summaryrefslogtreecommitdiffstats
path: root/src/vnet
AgeCommit message (Collapse)AuthorFilesLines
2018-03-07tls: enforce certificate verificationFlorin Coras10-124/+212
- add option to use test certificate in the ca chain - add hostname to extended session endpoint fields and connect api parameters. If hostname is present, certificate validation is enforced. - use /etc/ssl/certs/ca-certificates.crt to bootstrap CA cert. A different path can be provided via startup config Change-Id: I046f9c6ff3ae6a9c2d71220cb62eca8f7b10e5fb Signed-off-by: Florin Coras <fcoras@cisco.com>
2018-03-06API: Add service definitions for events and singleton messages (second attempt)Marek Gradzki4-60/+24
Based on https://gerrit.fd.io/r/#/c/10920/ Updates service definition in stats.api with correct reply message names. Change-Id: I3282bee5304e667e23bc1fab3f43d967a50d880d Signed-off-by: Marek Gradzki <mgradzki@cisco.com>
2018-03-05Revert "API: Add service definitions for events and singleton messages."Ole Trøan4-24/+60
This reverts commit f7b7fa53b7eaec81d8c00c1023fb7d01f1f9761f. Change-Id: I87496342943248e94f01ada31459f387c0a3a610 Signed-off-by: Ole Troan <ot@cisco.com>
2018-03-05SCTP: API to configure some tunablesMarco Varlese6-78/+129
This patch adds the possibility to configure some behaviors of the SCTP stack based on some tunable parameters (mainly ON/OFF). For the time being, that is limited to the bundling option (multiplexing messages) and to delaying the SACK message. Change-Id: I696493e0309e47163c1e119c7d9f82f7d8ee6b87 Signed-off-by: Marco Varlese <marco.varlese@suse.com>
2018-03-05IP6 link-local tableNeale Ranns22-220/+1068
- IPv6 link local table is a per-SW interface array of IPv6 unicast FIBs - the per-interface ocst is sizeof(fib_table_t) which is small, w.r.t. the cost of an interface - FE80::/10 in the 'global' table points to a DPO that performs a lookup in the input interface's LL fib. Change-Id: Ice834b25ebeeacb2e929d7c864d7ec8c09918cbe Signed-off-by: Neale Ranns <neale.ranns@cisco.com>
2018-03-05API: Add service definitions for events and singleton messages.Ole Troan4-60/+24
Change-Id: I7de987c30b263d43521e6280c5273f30b5f6e11c Signed-off-by: Ole Troan <ot@cisco.com>
2018-03-05SCTP: retransmission in INIT/SHUTDOWN phaseMarco Varlese4-24/+124
This patch addresses the need to handle timers timeouts (e.g. sent chunks not being acked) for both the INIT and SHUTDOWN phases. The INIT phase requires the handling of two timers the T1-init and T1-cookie timers whilst the SHUTDOWN phase requires the handling of the T2-shutdown timer only for the retransmission case. Left to be implemented is the handling of the DATA chunks retransmission (e.g. T3-rxtx expiration) but that will be submitted with a separate patch. Change-Id: I2b2e13dce11000aea3c7d965f02b27b76c97e605 Signed-off-by: Marco Varlese <marco.varlese@suse.com>
2018-03-05tls: add stop listen handlerFlorin Coras2-9/+42
Change-Id: I233d02a669b6a0504cd54590c6c8e4fefadc4713 Signed-off-by: Florin Coras <fcoras@cisco.com>
2018-03-03netlink: Use nl_pid 0 to play nice with others.Jon Loeliger1-1/+1
While the netlink field is named nl_pid, and typically contains a process id, setting it to a pid value directly prevents other modules from also using a netlink socket. On the other hand, setting it to 0 allows multiple modules to use a netlink socket by letting the kernel assign the nl_pid a value. This allows the verito tap code to interact nicely with the router plugin's librtnl after, say, tap-inject has been enabled. Change-Id: I9771929f34d15497a5f7b8c5fd78dac28e31383b Signed-off-by: Jon Loeliger <jdl@netgate.com>
