corresponding names Change-Id: If9d2c6612d4215e7576315d66d1eb130fcecfa13 Signed-off-by: Nathan Skrzypczak <nathan.skrzypczak@gmail.com>
2021-09-13ip-neighbor: Handle local MAC address change for incomplete adjacenciesNeale Ranns5-43/+57
Type: fix When the local MAC address of an interface changes the rewrite strings of all adjacency types need to be updated - this patch fixes the missing case of incomplete adjacencies. I moved the update of all adj types into the adj module, since if the complete adjs were done by the ip-neighbour module and incomplete ones by adj module, that would mean two walks of the adj DB, as it is not possible to walk only a specific type. UT is updated to include the missing case. Signed-off-by: Neale Ranns <neale@graphiant.com> Signed-off-by: Ivan Shvedunov <ivan4th@gmail.com> Change-Id: I36af94976c645bdd0d4d3bc0093b24d7d077e9d7
2021-09-09vlib: fix vlib_buffer_enqueue_to_next() overflowBenoît Ganne2-7/+7
vlib_buffer_enqueue_to_next() requires to allow overflow of up to 63 elements of 'buffer' and 'nexts' array. - add helper to compute the minimum size - fix occurences in session and async crypto Type: fix Change-Id: If8d7eebc5bf9beba71ba194aec0f79b8eb6d5843 Signed-off-by: Benoît Ganne <bganne@cisco.com>
2021-09-09session: fix non-NULL terminated stringBenoît Ganne1-18/+7
vlib_unix_recursive_mkdir () expects a NULL-terminated C-string. Type: fix Change-Id: I412b48443d0792307d611c466747c0aa5e423417 Signed-off-by: Benoît Ganne <bganne@cisco.com>
2021-09-08interface: add custom interface name supportSteven Luong3-1/+100
add CLI "set interface name <current-int-name> <new-int-name> and the corresponding binary API to allow custom interface name setting for any interface. Type: feature Signed-off-by: Steven Luong <sluong@cisco.com> Change-Id: I2b39da59879fd4526bcb5aa5854b6bd21e72ea73
2021-09-08interface: fix coverity issueMohammed Hawari1-1/+1
Change-Id: I5bb1ab3a57097bf03e7de5541cc8496655bc728f Signed-off-by: Mohammed Hawari <mohammed@hawari.fr> Type: fix Fixes: 5b22339973feaa3eba48ead1e9fb428b1816c0cc
2021-09-07devices: restore regular af-packet tx pathMohammed Hawari2-21/+28
This change restores the af_packet tx path prior in use prior to Change Idf0bdd88990254a614962c2f7bc3e0292ccfd61a but fixes the stalling issue by ensuring that the next tx frame pointer is only incremented when a new tx frame is used. This change also enables the af_packet PACKET_QDISC_BYPASS option, for better performance. Change-Id: I65dde648ed66d21654847a900ceda5a8980ae6ec Type: improvement Signed-off-by: Mohammed Hawari <mohammed@hawari.fr>
2021-09-07interface: full poll vector on adaptive modeMaxime Peim4-10/+42
When an input supports adaptive mode and enters in polling, some rx queues may be missing from the node's rx_poll_vector. To solve the issue, a full poll vector is being computed in vnet_hw_if_update_runtime_data, and returned by vnet_hw_if_get_rxq_poll_vector when the node is polling in adaptive mode. Type: fix Signed-off-by: Maxime Peim <mpeim@cisco.com> Change-Id: I249bcb20ae0dd28afb0a5ca32993092bafd2f6b1
2021-09-01udp: fill rmt info if session is connection lessliuyacan1-1/+1
The app may send packet to different remote via sendto() with same socket (without calling connect()). In such scenario, remote address need to be filled in. Type: fix Signed-off-by: liuyacan <liuyacan@corp.netease.com> Change-Id: I49deb308668c05442f237e97acc9bfa239782482
