summaryrefslogtreecommitdiffstats
path: root/src/vnet
AgeCommit message (Collapse)AuthorFilesLines
2017-11-20session/tcp: filtering improvementsFlorin Coras8-127/+234
- make allow action explicit (-3) - add session lookup is_filtered return flag that is set if lookup hit a deny filter - change tcp logic to drop filtered packets when punting is enabled Change-Id: Ic38f294424663a4e108439b7571511f46f8e0be1 Signed-off-by: Florin Coras <fcoras@cisco.com>
2017-11-19session: fix session rules api to use transport protoFlorin Coras1-0/+1
Change-Id: Ie7b795715530e0920763098eb468c55fb17b1a2c Signed-off-by: Florin Coras <fcoras@cisco.com>
2017-11-18test http server: prealloc fifos/segment optionsFlorin Coras1-3/+29
Change-Id: I5e36ea9335a9a633a112c27396997a765f279e06 Signed-off-by: Florin Coras <fcoras@cisco.com>
2017-11-18Rename classifier ip6-sr metadata set actionDave Barach3-5/+5
There's nothing ip6-sr specific about it. Change-Id: I9e3710162bd81b535c46599c988557abf5a5003b Signed-off-by: Dave Barach <dave@barachs.net>
2017-11-18unformat function for FIB pathsNeale Ranns6-360/+198
Change-Id: I32de25890ac0a643314f650591d2479879d9a2a6 Signed-off-by: Neale Ranns <nranns@cisco.com>
2017-11-17vppcom: improve listener session handlingFlorin Coras2-16/+36
Change-Id: I86b2e2c5a655e53a915fbf62ff04ee23c86de234 Signed-off-by: Florin Coras <fcoras@cisco.com>
2017-11-16tcp: register with ip for header parsing by defaultFlorin Coras1-9/+12
Change-Id: I4e420bcc9241b03e179a939911059c0cc3704a51 Signed-off-by: Florin Coras <fcoras@cisco.com>
2017-11-16Deal with double name-pointer chasesDave Barach1-48/+167
Change-Id: I153b07b4348133535b16b6bf55527d19a6b927c6 Signed-off-by: Dave Barach <dave@barachs.net>
2017-11-16Add Support of DHCP VSS Type 0 where VPN-ID is ASCIIJohn Lo7-185/+241
Enhence support of DHCP VSS (Virtual Subnet Selection) to include VSS type 0 where VSS info is a NVT (Network Virtual Terminal) ASCII VPN ID where the ASCII string MUST NOT be terminated with a zero byte. Existing code already support VSS type 1, where VSS information is a RFC 2685 VPN-ID of 7 bytes with 3 bytes OUI and 4 bytes VPN index, and VSS type 255 indicating global VPN. Change-Id: I54edbc447c89a2aacd1cc9fc72bd5ba386037608 Signed-off-by: John Lo <loj@cisco.com>
2017-11-15BIER: coverity fixesNeale Ranns6-11/+22
Change-Id: I657bade082f9f754b294cd5f23ecfad4f0f46265 Signed-off-by: Neale Ranns <nranns@cisco.com>
2017-11-15Punt DNS request/reply traffic when name resolution disabledDave Barach3-5/+27
Change-Id: Iaad22f25993783be57247aa1f050740f96d2566a Signed-off-by: Dave Barach <dave@barachs.net>
2017-11-15Revert "vnet: af_packet mark l3 offload cksum"Jakub Grajciar1-2/+1
This reverts commit fa600c9169c0d7104af7a9be12a0471a8a8c8262. Change-Id: I873b53b2c025d7aba2211cab9b3e2d780af33b32 Signed-off-by: Jakub Grajciar <Jakub.Grajciar@pantheon.tech>
2017-11-14Ip6 dump not showing fib table names (VPP-1063)Neale Ranns2-9/+9
Change-Id: Idc7e7c35f17d514589d1264f1d1be664192ee586 Signed-off-by: Neale Ranns <neale.ranns@cisco.com>
2017-11-14NULL-terminate load_balance_nsh_nodes[]Gabriel Ganne1-0/+1
Change-Id: Ibc5528bea564f6c2b0ff34220405395bc78274fc Signed-off-by: Gabriel Ganne <gabriel.ganne@enea.com>
2017-11-14bier - fix node table declarationGabriel Ganne3-3/+6