2018-03-02tls: clib_mem_alloc context to avoid dangling referencesFlorin Coras1-30/+32
Change-Id: I1e3b48dfd21c9dbebdbcc0af0d6e888b416b3ac5 Signed-off-by: Florin Coras <fcoras@cisco.com>
2018-03-02session: first approximation implementation of tlsFlorin Coras24-163/+1737
It consists of two main parts. First, add an application transport type whereby applications can offer transport to other applications. For instance, a tls app can offer transport services to other applications. And second, a tls transport app that leverages the mbedtls library for tls protocol implementation. Change-Id: I616996c6e6539a9e2368fab8a1ac874d7c5d9838 Signed-off-by: Florin Coras <fcoras@cisco.com>
2018-03-02tapv2: CLI and binary API fixesSteven2-3/+3
1. When interface create encouners an error (see test below), the same id cannot be used again. This is due to hash_set is called too early in the function. After the hash entry is set, there are different errors may cause the interface create to be aborted. But we didn't remove the hash entry when error is encountered. The fix is to move the hash_set call near the end which has no more "goto error" DBGvpp# create tap id 1 rx-ring-size 1021 tx-ring-size 1021 create tap id 1 rx-ring-size 1021 tx-ring-size 1021 create tap: ring size must be power of 2 DBGvpp# create tap id 1 rx-ring-size 1024 tx-ring-size 1024 create tap id 1 rx-ring-size 1024 tx-ring-size 1024 create tap: interface already exists DBGvpp# 2. multiple issues exist with api_format.c with the below command binary-api tap_create_v2 id 4 hw-addr 90:e2:ba:76:cf:2f rx-ring-size 1024 tx-ring-size 1024 - hw_addr is not taken due to the test for random mac is inverted - id is an integer, not a string - integer values were not converted to network format Change-Id: I5a669d702a80ad158517df46f0ab089e4d0d692e Signed-off-by: Steven <sluong@cisco.com>
2018-03-01SCTP: API to delete a sub-connectionMarco Varlese4-2/+106
This patch adds an API to delete a sub-connection following a SRC/DST IP mapping as required by the RFC4960. Change-Id: I7673dd07352557442ffeed6c6c00da274b24953d Signed-off-by: Marco Varlese <marco.varlese@suse.com>
2018-03-016RD: Rewritten 6RD RFC5969 support.Ole Troan9-9/+17
Change-Id: Ic30fbcb2630f39e45345d7215babf5d7ed4b33a0 Signed-off-by: Ole Troan <ot@cisco.com>
2018-03-01Fix ERSPAN encap to set EN bits in the header and add test caseJohn Lo2-9/+12
For ERSPAN encap, both bits in the EN field of the header should be set to indicate any VLAN tag in the original Ethernet frame is preserved. Added SPAN L2 test case where the mirrored packet output is a GRE ERSPAN tunnel. Change-Id: Ie7a40992a9278469c24aa6fa9e122b4505797d10 Signed-off-by: John Lo <loj@cisco.com>
2018-03-01SCTP: API to add a sub-connectionMarco Varlese7-38/+243
This patch adds an API to add a sub-connection following a SRC/DST IP mapping as required by the RFC4960. At the same time, it changes the way the next available sub-connection is being calculated: rather than having an index in the parent connection which is prone to many issues at run-time, the next available sub-connection is being calculated by looking at the state of the set sub-connections and if marked as DOWN it means that is an available slot to be used. Change-Id: I662be6a247bfbbe8bf9aaf3f485183c07ef862fe Signed-off-by: Marco Varlese <marco.varlese@suse.com>