2021-09-01classify: improve "show classify table" outputDave Barach1-5/+7
Print header for each table. Type: improvement Signed-off-by: Dave Barach <dave@barachs.net> Change-Id: I54ca04d6000a98afb4ad3d2f24caae3349548f23
2021-08-31flow: add esp spi rss typePiotr Bronowski1-26/+34
Type: feature This patch adds IPsec ESP SPI as RSS key for better IPsec inbound processing scaling. With this feature enabled, The NIC will use the packets' SPI index as the RSS key to distribute them to different queues. The dpdk-input is also updated to support this feature. Sample CLI command to enable Ipsec ESP SPI as RSS key: test flow add src-ip any dst-ip any rss types esp test flow enable eth0 index 0 Signed-off-by: Piotr Bronowski <piotrx.bronowski@intel.com> Signed-off-by: Gabriel Oginski <gabrielx.oginski@intel.com> Change-Id: I8b7d01cfc065e9099fad33042ce76898e16ddbf0
2021-08-30session: fix prefetch out of struct bound on ArmTianyu Li1-1/+1
CLIB_PREFETCH (s->tx_fifo, 2 * CLIB_CACHE_LINE_BYTES, LOAD); sizeof(svm_fifo_t) is 128 bytes Note on 64B cacheline size Arm machine, CLIB_CACHE_LINE_BYTES 128 CLIB_CACHE_PREFETCH_BYTES 6 above CLIB_PREFETCH () macro will be expand to __builtin_prefetch(s->tx_fifo) __builtin_prefetch(s->tx_fifo + 64) __builtin_prefetch(s->tx_fifo + 128) << prefetch out of range __builtin_prefetch(s->tx_fifo + 192) << the same here Solution: Change to CLIB_PREFETCH (s->tx_fifo, sizeof (*(s->tx_fifo)), LOAD); Type: fix Signed-off-by: Tianyu Li <tianyu.li@arm.com> Reviewed-by: Lijian Zhang <lijian.zhang@arm.com> Change-Id: I745cbce3dbe5afcab53c39189d18392f569df5aa
2021-08-30session: close app wrk socket on deleteFlorin Coras3-6/+5
Type: improvement Signed-off-by: Florin Coras <fcoras@cisco.com> Change-Id: I54fa6e8f12bb52988888e7019a88d6891017944c
2021-08-30tcp: Allow accepting session to send custom packetliuyacan1-1/+9
Tcp may want to send acks in established, but the app has not called accept() yet. Type: improvement Signed-off-by: liuyacan <liuyacan@corp.netease.com> Change-Id: I43b8cd386e533ca95c8ec260a0a1f695ea140358
2021-08-26vhost: migrate to new TX infraSteven Luong3-88/+67
Take advantage of the new TX infra and support manual thread placement Type: improvement Signed-off-by: Steven Luong <sluong@cisco.com> Change-Id: Id8023846a2eb59125fcf2f80f4f11eb681cf14dc
2021-08-26sr: extend the srv6 sid list structureAhmed Abdelsalam2-42/+51
Extend the srv6 sid list structure with policy type to support different SR policy types Type: feature Signed-off-by: Ahmed Abdelsalam <ahabdels@cisco.com> Change-Id: I6a8cf82b1269e1c46f3757df0047b306f613112b
2021-08-25fib: fix source address get error for p2p ifjxm1-0/+24
Type: fix Signed-off-by: jxm <jiangxiaoming@outlook.com> Change-Id: I5a6a1ce9f232d4ed0fd4707cd5aa9b46cc8a2a5a
2021-08-20ip: check if interface has link-local addressStanislav Zaikin1-1/+6
Type: fix Change-Id: I9d3344374738f8cf883cffb4715c76b50bb4bfce Signed-off-by: Stanislav Zaikin <zstaseg@gmail.com>
2021-08-20vlib: add format_vnet_buffer_no_chainBenoît Ganne6-14/+31
- add format_vnet_buffer and format_vnet_buffer_no_chain to mirror format_vlib_buffer and format_vlib_buffer_no_chain - format_vnet_buffer used to be the "no chain" version, replace all of its current use with the corresponding format_vnet_buffer_no_chain - add a function to dump vnet buffer details from gdb Type: improvement Change-Id: I143ce845f80e7ef937ea33a557b6e3b5988c5b8f Signed-off-by: Benoît Ganne <bganne@cisco.com>
