summaryrefslogtreecommitdiffstats
path: root/src/vnet
AgeCommit message (Collapse)AuthorFilesLines
2018-12-11Add IPSec interface FIB index for TX packetPierre Pfister6-6/+36
This patch adds a configuration parameter to IPSec tunnels, enabling custom FIB selection for encapsulated packets. Although this option could also be used for policy-based IPSec, this change only enables it for virtual-tunnel-interface mode. Note that this patch does change the API default behavior regarding TX fib selection for encapsulated packets. Previous behavior was to use the same FIB after and before encap. The new default behavior consists in using the FIB 0 as default. Change-Id: I5c212af909940a8cf6c7e3971bdc7623a2296452 Signed-off-by: Pierre Pfister <ppfister@cisco.com>
2018-12-11Fix [csit-dev] CSIT IPv6 IPSec transport mode tests are failingjackiechen19851-1/+9
Change-Id: I7893a8fd5b3e15063675597c0e9bd1cd0b49ef0e Signed-off-by: jackiechen1985 <xiaobo.chen@tieto.com>
2018-12-10IP-local: any IP can appear as the source (VPP-1522)Neale Ranns1-3/+15
Change-Id: Ib0d9b533d72c899b77c9a7bd1daa9b4a55b7221c Signed-off-by: Neale Ranns <nranns@cisco.com>
2018-12-07FIB recusrion loop checks traverse midchain adjacenciesNeale Ranns10-149/+338
if a tunnel's destination address is reachable through the tunnel (see example config belwo) then search for and detect a recursion loop and don't stack the adjacency. Otherwise this results in a nasty surprise. DBGvpp# loop cre DBGvpp# set int state loop0 up DBGvpp# set int ip addr loop0 10.0.0.1/24 DBGvpp# create gre tunnel src 10.0.0.1 dst 1.1.1.1 DBGvpp# set int state gre0 up DBGvpp# set int unnum gre0 use loop0 DBGvpp# ip route 1.1.1.1/32 via gre0 DBGvpp# sh ip fib 1.1.1.1 ipv4-VRF:0, fib_index:0, flow hash:[src dst sport dport proto ] locks:[src:plugin-hi:2, src:default-route:1, ] 1.1.1.1/32 fib:0 index:11 locks:4 <<< this is entry #11 src:CLI refs:1 entry-flags:attached, src-flags:added,contributing,active, path-list:[14] locks:2 flags:shared,looped, uPRF-list:12 len:1 itfs:[2, ] path:[14] pl-index:14 ip4 weight=1 pref=0 attached-nexthop: oper-flags:recursive-loop,resolved, cfg-flags:attached, 1.1.1.1 gre0 (p2p) [@0]: ipv4 via 0.0.0.0 gre0: mtu:9000 4500000000000000fe2fb0cc0a0000010101010100000800 stacked-on entry:11: <<<< and the midchain forwards via entry #11 [@2]: dpo-drop ip4 src:recursive-resolution refs:1 src-flags:added, cover:-1 forwarding: unicast-ip4-chain [@0]: dpo-load-balance: [proto:ip4 index:13 buckets:1 uRPF:12 to:[0:0]] [0] [@6]: ipv4 via 0.0.0.0 gre0: mtu:9000 4500000000000000fe2fb0cc0a0000010101010100000800 stacked-on entry:11: [@2]: dpo-drop ip4 DBGvpp# sh adj 1 [@1] ipv4 via 0.0.0.0 gre0: mtu:9000 4500000000000000fe2fb0cc0a0000010101010100000800 stacked-on entry:11: [@2]: dpo-drop ip4 flags:midchain-ip-stack midchain-looped <<<<< this is a loop counts:[0:0] locks:4 delegates: children: {path:14} Change-Id: I39b82bd1ea439be4611c88b130d40289fa0c1b59 Signed-off-by: Neale Ranns <nranns@cisco.com>
2018-12-07tcp: improve check for invalid sack blocksFlorin Coras1-1/+3
Change-Id: Ic6a6202a2d5aca33eee7fc6ff8eeaa1db9b58525 Signed-off-by: Florin Coras <fcoras@cisco.com>
2018-12-07tcp: measure us rtt with syn-ackFlorin Coras1-0/+1
Change-Id: I20820145377060e12aeeb23b433206c79fd88332 Signed-off-by: Florin Coras <fcoras@cisco.com>
2018-12-07tcp: fix timestamp check and pawsFlorin Coras1-5/+2
Change-Id: I5a5ee48755befc370a1f89ddbb0d91f164ed564f Signed-off-by: Florin Coras <fcoras@cisco.com>
2018-12-07tcp: better handling of options only allowed in synsFlorin Coras1-9/+18