2018-03-01session: zero out ips in local endpoint lookup only if localFlorin Coras3-29/+75
Change-Id: I3425b1533b3d31210166e7b3798685464ad1c489 Signed-off-by: Florin Coras <fcoras@cisco.com>
2018-02-28tapv2: abort in tap_create_if (VPP-1179)Steven1-0/+1
The following command sequences cause the crash: create tap id 0 rx-ring-size 1024 tx-ring-size 1024 create tap id 1 rx-ring-size 1024 tx-ring-size 1024 set interface state tap0 up set interface state tap1 up delete tap tap0 delete tap tap1 create tap id 0 rx-ring-size 1024 tx-ring-size 1024 0: /home/sluong/vpp2/vpp/build-data/../src/vnet/interface_funcs.h:46 (vnet_get_hw_interface) assertion `! pool_is_free (vnm->interface_main.hw_interfaces, _e)' fails The reason for the crash is because when the tap interface is deleted, the code does not remove the entry from the device queue. But the interface is deleted anyway from vnet_main.interface_main.hw_interfaces. When an interface is created again, it may encounter the deleted entry in the device queue and crash. Notice create and delete a single entry does not cause a crash. Need to create and delete 2 interfaces to create a "hole" in the device queue. Change-Id: I42ce0b7943d73b3eab32a16751a0a3183de62d9f Signed-off-by: Steven <sluong@cisco.com>
2018-02-28at af_packet input, drop partial packets to prevent l4 checksum deadloop at ↵Chaoyu Jin1-4/+17
ouptut Change-Id: I6f75b7328fd0aa71d00a701e36c8b4ad06bff3c4 Signed-off-by: Chaoyu Jin <chjin@cisco.com>
2018-02-28SCTP: handle COOKIE while in SHUTDOWN phaseMarco Varlese3-20/+40
This patch address the requirement to handle a COOKIE chunk whilst in SHUTDOWN phase. The COOKIE shouldn't just be dropped but an OPERATION ERROR chunk shall be sent to the peer to inform about the current situation. Change-Id: I1a47652402d49cfee3b0c810304d7902f3a62f40 Signed-off-by: Marco Varlese <marco.varlese@suse.com>
2018-02-27vnet/interface: vnet_(put|get)frame_to_sw_interface is not worker thread awareSteven1-2/+2
When heavy traffic is running using worker threads, it may crash here DBGvpp# 0: /home/sluong/vpp3/vpp/build-data/../src/vlib/main.c:1128 (dispatch_pending_node) assertion `f->flags & VLIB_FRAME_PENDING' fails Thread 1 "vpp_main" received signal SIGABRT, Aborted. 0x00007ffff5d50428 in __GI_raise (sig=sig@entry=6) at ../sysdeps/unix/sysv/linux/raise.c:54 54 ../sysdeps/unix/sysv/linux/raise.c: No such file or directory. (gdb) No crash was observed if only main thread was used. Change-Id: I96f8b02ec23accc85c0f1ddecfeff6043b5e3c2b Signed-off-by: Steven <sluong@cisco.com>
2018-02-27sctp: sctp_output.c failed to compile when VLIB_BUFFER_TRACE_TRAJECTORY is ↵Steven1-1/+1
enabled Fixed a typo in sctp_push_header(). It was inherited from tcp_output.c Change-Id: I810fcb4c24cfd3d54f15da72a5184cfc4df24592 Signed-off-by: Steven <sluong@cisco.com>
2018-02-27SRv6: API uses table-IDs not FIB indiciesNeale Ranns1-3/+3
Change-Id: Iacbf7593ef9c03000db502e68335ac3ae18995d7 Signed-off-by: Neale Ranns <nranns@cisco.com>
2018-02-26Added u8x16,u32x4,u64x2 variants of _zero_byte_mask(x) for ARM/NEON ↵Adrian Oanca1-8/+4
platform. VPP-1129 Change-Id: I954acb56d901e42976e71534317f38d7c4359bcf Signed-off-by: Adrian Oanca <adrian.oanca@enea.com>
2018-02-26SCTP: Handle a COOKIE ECHO/ACK when a TCB ExistsMarco Varlese4-17/+146
This patch addresses the requirements depicted in section 5.2.4 of the RFC 4960. It also takes care of handling the ERROR chunk and obviously the STALE COOKIE error. Change-Id: I6b88a9371546b18a52abac22f7c593a5f16be838 Signed-off-by: Marco Varlese <marco.varlese@suse.com>