2021-08-18vhost: interrupt mode support with mqSteven Luong3-138/+209
vhost interrupt mode support with mq does not work when coalesce frame is not configured to 0. When packed-ring is configured, we were also setting the wrong flag for want-interrupt. No need to trigger an interrupt to RX infra if there is at least one queue in the same thread that is doing polling. Type: fix Signed-off-by: Steven Luong <sluong@cisco.com> Change-Id: I8e64250f2aa6bf611a777a53e4d2c1076d83305f
2021-08-17ip: reassembly cleanupKlement Sekera4-246/+139
Remove unused parameters and fix warnings. Type: fix Signed-off-by: Klement Sekera <ksekera@cisco.com> Change-Id: I2d0e7b84b56817999283ecb6be606159dcb26a28
2021-08-17build: install ethernet/ethernet_types_api.hMohammed Hawari1-0/+1
ip/ip_types_api.h is already installed by the build system Change-Id: Iec43e0ad50e32473d93ea8f7281b5a6477ddc87f Signed-off-by: Mohammed Hawari <mohammed@hawari.fr> Type: improvement
2021-08-14ip: Fix crash in ip address add on sub-int without exact-matchPim van Pelt4-12/+32
Type: fix Creating a sub-int without exact-match set, and subsequently adding an IPv4 or IPv6 address will crash VPP. This fix catches this situation and refuses to allow the caller to add an IPv4 or IPv6 address on an ethernet sub-int that does not have exact-match set. TESTED: Before this change, the following crashes VPP: ``` DBGvpp# cre sub TenGigabitEthernet3/0/0 1 dot1q 10 TenGigabitEthernet3/0/0.1 DBGvpp# set interface ip address TenGigabitEthernet3/0/0.1 2001:db8::1/64 <crash> ``` After the change, VPP refuses to act: ``` DBGvpp# cre sub TenGigabitEthernet3/0/0 1 dot1q 10 TenGigabitEthernet3/0/0.1 DBGvpp# set interface ip address TenGigabitEthernet3/0/0.1 192.0.2.1/30 set interface ip address: sub-interface without exact-match doesn't support IP addressing DBGvpp# set interface ip address TenGigabitEthernet3/0/0.1 2001:db8:1/64 set interface ip address: sub-interface without exact-match doesn't support IP addressing ``` Signed-off-by: Pim van Pelt <pim@ipng.nl> Change-Id: I42997db314225cd186ebb54013b5717ace7f7bd6
2021-08-13ip: punt redirect add nh in apiNathan Skrzypczak9-100/+243
Type: feature Change-Id: Ia970f444ba2f38b7a42ea94942c906f1b541511b Signed-off-by: Nathan Skrzypczak <nathan.skrzypczak@gmail.com>
2021-08-13ip: source address selectionOle Troan5-34/+261
Implement a simple source address selection algorithm for IPv4 and IPv6. IPv6 does not yet implement RFC6724 but supports link-locals. ping now chooses correct source address for link-local destination. Added ping support for link-local multicast (e.g. allnodes). Type: feature Signed-off-by: Ole Troan <ot@cisco.com> Change-Id: I1a3382c1f7d4ace0386c2c19e4e47b045b73a3ed Signed-off-by: Ole Troan <ot@cisco.com>
2021-08-12session vcl: cert key add/del with socket apiFlorin Coras3-0/+101
Type: improvement Signed-off-by: Florin Coras <fcoras@cisco.com> Change-Id: I70791285cbf427479d2dcbf70ffdce2253add2fb
2021-08-11svm: make more fifo segment header fields privateFlorin Coras1-4/+4
Type: improvement Signed-off-by: Florin Coras <fcoras@cisco.com> Change-Id: Idab0f455b52a38efd2cf3781497d8cc7f57bfa42