Need to be NULL-terminated. Fix declarations of: - bier_disp_table_bier_nodes - bier_table_mpls_nodes - bier_fmask_mpls_nodes This was crashing during make test on aarch64 platform: During the API call to bier_table_add_del, the crash happens during dpo_default_get_next_node(). Change-Id: I16207ba38fc9ab65bad787878c4608740c312257 Signed-off-by: Gabriel Ganne <gabriel.ganne@enea.com>
2017-11-14Fix builtin http server static request freeFlorin Coras1-0/+1
Change-Id: Ice61d4c6c281aa8c4e89447208e0ad047bcce639 Signed-off-by: Florin Coras <fcoras@cisco.com>
2017-11-14vnet: af_packet_set_l4_cksum_offload device class checkJakub Grajciar2-1/+5
Change-Id: Ie07b71977c46d2f1e030799a08cc5af0fdc397aa Signed-off-by: Jakub Grajciar <Jakub.Grajciar@pantheon.tech>
2017-11-14vnet: af_packet mark l3 offload cksumJakub Grajciar1-1/+2
Change-Id: I42ee5898e1f775692811eebab11bcfe458f1ec63 Signed-off-by: Jakub Grajciar <Jakub.Grajciar@pantheon.tech>
2017-11-14l2-flood: fix restore vnet buffer's flags in the replication routineSteve Shin2-1/+7
When BUM packets are flooded in the l2 domain, some data should be kept and restored for recycling in the replication routine. If l2 bridge domain has multiple interfaces mixed with normal and vlan tagged, the vlan tag value of the vnet buffer can be changed while flooding the replicated packets. The change is made to store and restore the original vlan tag in the replication logic. Change-Id: I399cf54cd2e74cb44a2be42241bdc4fba85032c5 Signed-off-by: Steve Shin <jonshin@cisco.com>
2017-11-12session: add handle to disconnect_session_reply api msg.Dave Wallace1-1/+1
Change-Id: I40f80110f5224b676d60252f9721fd1bc8a10b58 Signed-off-by: Dave Wallace <dwallacelf@gmail.com>
2017-11-11ACLs: Use better error return codes than "-1" everywhere.Jon Loeliger1-1/+3
Added two new errors: ACL_IN_USE_INBOUND ACL_IN_USE_OUTBOUND Update ACL tests to expect new, precise return values. Change-Id: I644861a18aa5b70cce5f451dd6655641160c7697 Signed-off-by: Jon Loeliger <jdl@netgate.com>
2017-11-11MPLS disposition actions at the tail of unicast LSPsNeale Ranns6-31/+107
Change-Id: I8c42e26152f2ed1246f91b789887bfc923418bdf Signed-off-by: Neale Ranns <nranns@cisco.com>
2017-11-10Break up vpe.apiNeale Ranns18-8/+2664
- makes the VAPI generated file more consumable. - VOM build times improve. Change-Id: I838488930bd23a0d3818adfdffdbca3eead382df Signed-off-by: Neale Ranns <neale.ranns@cisco.com>
2017-11-10add warning control macro setGabriel Ganne1-11/+3
Add a way to toggle on and off a warning for a specific section of code. This supports clang and gcc, and has no effect for any other compilers. This follows commit bfc29ba442dbb65599f29fe5aa44c6219ed0d3a8 and provides a generic way to handle warnings in such corner cases. To disable a warning enabled by "-Wsome-warning" for a specific code: WARN_OFF(some-warning) // disable compiler warning ; /* some code */ WARN_ON(some-warning) // enable the warning again Change-Id: I0101caa0aa775e2b905c7b3b5fef3bbdce281673 Signed-off-by: Gabriel Ganne <gabriel.ganne@enea.com>
2017-11-10Further fix to SHG handling for ARP/ICMPv6 from BVI in a BDJohn Lo1-6/+25
For ARP/ICMPv6 packets received from a BVI in a BD, allow flood to all remote VTEPs via VXLAN tunnels irrespective of SHG check for ARP request or ICMPv6 neighbor solicitation packets only. All other packets types will flood normally as per SHG check. Change-Id: I17b1cef9015e363fb684c2b6506ed6c4efe70bba Signed-off-by: John Lo <loj@cisco.com> (cherry picked from commit 5b99133cff1ff0eb9043dd8bd3648b0b3aafa47e)