2018-02-26SCTP: handle INIT corner-case handlingMarco Varlese4-5/+215
As per RFC4960 the INIT chunk could be received in unexpected scenarios and - depending on the state of the internal state-machine - the INIT chunk requires different treatment. This patch addresses section 5.2.1 and 5.2.2 of the RFC4960. Change-Id: Ib23ef490c6a5ca3da6c46a9584b75e7577cb7042 Signed-off-by: Marco Varlese <marco.varlese@suse.com>
2018-02-26Fix current data offset to use vlib_buffer_get_current in input/output ACLSteve Shin1-5/+5
vlib_buffer_get_current() should be used for current data offset in ACL. This is required for output ACL where packets are decoded through a vxlan tunnel rx node. Change-Id: I6f739f251c3eb0d59ee4ae0da97aa04ddf667468 Signed-off-by: Steve Shin <jonshin@cisco.com>
2018-02-26IPv6 MLD; pointer address used as hash keyNeale Ranns1-3/+3
Change-Id: I7b2f52b2b2ce13f27bddc8750b8fc564bf6ab73e Signed-off-by: Neale Ranns <nranns@cisco.com>
2018-02-26vnet: add 25G interface speed flagDamjan Marion1-2/+4
Change-Id: I1d3ede2b043e1fd4abc54f540bb1d3ac9863016e Signed-off-by: Damjan Marion <damarion@cisco.com>
2018-02-26vnet: add vnet_device_input_have_features functionDamjan Marion1-0/+7
Change-Id: I28cfa7f7f5e4938146478c4a5cc5ad18612aadaa Signed-off-by: Damjan Marion <damarion@cisco.com>
2018-02-25SCTP: fix connection memory corruptionMarco Varlese4-14/+23
A bug was found when multiple SCTP connections were being opened to the same SCTP server. This patch addresses that problem, removing the use of the 'parent' pointer approach for sub-connection and saving instead within the sub-connection itself the ID representing its position. That facilitates pointer-arithmetic to be computed in the get_connection_from_transport(). Change-Id: Iaa1f4efc501590be1c93e42fd6fe3d6e02f635eb Signed-off-by: Marco Varlese <marco.varlese@suse.com>
2018-02-23VXLAN: Instance numbers now properly freed upon delete.Jon Loeliger1-1/+1
Fixes a small bookkeeping oversight where the VXLAN instance numbers were being freed erroneously by their device_instance number rather than the correct user_instance number. Change-Id: I08f6b2089c7a14cc8a8cb91f04f850f60ecec43b Signed-off-by: Jon Loeliger <jdl@netgate.com>
2018-02-23Convert a pcap file to a set of C initializersDave Barach2-1/+140
Change-Id: Ieb6b7a75fa23c8142ae15f42cd3a703253f39e10 Signed-off-by: Dave Barach <dave@barachs.net>
2018-02-22bihash table size perf/scale improvementsDave Barach1-3/+11
Directly allocate and carve cache-line-aligned chunks of virtual memory. To a first approximation, bihash wasn't using clib_mem_free(...). We eliminate mheap object header/trailers, which improves space efficiency. We also eliminate the 4gb bihash table size limit. An 8_8 bihash w/ 100 million random entries uses 3.8 Gbytes. Change-Id: Icf925fdf99bce7d6ac407ac4edd30560b8f04808 Signed-off-by: Dave Barach <dave@barachs.net>
2018-02-21SCTP: minor refactorMarco Varlese5-31/+50
This patch adds some missing information in various debugging messages which can help with debugging state-machine and connection-tracking. It also renames some internal variable names for better code readibility. Change-Id: I68503fc0214300032f7514426c8b5b2b12edf11a Signed-off-by: Marco Varlese <marco.varlese@suse.com>
2018-02-21Adj Delegates; don't store raw pointersNeale Ranns4-43/+37
... you'd think I'd have leanred by now... Change-Id: I65c54feb2ec016baa07ed96c81ab8f60277c3418 Signed-off-by: Neale Ranns <neale.ranns@cisco.com>
