summaryrefslogtreecommitdiffstats
path: root/src/vnet
AgeCommit message (Collapse)AuthorFilesLines
2018-02-05SCTP: calculate RTO / RTT and RTTVAR as per RFCMarco Varlese4-47/+122
This patch addresses the need to calculate the RTO / RTT and RTTVAR according to the rules depicted by the RFC4960 at section 6.3.1 Change-Id: I1d346f3c67610070b3f602f32c7738d58b99ffed Signed-off-by: Marco Varlese <marco.varlese@suse.com>
2018-02-05vhost_user: code cleanupHaiyang Tan1-4/+4
1. Replace the magic number '-1' with MAP_FAILED 2. On x86 platform, QEMU uses vhostuser required the memory back-end is file based, the file could be tmpfs(4K page size) or hugetlbfs(2M or 1G page size) Change-Id: If1818cb6833728d641f68e4d4a3bc645e70f2ee6 Signed-off-by: Haiyang Tan <haiyang.tan.dev@gmail.com>
2018-02-03IP reassembly: workaround coverity warningsKlement Sekera2-0/+2
Change-Id: Ide577f036d9d8dcedd99cdb4666a0eaf8a19b92e Signed-off-by: Klement Sekera <ksekera@cisco.com>
2018-02-02lisp-cp: fix handling of ndp without source link addr VPP-1159Florin Coras1-4/+21
Change-Id: Idddb60bbc7fcc701d39212f6422a6b2f6dc75221 Signed-off-by: Florin Coras <fcoras@cisco.com> (cherry picked from commit cba3675fabe618194bf80a9de0e9c53b89a541ca)
2018-02-01Out-of-order data chunks handling and moreMarco Varlese4-69/+235
This patch addresses the need to handle out-of-order data chunks received by a peer. To do that effectively, we had to add the handling of data chunks flags (E/B/U bit) to understand whether the stream is fragmenting user-message data and in that case if a fragment is the FIRST/MIDDLE/LAST one of a transmission. The same patch also addresses the security requirement to have a HMAC calculated and incorporated in the INIT_ACK and COOKIE_ECHO chunks. The algorithm used is the HMAC-SHA1. Change-Id: Ib6a9a80492e2aafe5c8480d6e02da895efe9f90b Signed-off-by: Marco Varlese <marco.varlese@suse.com>
2018-02-01IPv4/6 reassemblyKlement Sekera20-8/+2866
Change-Id: Ic5dcadd13c88b8a5e7896dab82404509c081614a Signed-off-by: Klement Sekera <ksekera@cisco.com>
2018-02-01vxlan: Lookup FIB in either IPv4 or IPv6 families.Jon Loeliger1-4/+5
Prior to this commit, the VXLAN "create" API assumed the vrf_id belonged to only the IPv4 FIB tables space. With this commit, the FIB table is found in either the IPv4 or IPv6 table as determined by the is_ipv6 flag. This follows the same pattern that was already being done in the CLI code for the VXLAN "create" command. Change-Id: I35d5e37db24efa858e4696dc2c004fa64bb4a4a8 Signed-off-by: Jon Loeliger <jdl@netgate.com>
2018-02-01FIB: Consolidate several copies of fib_ip_proto() into one.Jon Loeliger4-18/+11
Rather than having multiple copies of the same function scattered around, promote the function into the FIB PROTOCOL definitions in fib_types.h. Change-Id: I11c4d85931167d3a5f3dc1278afecc8845b23cd7 Signed-off-by: Jon Loeliger <jdl@netgate.com>
2018-02-01tcp: tcp_output.c failed to compile when VLIB_BUFFER_TRACE_TRAJECTORY is enabledSteven1-1/+1
Fixed a typo in tcp_push_header(). The typo only kicks in when the macro VLIB_BUFFER_TRACE_TRAJECTORY is enabled. Change-Id: I62832a4932ec5b14e3063d5eac113780851aae59 Signed-off-by: Steven <sluong@cisco.com>
2018-01-31Fix VNET_BUFFER_F_SPAN_CLONE flagDamjan Marion1-1/+1
Change-Id: I670e41bcfc61a45555431603c937f8dad4d165e9 Signed-off-by: Damjan Marion <damarion@cisco.com>
2018-01-31vlib: allocating buffers on thread-x and freeing them on thread-y causesSteven1-2/+1