2017-11-10add classify session action set-sr-policy-indexGabriel Ganne5-1/+41
This allows to use the classifier to steer source routing packets instead of using the "sr steer" command. This way we can steer on anything instead of only the dst ip address. test: * add add_node_next function to the VppPapiProvider class. * add simple test scenario using the classifier to steer packets with dest ip addr == a7::/8 to the source routing insert node. * use new interface indexes (3,4) instead of (0,1) to prevent a cleanup conflict with the other tests which attach a specific fib to the interface. The test creates interfaces sepsrated from the other tests to prevent a conflict in the cleaning of the ip6 fib index 1 which causes vpp not to be able to find a default route on this table. Change-Id: Ibacb30fab3ce53f0dfe848ca6a8cdf0d111d8336 Signed-off-by: Gabriel Ganne <gabriel.ganne@enea.com>
2017-11-10Allow Openssl 1.1.0Marco Varlese5-12/+159
This patch addresses all the code changes required to VPP to support openssl 1.1.0 API. All the changes have been done so that VPP can still be built against current openssl API whilst forward-looking to version 1.1.0. Change-Id: I65e22c53c5decde7a15c7eb78a62951ee246b8dc Signed-off-by: Marco Varlese <marco.varlese@suse.com>
2017-11-10Fix bug in key calculation for IPsec tunnel interfaceMatthew Smith1-2/+2
When IPsec tunnel interface has the inbound SA updated, the key used to find the right interface for inbound packets was being generated using the destination address instead of the source. Change-Id: Id5a6fb1511637c912b329aad65188789646a5889 Signed-off-by: Matthew Smith <mgsmith@netgate.com>
2017-11-10session: add app ns index to ns create apiFlorin Coras2-3/+31
Change-Id: I86bfe4e8b0a899cc54c9b37eeb5eec701d0baf3d Signed-off-by: Florin Coras <fcoras@cisco.com>
2017-11-10Add sw_if_index to the ip_neighbor_details_t response.Jon Loeliger2-4/+9
When a DUMP with sw_if_index == ~0 is used to get all Neighbor entries for all interfaces, it is unclear in the details to which interface the neighbor belongs. Clear that up by returning the associated sw_if_index as well. Change-Id: Ib584a57138f7faceffed64d7c1854f7af92e0e42 Signed-off-by: Jon Loeliger <jdl@netgate.com>
2017-11-10session: use listener logic for proxy rulesFlorin Coras5-53/+133
This moves session proxy logic from session rules tables to table/logic used to manage session listeners in order to avoid overlap of semantically different rules. Change-Id: I463522cce91b92d942f6a2086fb14c3366b9f023 Signed-off-by: Florin Coras <fcoras@cisco.com>
2017-11-10BIER: replace uintXX_t with uXXNeale Ranns4-12/+12
Change-Id: I0ba698da9739c11de3a368fe4cf3617167a8d854 Signed-off-by: Neale Ranns <nranns@cisco.com>
2017-11-10session: use pool for segment manager propertiesFlorin Coras5-37/+83
Change-Id: I280fea2610dcfc0b2da84973b9f567daec42f1f6 Signed-off-by: Florin Coras <fcoras@cisco.com>
2017-11-09tcp: call accept notify after full connection initFlorin Coras1-9/+9
Change-Id: I69998aa4eb587d80fc61d14bb28a9318a318f9ec Signed-off-by: Florin Coras <fcoras@cisco.com>
2017-11-09session: fix app index in unbindFlorin Coras1-1/+1
Change-Id: Iff1a665b6cf9ca2def0fcdacf02d7f8c579c0f4e Signed-off-by: Florin Coras <fcoras@cisco.com>
2017-11-09BIERNeale Ranns62-105/+9040