Change-Id: I6debfe85d9d55f6f9a8ef0ce1dcc008393847a37 Signed-off-by: Florin Coras <fcoras@cisco.com>
2018-12-07tcp: validate connection state in retransmitFlorin Coras1-2/+2
Change-Id: Ia9048bb4e074f7ebc36eb77e542a916924103332 Signed-off-by: Florin Coras <fcoras@cisco.com>
2018-12-07tcp: fix length checkFlorin Coras1-3/+14
Change-Id: Iff75be238a231df88a37b61610c134e4a4770708 Signed-off-by: Florin Coras <fcoras@cisco.com>
2018-12-07VPP-1506: dump local punts and registered punt socketsPavel Kotucek8-66/+489
Change-Id: If7835e9b80ec9402404bfc8d271eb11a10ef992b Signed-off-by: Pavel Kotucek <pavel.kotucek@pantheon.tech>
2018-12-07Fix VPP-1515 IPSec receive packet error in transport mode with udp encapjackiechen19852-4/+14
Change-Id: Ife66395b89e1e9f9206666e5f0fd441b3c241bb2 Signed-off-by: jackiechen1985 <xiaobo.chen@tieto.com>
2018-12-06API: Change ip4_address and ip6_address to use type alias.Ole Troan3-11/+6
Change-Id: Id8669bbadd1d6b2054865a310a654e9b38d1667d Signed-off-by: Ole Troan <ot@cisco.com>
2018-12-06MFIB; CLI improvementsNeale Ranns2-7/+37
Change-Id: I7cf3ae8c10dd584e8bc234a3253bea3c5a2d105a Signed-off-by: Neale Ranns <nranns@cisco.com>
2018-12-05session/tcp: postpone cleanup on resetFlorin Coras8-13/+39
Change-Id: I45fd7538853f84c6c8bf804cc20acbc9601db3ba Signed-off-by: Florin Coras <fcoras@cisco.com>
2018-12-04ipsec: simplify bumping counters - cosmetic changeKlement Sekera4-116/+35
Change-Id: Ibb55427ed49d0277854a352922c6c4bb007bf072 Signed-off-by: Klement Sekera <ksekera@cisco.com>
2018-12-04vcl: cleanup children that use _exit()Florin Coras1-0/+2
Change-Id: Ia56c2698adb0ea7811203844dc4db10e121fbc42 Signed-off-by: Florin Coras <fcoras@cisco.com>
2018-12-04Add VNET_BUFFER_F_AVAIL definitionsDave Barach1-1/+25
Add a check to make sure that the vlib and vnet buffer flag bit definitions do not overlap. The VNET_BUFFER_F_AVAIL1...8 definitions allow out-of-tree codes to: #define VNET_BUFFER_F_MY_USECASE VNET_BUFFER_F_AVAIL1 and so on. This avoids introducing irrelevant and/or proprietary bit definitions into vnet/buffer.h, and hopefully minimizes merge pain for everyone involved. Change-Id: I5be4f61dceb81b5bfca005f6d609ade074af205b Signed-off-by: Dave Barach <dave@barachs.net>
2018-12-04vcl: test refactor and improvementsFlorin Coras2-2/+8
Change-Id: I92f415bf253d6e051ec9d94ebeb98f081b2a0293 Signed-off-by: Florin Coras <fcoras@cisco.com>
2018-12-04MPLS: buffer over-run with incorrectly init'd vector. fix VAT dumpNeale Ranns1-1/+1
Change-Id: Ifdbb4c4cffd90c4ec8b39513d284ebf7be39eca5 Signed-off-by: Neale Ranns <nranns@cisco.com>
2018-12-03Format vnet_buffer_t l2 feature bitmapDave Barach1-0/+8
Change-Id: Iad3120ab6466b77875efc89ccb49f6d22e36e62a Signed-off-by: Dave Barach <dave@barachs.net>
2018-12-03Add UDP encap flagFilip Tehlar2-0/+3
Change-Id: Ic6a8b9aaec7e5dee4fb1971168988dbe4f931f86 Signed-off-by: Filip Tehlar <ftehlar@cisco.com>
2018-12-03move [m]fib and BIER tests to unittest pluginNeale Ranns4-13050/+0
Change-Id: I9d2f52e756363df011026773bfffa838a557313f Signed-off-by: Neale Ranns <nranns@cisco.com>
2018-12-03Copying QoS Bits when fragmented, so that marking can happen properly also ↵Vijayabhaskar Katamreddy1-0/+7
cleaning up some unused code Change-Id: I1558eec79af173e5cdcc769d7c3909039403eed8 Signed-off-by: Vijayabhaskar Katamreddy <vkatamre@cisco.com>
2018-12-02IPSEC-AH: anti-replay testingNeale Ranns2-6/+9
Change-Id: Ia5d45db73e4bdb32214ed4f365d5eec8e28115f3 Signed-off-by: Neale Ranns <nranns@cisco.com>
2018-12-01ip_reassembly_enable_disable reply handler name is changed.Chore1-1/+1