2021-08-11fib: Compiile time option to use 8-8-8-8 stride tries for FIB ratherNeale Ranns2-0/+123
than 16-8-8-8 Type: feature the memory trade-off is: for 8-8-8-8 tries DBGvpp# sh ip fib mtrie mem ipv4-VRF:0 mtrie:8068 hash:3499 totals: mtrie:8068 hash:3499 all:11567 for 16-8-8 DBGvpp# sh ip fib mtrie mem ipv4-VRF:0 mtrie:333056 hash:3499 totals: mtrie:333056 hash:3499 all:336555 Signed-off-by: Neale Ranns <neale@graphiant.com> Change-Id: I5271a4322d786de6e47613cff9bd432762dbed2a
2021-08-11fib: A 16-8-8 and a 8-8-8-8 versions of an ip4_fib_tNeale Ranns13-417/+932
Type: feature The difference being the MTRIE type they contain. THE FIB continues to use the 16-8-8 version. Signed-off-by: Neale Ranns <neale@graphiant.com> Change-Id: I5a54d4e6e6cc639f18a3fb65ef2925507a7ef1de
2021-08-11ip: [re]introduce the 8-8-8-8 stride MTRIENeale Ranns3-64/+229
Type: improvement there's a time-space trade-off between the 16-8-8 and 8-8-8-8 stride. FIB continues to use the 16-8-8. Other features are now free to make the choice. Signed-off-by: Neale Ranns <neale@graphiant.com> Change-Id: I6691a163486ce62e75e629f6ef0c990f253df8e5
2021-08-11ip: Rename the ip4 mtrie function to be 16_8_8 specificNeale Ranns4-218/+202
Type: improvement the existing mtrie functions use the existing 16_8_8 mtrie. Rename them to make that explicit. Then we can add the 8_8_8_8 types and functions alongside. Signed-off-by: Neale Ranns <neale@graphiant.com> Change-Id: If5ce7a282d5d3742dc65bcd0523220235d9c510d
2021-08-10misc: do not capture tx packets twiceBenoît Ganne1-13/+30
When a packet goes through interface-output, whether it should be captured or not will be evaluated twice: in interface-output and in interface-output-template (<interface_name>-out) node. interface-output should only capture packets if there is an interface filter, otherwise it should defer evaluation to interface-output-template. Type: fix Change-Id: Ia720c5d184a236335e1d7d44d8c04caf87af5630 Signed-off-by: Benoît Ganne <bganne@cisco.com>
2021-08-10ip: Use the IP4 lookup functionsNeale Ranns4-125/+61
Type: refactor as opposed to wrtiing out the mtrie steps one by one each time. Signed-off-by: Neale Ranns <neale@graphiant.com> Change-Id: I1248861350f9189f9a67ac6e68940813af279e03
2021-08-10ip: Remove the 'test lookup' CLI commandNeale Ranns1-97/+0
Type: fix There's no such thing as a conflict between the FIB and adj tables. This is code that should have been removed way back in 16.04. Signed-off-by: Neale Ranns <neale@graphiant.com> Change-Id: I4524e7921b03b89106dd1f35aa1171d0945367cf
2021-08-09ip6-nd: only respond to RS if sending RA is enabledOle Troan1-1/+6
Even when periodic RAs are disabled VPP would respond to router solicitations. Making it impossible to have an IPv6 enabled interface with hosts connected to it without VPP acting as a default router. This change drops RS messages if the radv_info->send_radv is off. Type: fix Signed-off-by: Ole Troan <ot@cisco.com> Change-Id: I9a68f8e12c93c1c00125b54f8fd454f48fa22caa Signed-off-by: Ole Troan <ot@cisco.com>
2021-08-05classify: fix parsing for l4 matchBenoît Ganne1-1/+1
l4 match parsing should not try to consume the whole input, otherwise it breaks cli such as: 'classify session ... match l4 dst_port 22 action set-ip4-fib-id 2' Type: fix Change-Id: I81a1b5779811f7df8286a371f85fafe09c947b87 Signed-off-by: Benoît Ganne <bganne@cisco.com>