a crash on debug image (VPP-1151) In debug image, there is extra code to validate the buffer when it is freed. It uses the hash table to lookup the buffer index with spinlock to prevent contention. However, there is one spinlock for each worker thread. So allocating the buffer on thread-x and freeing the same buffer on thread-y causes the validation to fail on thread-y. The fix is to have only one spinlock, stored in vlib_global_main. Change-Id: Ic383846cefe84a3e262255afcf82276742f0f62e Signed-off-by: Steven <sluong@cisco.com> (cherry picked from commit a7effa1b072463f12305a474f082aeaffb7ada4b)
2018-01-31Improved tracing for the IP[46] not-enabled case.Neale Ranns5-22/+73
now we get 00:00:03:665501: pg-input ... 00:00:03:665681: ethernet-input ... 00:00:03:665691: ip6-input UDP: 2001::1 -> ffef::1 tos 0x00, flow label 0x0, hop limit 64, payload length 108 UDP: 1234 -> 1234 length 108, checksum 0x7b25 00:00:03:665695: ip6-not-enabled UDP: 2001::1 -> ffef::1 tos 0x00, flow label 0x0, hop limit 64, payload length 108 UDP: 1234 -> 1234 length 108, checksum 0x7b25 00:00:03:665706: error-drop ethernet-input: no error Same goes for IPv4 Change-Id: Ia360df39b43281d3a0aa1b686f04b73cfa37c546 Signed-off-by: Neale Ranns <nranns@cisco.com>
2018-01-31Prep-work patch for congestion-controlMarco Varlese6-450/+670
This patch addresses the missing field in various data-structures to track valuable information to implement the congestion-control algorithms and manage sub-connections states. It adds the possibility to queue up to 2 SACKs chunks when the connection is not gapping. At the same time, it pushes some variable/field renaming for better readibility. Change-Id: Idcc53512983456779600a75e78e21af078e46602 Signed-off-by: Marco Varlese <marco.varlese@suse.de>
2018-01-30VPP-899: Run VPP under SELinuxBilly McFall1-13/+17
Add an SELinux profile such that VPP can run under SELinux on RPM based platforms. The SELinux Policy is currently only implemented for RPM packages, specifically, Fedora, CentOS and RHEL. Doxygen User Documentation has been included (selinux_doc.md). Once some discussion on file locations has completed (see vpp-devlist), updates to the Debug CLI documentation will also need to be updated. Additional changes: Patch Set 2: - Rework selinux_doc.md such that each line is only 80 characters instead of each sentence on a line. Made additonal minor chnages to the text. - Update vHost Debug CLI documentation to reflex new socket location. Cleaned up some text from when I originally wrote it, to better reflex proper use. - Update exec Debug CLI documentation to be more inline with suggested helptext, added text regarding recommended script file location. - For Debian builds, create the /var/log/vpp/ directory. I don't use Debian very much, so please pay extra attention to build-data/platforms.mk and build-root/deb/debian/.gitignore. - Per discussion on VPP call, changed the default log location to /var/log/vpp/vpp.log. - Changed the socket location for vHost in AutoConfig to /var/run/vpp/. Patch Set 3: - Update selinux_doc.md based on comments. Change-Id: I400520dc33f1ca51012d09ef8fe5a7b7b96c631e Signed-off-by: Billy McFall <bmcfall@redhat.com>
2018-01-30Allow the provider of a midchain adjacency to pass context data that is ↵Neale Ranns14-25/+76
returned in the fixup function Change-Id: I458e6e03b03e27775df33a2fd302743126d6ac44 Signed-off-by: Neale Ranns <nranns@cisco.com>
2018-01-29DRAFT ip4/6_frag to support DPO Style based Next NodeVijayabhaskar Katamreddy2-0/+15
Change-Id: I1df3d23c1c5668b83d52b41f51c0e3f24183af9e Signed-off-by: Vijayabhaskar Katamreddy <vkatamre@cisco.com>
2018-01-29Remove last vestigies of auto-ip-table createNeale Ranns1-34/+4