Change-Id: I89be597376690bb75c4347bcfc1c6c3d27c4034c Signed-off-by: Chore <s3m2e1.6star@gmail.com>
2018-11-30Metadata / opaque formatting belongs in vppDave Barach5-24/+239
VPP graph dispatch trace record description: 0 1 2 3 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | Major Version | Minor Version | NStrings | ProtoHint | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | Buffer index (big endian) | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ + VPP graph node name ... ... | NULL octet | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | Buffer Metadata ... ... | NULL octet | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | Buffer Opaque ... ... | NULL octet | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | Buffer Opaque 2 ... ... | NULL octet | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | VPP ASCII packet trace (if NStrings > 4) | NULL octet | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | Packet data (up to 16K) | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ Graph dispatch records comprise a version stamp, an indication of how many NULL-terminated strings will follow the record header, and a protocol hint. The buffer index allows downstream consumers of these data to easily filter/track single packets as they traverse the forwarding graph. FWIW, the 32-bit buffer index is stored in big endian format. As of this writing, major version = 1, minor version = 0. Nstrings will be either 4 or 5. Here is the current set of protocol hints: typedef enum { VLIB_NODE_PROTO_HINT_NONE = 0, VLIB_NODE_PROTO_HINT_ETHERNET, VLIB_NODE_PROTO_HINT_IP4, VLIB_NODE_PROTO_HINT_IP6, VLIB_NODE_PROTO_HINT_TCP, VLIB_NODE_PROTO_HINT_UDP, VLIB_NODE_N_PROTO_HINTS, } vlib_node_proto_hint_t; Example: VLIB_NODE_PROTO_HINT_IP6 means that the first octet of packet data SHOULD be 0x60, and should begin an ipv6 packet header. Change-Id: Idf310bad80cc0e4207394c80f18db5f77c378741 Signed-off-by: Dave Barach <dave@barachs.net>
2018-11-30IPSEC-AH: fix packet dropNeale Ranns2-7/+0
Change-Id: I45b97cfd0c3785bfbf6d142d362bd3d4d56bae00 Signed-off-by: Neale Ranns <nranns@cisco.com>
2018-11-30vcl: wait for segments with segment handleFlorin Coras5-2/+12
Instead of waiting for notification from binary api. Change-Id: I5ecab857d6bcdbed62d6bb06709570c4cf6b19ea Signed-off-by: Florin Coras <fcoras@cisco.com>
2018-11-30session: segment handle in accept/connect notificationsFlorin Coras13-31/+105
Change-Id: I03884b6cde9d4c38ae13d1994fd8d37d44016ef0 Signed-off-by: Florin Coras <fcoras@cisco.com>
2018-11-30session: use endpt fib index if app in default nsJohn Lo1-1/+6
Change-Id: Icf1408c50a6438c81e16033e83b2a76ce6eb0166 Signed-off-by: John Lo <loj@cisco.com> Signed-off-by: Florin Coras <fcoras@cisco.com>
2018-11-29DHCP: Initialise trace for copied buffers.Ole Troan2-0/+4
DHCP tests failed intermittantly with a core dump. Let's see if this fixes it. Change-Id: I42829a2c7e7f5a9a6775330d37bf972ff0008210 Signed-off-by: Ole Troan <ot@cisco.com>
2018-11-29api: ip_source_check_interface_add_del api is added.Chore2-0/+48
Change-Id: I4799a9d469c797e54669ff4b50851a9acc849427 Signed-off-by: Chore <s3m2e1.6star@gmail.com>
2018-11-29GBP: l3-out subnetsNeale Ranns1-0/+1
Change-Id: Id4a20066fc5be716c61a497dfcb4d00dc1dbb28d Signed-off-by: Neale Ranns <nranns@cisco.com>
2018-11-29vcl: basic support for apps that forkFlorin Coras1-1/+1
- intercept fork and register a new worker with vpp - share sessions between parent and forked child - keep binary api state per worker Change-Id: Ib177517d661724fa042bd2d98d18e777056352a2 Signed-off-by: Florin Coras <fcoras@cisco.com>