2018-02-20Fix reset the vlan flags when main interface is deleted.Steve Shin1-0/+2
The dot1q_vlans & dot1ad_vlans should be reset to 0 when main interface is deleted. Otherwise, VPP will crash if the same interface index is reused without attaching the sub interface on it. Change-Id: I484d4a8892ff4241a3a32b22189746193d5f2594 Signed-off-by: Steve Shin <jonshin@cisco.com>
2018-02-20SCTP: congestion controlMarco Varlese5-184/+251
This patch addresses the requirements depicted by section 7.1.1 and 7.1.2 of the RFC 4960. Specifically, it implements the Slow-start and Congestion-avoidance policies. The patch also took care of correctly implementing some 'formatting' functions required - for instance - in packet(s) tracing. Change-Id: I68eade1b30345de3acb3ac8a653a5ef76eb6d2ac Signed-off-by: Marco Varlese <marco.varlese@suse.com>
2018-02-20vppinfra: CLIB_HAVE_VEC128 mandates SSE4.2Damjan Marion2-1/+3
Change-Id: I6511110d0472203498a4f8741781eeeeb4f90844 Signed-off-by: Damjan Marion <damarion@cisco.com>
2018-02-19Use neutral vector code for ethernet_frame_is_taggedDamjan Marion2-41/+43
Also it removes ethernet_frame_is_any_taged implemebntation which seems to be equally costly compared to two invocations of ethernet_frame_is_tagged. Change-Id: If1c95f8267cd34b807ec07e0d675cbd0db2fdf9f Signed-off-by: Damjan Marion <damarion@cisco.com>
2018-02-19virtio: add missing tx lock when running multithreadedDamjan Marion3-0/+10
Change-Id: I373f429c53c6f66ad38322addcfaccddb7761392 Signed-off-by: Damjan Marion <damarion@cisco.com>
2018-02-19Adjacency Delegate updatesNeale Ranns7-157/+287
- Register new type (for use from puglins) - Memory for delegate is provided by delegate provider Change-Id: I5ece86b1fe84e3028a5c853871476c4ba015b2eb Signed-off-by: Neale Ranns <neale.ranns@cisco.com>
2018-02-17SCTP: 'multi-home' supportMarco Varlese6-186/+218
This patch addresses the SCTP requirement for multiple sub-connections to implement the so called 'multi-homed' scenario. Change-Id: Ibce18f216e9d2bebe318992c441bf278e16aad17 Signed-off-by: Marco Varlese <marco.varlese@suse.com>
2018-02-16Adj: VFTs for adjacency sub-blocksOle Troan5-29/+69
Change-Id: I85602b0178315023bb512babdd5b7dd4263a322d Signed-off-by: Ole Troan <ot@cisco.com>
2018-02-16Allow providers to override glean behaviourNeale Ranns9-77/+110
and update glean address on local interface MAC change Change-Id: I530826d60c7e9db2b0fa2d45754139d82c5ea807 Signed-off-by: Neale Ranns <neale.ranns@cisco.com>
2018-02-16Minor VXLAN/GRE Tunnel Encap Optimization and CleanupJohn Lo4-37/+53
Change-Id: I62a2a6524b72115a4239fbd7dc9ac8fdc35e20ed Signed-off-by: John Lo <loj@cisco.com>
2018-02-15session: fix fifo allocation for empty connect seg-managersFlorin Coras1-1/+0
Change-Id: Ibc5b1149f3fbbe3dfe1f069ab69bfed7de660582 Signed-off-by: Florin Coras <fcoras@cisco.com>
2018-02-15Revert "Allow interface types to override glean adjacency behaivour"Ole Trøan9-95/+76
This reverts commit 8b30e471df4d42214619e1d6c50cc8298426b45f. Change-Id: I99edb236eb0a7f8ba3fba333c3481a710ebcb59c Signed-off-by: Ole Troan <ot@cisco.com>
2018-02-15Revert "Adj: VFTs for adjacency sub-blocks"Ole Trøan5-74/+29
This reverts commit a44b015aa012d3b07ed873925d47c6d5955b7dd2. Change-Id: I2d76bc0844f58e5ddf3f3a4326b86076f46e3751 Signed-off-by: Ole Troan <ot@cisco.com>
2018-02-15Adj: VFTs for adjacency sub-blocksOle Troan5-29/+74
Change-Id: I19390f87343bacea84b49fc5d08af38875fdafdd Signed-off-by: Ole Troan <ot@cisco.com>