- see draft-ietf-bier-mpls-encapsulation-10 - midpoint, head and tail functions - supported payload protocols; IPv4 and IPv6 only. Change-Id: I59d7363bb6fdfdce8e4016a68a9c8f5a5e5791cb Signed-off-by: Neale Ranns <nranns@cisco.com>
2017-11-09session: lookup/rules table improvements and cleanupFlorin Coras7-207/+363
Change-Id: I5217364220023df34d5bee071cb750df1661b093 Signed-off-by: Florin Coras <fcoras@cisco.com>
2017-11-09session: fix app ns list cli dumpFlorin Coras1-4/+8
Change-Id: I9b0a4676d088bc7587d12023fc3a3ea53aeaba20 Signed-off-by: Florin Coras <fcoras@cisco.com>
2017-11-08punt: fix sendmsg() failure detectionKlement Sekera1-1/+1
Change-Id: Ia8941b7b90f14dd688aca215b2dae1cc5c8f4472 Signed-off-by: Klement Sekera <ksekera@cisco.com>
2017-11-08session: fix show app ns table cliFlorin Coras1-10/+15
Change-Id: I188e0471636683345bd9daa779c3680a616c2244 Signed-off-by: Florin Coras <fcoras@cisco.com>
2017-11-08NAT64: fixed csum crash (VPP-1055)Matus Fabian2-28/+25
Change-Id: I28c8abe49c9858966a66530d3dc41c074c6901f3 Signed-off-by: Matus Fabian <matfabia@cisco.com>
2017-11-08http_server_rx_callbackJingLiuZTE1-2/+8
http_server_rx_callback must return -1, if session_rx_request fails. Change-Id: I08e48ea7560dee301958e0babe023bb739b9342c Signed-off-by: JingLiuZTE <liu.jing5@zte.com.cn>
2017-11-08Fix SHG handling for ARP/ICMPv6 received from BVI in a BDJohn Lo1-0/+8
This change makes sure ARP/ICMPv6 brodcast packets received from the BVI of a BD can be flooded to all remote VTEPs via its VXLAN tunnels irrespective of SHG setting. Similar processing was done for unicast packets already and needs to be extpanded to ARP and ICMPv6 broadcast packets. Change-Id: I26ac43ecdbc81a769f742a583a156506f7e70d49 Signed-off-by: John Lo <loj@cisco.com> (cherry picked from commit c97b4aca0db8d84b17ceb03a14ab44346a2b3466)
2017-11-08ip: fix container proxy coverity warningFlorin Coras1-4/+7
Change-Id: I5e35921acb65157a3de8ea0c53b3a6fa5cfca044 Signed-off-by: Florin Coras <fcoras@cisco.com>
2017-11-07add tracing to udp punt codeKlement Sekera1-5/+58
Change-Id: I5f92e40d2fe08a05f51622143648433732141cf4 Signed-off-by: Klement Sekera <ksekera@cisco.com>
2017-11-07vnet: ip4/6_local-> don't drop TCP/UCP marked for cksum calc fixJakub Grajciar2-13/+13
Change-Id: Id14826eefe43168747c8ba69b3b600441a7d4047 Signed-off-by: Jakub Grajciar <Jakub.Grajciar@pantheon.tech>
2017-11-07UDP Encapsulation.Neale Ranns14-6/+1422
A UDP-encap object that particiapates in the FIB graph and contributes DPO to teh output chain. It thereofre resembles a tunnel but without the interface. FIB paths (and henace routes) can then be created to egress through the UDP-encap. Said routes can have MPLS labels, hence this also allows MPLSoUPD. Encap is uni-directional. For decap, one still registers with the UDP port dispatcher. Change-Id: I23bd345523b20789a1de1b02022ea1148ca50797 Signed-off-by: Neale Ranns <nranns@cisco.com>
2017-11-07ip: add container proxy apiFlorin Coras4-20/+166
Change-Id: Id324a757517f85973097e20e2eb88d64ae0e931b Signed-off-by: Florin Coras <fcoras@cisco.com>
2017-11-07session: fix v6 double bindsFlorin Coras4-8/+100
Change-Id: Ie747b490901254e962cf61814491851b891129ee Signed-off-by: Florin Coras <fcoras@cisco.com>
2017-11-07fix bfd cli with gcc >= 6Gabriel Ganne1-1/+1
Change-Id: Iff63238bcf87db3411493e95064c5ad3ed8fd166 Signed-off-by: Gabriel Ganne <gabriel.ganne@enea.com>