2018-11-29VPP-1507: Added binary api to dump configured ip_punt_redirectPavel Kotucek5-29/+214
Change-Id: I790f7785e183cc9aaffd5b593617c4e12a32e20d Signed-off-by: Pavel Kotucek <pavel.kotucek@pantheon.tech>
2018-11-29Export ethernet/mac_address.h as part of API installation.Jon Loeliger1-0/+1
Change-Id: Ibb6d648948f990280e3cb048ce907f01e5c32b12 Signed-off-by: Jon Loeliger <jdl@netgate.com>
2018-11-29API: Add support for type aliasesOle Troan3-6/+43
Previously all types are compound. This adds support for aliases, so one can do things like: typedef u32 interface_index; or typedef u8 ip4_address[4]; Change-Id: I0455cad0123fc88acb491d2a3ea2725426bdb246 Signed-off-by: Ole Troan <ot@cisco.com> Signed-off-by: Klement Sekera <ksekera@cisco.com>
2018-11-29ipsec: move ipsec defs to ipsec.hKlement Sekera2-51/+54
Change-Id: Ia3dcd98edb6188deb96a3a99d831e71b2ffa0060 Signed-off-by: Klement Sekera <ksekera@cisco.com>
2018-11-28Remove useless prefetch in ip4-rewrite nodeSimon Zhang1-1/+1
Prefetching first 2 packets' header is useless cause of the prefetching action is not done before using the packets. There's no performance drop in Xeon platform and slightly performance gain in Atom platform after rmoving the prefetch. Change-Id: Ib4b074af20d7cd5053aecc7147b162141aec31f5 Signed-off-by: Simon Zhang <yuwei1.zhang@intel.com>
2018-11-26Minor tweaksDave Barach1-10/+11
Significant refit coming soon. Signed-off-by: Dave Barach <dave@barachs.net> Change-Id: If7d196e84354c5088706e2ac81e2add42597a550
2018-11-26Fix IPSec CLI key parsingPierre Pfister2-4/+11
strncpy stops copying when a byte set to 0 is read. The fix is to use mempcy instead. This patch also adds spd id to ipsec input trace. Change-Id: Ibed071d3607fa76c3f6ee065f94128f1aca9b2e2 Signed-off-by: Pierre Pfister <ppfister@cisco.com>
2018-11-26Add a feature arc consistency checkDave Barach8-0/+28
Verify that last node in the computed feature order matches reality. This check doesn't make sense in all cases, so we skip it if the newly-added vnet_feature_arc_registration_t ".last_in_arc" datum is a NULL pointer. Change-Id: Ia99c3e2b2da2e4780a7d5bc71670c5742a66fef2 Signed-off-by: Dave Barach <dave@barachs.net>
2018-11-26flow-hash: Add symmetric flag for flow hashingMohsin Kazmi4-4/+40
When 'Symmetric' flag is enabled, it will sort the addresses and hence, same flow hash will be calculated on both directions. Change-Id: I5d846f8d0b94ca1121e03d15b02bb56edb5887b1 Signed-off-by: Mohsin Kazmi <sykazmi@cisco.com>
2018-11-26Remove unused argument from eth_identify_subint(...)Damjan Marion3-7/+2
Change-Id: I0e89fbc51f30325655c4e9d0104aceb3ead3b16f Signed-off-by: Damjan Marion <damarion@cisco.com>
2018-11-23vhost-user: use memory store barrierDamjan Marion1-3/+3
Should be less expensive... Change-Id: I678a39e42a054bf5f6ef9c59d0fb93ff9719b964 Signed-off-by: Damjan Marion <damarion@cisco.com>
2018-11-23session: fix coverity app name warningFlorin Coras1-10/+20
Change-Id: I1bbad8716b9be3f2413aaebd400887c1e2aa3c7a Signed-off-by: Florin Coras <fcoras@cisco.com>
2018-11-23vhost-user: add missing inlinesDamjan Marion1-2/+2
Change-Id: I1ed39c4ee084b26faac8286d9729413311ba9508 Signed-off-by: Damjan Marion <damarion@cisco.com>
2018-11-23vhost-user: avoid global storage accessDamjan Marion1-26/+34
Change-Id: I9dbeff51d3ede6db3cd5a097623aa580e5e25042 Signed-off-by: Damjan Marion <damarion@cisco.com>
2018-11-23vhost-user: simplify input loopDamjan Marion1-181/+174
Change-Id: I6e6963882825e83d8da3a460be35c7349e107777 Signed-off-by: Damjan Marion <damarion@cisco.com>