2021-08-05ip: fix ip punt redirect cliBenoît Ganne2-13/+12
- restore fib paths support for ip4 - initialize payload_proto to the relevant default protocol so that 'via <dev>' paths are supported - fix 'rx all' - fix temp path vector mem leak Type: fix Change-Id: I564d88dc4dce86884ff6791af69974e6d70ff7ca Signed-off-by: Benoît Ganne <bganne@cisco.com>
2021-07-29ip: add api test fileFilip Tehlar1-0/+1527
Type: improvement Signed-off-by: Filip Tehlar <ftehlar@cisco.com> Change-Id: I49c4183a443b7b39924328900e6a6ac2e09be426
2021-07-29ipsec: move startup config to common fileZachary Leaf3-51/+55
The ipsec startup.conf config currently exists in ipsec_tun.c. This is because currently the only ipsec{...} options are tunnel related. This patch moves the ipsec config to a common file (ipsec.c) for future extensibility/addition of non-tunnel related config options. Type: refactor Signed-off-by: Zachary Leaf <zachary.leaf@arm.com> Change-Id: I1569dd7948334fd2cc28523ccc6791a22dea8d32
2021-07-28gre: set proper fib index for unnumbered interfaces, unset fib index before ↵Stanislav Zaikin5-7/+67
forwarding gre payload This commit introduces 2 fixes: 1) After GRE decapsulation sw_if_index[VLIB_TX] is set as fib index of GRE tunnel. But since GRE tunnel can work on v4 endpoints and have v6 payload, we need to reset it. In case we get IPv6 packet inside IPv4 GRE tunnel (or vice-versa) fib index can be (and usually is) invalid. 2) Check that ip-table and ip6-table are the same when setting interface as an unnumbered one. Also, fix for the pipe test include setting the right unnumbered interface for the pipes Type: fix Signed-off-by: Stanislav Zaikin <zstaseg@gmail.com> Change-Id: Id13d239cfdd21e0db6b1c9725f01c40d4af4d800
2021-07-27udp: add option to disable icmp unreachablesFlorin Coras3-82/+49
Type: improvement Signed-off-by: Florin Coras <fcoras@cisco.com> Change-Id: I90c2a191ab34a2a7df3fb0a951e5fc78f40ccfe2
2021-07-24session: avoid vpp deadlock due to app crashliuyacan1-0/+6
In high traffic scenarios, if app crashed or hang on somewhere, app_mq will quickly accumulate to full, after which vpp worker will try 100 times before giving up allocating slot for every msg. This will cause vpp main thread barrier sync to fail. Type: fix Signed-off-by: liuyacan <liuyacan@corp.netease.com> Change-Id: I2b2bf2b272c5b3ca7e4a56af179af12bbcde149d
2021-07-23session vcl: support abstract sockets for app nsFlorin Coras4-16/+132
App namespaces can now be associated to a linux ip netns, e.g.: app ns add id <ns_id> secret <n> sw_if_index <n> netns <netns> If session layer's app sock api is enabled, this triggers the creation of an abstract listening socket in the netns that has been configured. For the example above that would be @vpp/session/<ns_id>. Consequently, vcl, or other apps attaching to vpp, can connect to said abstract socket from an ip netns without the need to share unix domain socket files. In particular, for vcl it's enough to set app-socket-api to @vpp/session/<ns_id> in the conf file. Type: feature Signed-off-by: Florin Coras <fcoras@cisco.com> Change-Id: I26fdc626a760a3f423c5b8be4251623f6e9cd73a
2021-07-22session vcl: explit mq indices in ctrl messagesFlorin Coras2-3/+5
Type: improvement Signed-off-by: Florin Coras <fcoras@cisco.com> Change-Id: I8e80252b85dda9a8f5699109264dc1b913581442