Change-Id: If0f8472c0de5e324b24c9c672c0f8b57cc9f49a8 Signed-off-by: Neale Ranns <neale.ranns@cisco.com>
2018-01-27session: use clib rwlocks instead of custom implementationFlorin Coras2-27/+9
Change-Id: I68933d709ce9cc686ba06466e136434b663920ef Signed-off-by: Florin Coras <fcoras@cisco.com>
2018-01-27Fix session/tcp coverity warningsFlorin Coras3-10/+22
Change-Id: I5c404eacb4a6c1e16485a6656168d9171ff49a8b Signed-off-by: Florin Coras <fcoras@cisco.com>
2018-01-27session: disconnect and echo client improvementsFlorin Coras7-23/+38
Change-Id: If421bad17b6cfe8e321257c93bb38931e37d7b64 Signed-off-by: Florin Coras <fcoras@cisco.com>
2018-01-26session: move builtin apps to their own folderFlorin Coras13-2268/+560
This consolidates builtin apps under session-apps folder. It also removes duplicate builtin echo server/client implementations. Change-Id: I75ed879399c5aa9b75b1eb38b33aedf69dd8df3f Signed-off-by: Florin Coras <fcoras@cisco.com>
2018-01-25session: add support for memfd segmentsFlorin Coras20-280/+355
- update segment manager and session api to work with both flavors of ssvm segments - added generic ssvm slave/master init and del functions - cleanup/refactor tcp_echo - fixed uses of svm fifo pool as vector Change-Id: Ieee8b163faa407da6e77e657a2322de213a9d2a0 Signed-off-by: Florin Coras <fcoras@cisco.com>
2018-01-24SCTP stack (RFC4960)Marco Varlese20-12/+8170
== CONTENT == * SCTP chunks definition as per RFC4960; * Helper functions to set/get values to/from the corresponding chunks; * Hooks to the session/application layers; * Complete state-machine handling; * Implementation for unexpected chunk received in a certain state (state-machine error handling) * Support for 1-single connection; * Sample application to test receive/transmit data-path; * Test to validate SCTP stack; Change-Id: I1b55c455ab400be9513f4e094dadfc3181d2ebc9 Signed-off-by: Marco Varlese <marco.varlese@suse.com>
2018-01-24Improve the error reporting for a IP multicast RPF miss.Neale Ranns2-3/+16
now we get: 00:00:04:288925: pg-input ... 00:00:04:289345: ethernet-input ... 00:00:04:289524: ip6-input ... 00:00:04:289553: ip6-mfib-forward-lookup ... 00:00:04:289584: ip6-mfib-forward-rpf entry 14 itf 2 flags Forward, 00:00:04:289754: ip6-drop UDP: 2002::1 -> ff01:2::255 tos 0x00, flow label 0x0, hop limit 64, payload length 21 UDP: 1234 -> 1234 length 21, checksum 0x90d1 00:00:04:289802: error-drop ip4-input: Multicast RPF check failed 08:36:44,517 Count Node Reason 182 ip4-input Multicast RPF check failed 8 ip6-icmp-input neighbor advertisements sent 8 ip6-icmp-input router advertisements sent 8 arp-input ARP replies sent Change-Id: I1b29cda4ec77a88db45bfb25c7473cd64bbf501a Signed-off-by: Neale Ranns <nranns@cisco.com>
2018-01-24Improve tunnel interface creation performanceJohn Lo7-76/+81
Modify interface creation to allow creation of tunnel interfaces without dedicated per tunnel output and tx nodes which are not used for most tunnel types. Also changed interface-output node function vnet_per_buffer_interface_output() so it does not rely on hw_if_index as the next node index which is not flexible nor efficient for large scale tunnel interfaces. The improvenemts are done for VXLAN, VXLAN-GPE, GENEVE and GTPU tunnels. GRE tunnel is still using per tunnel output nodes which will be changed in a separate patch with other GRE enhencements. Change-Id: I4123c01c0d2ead814417a867adb8c8a407e4df55 Signed-off-by: John Lo <loj@cisco.com>
2018-01-23Fix typo / coverity warningDave Barach1-1/+1
Change-Id: I4a3a6803083f3d707351440486bba59d8194339f Signed-off-by: Dave Barach <dave@barachs.net>
2018-01-23For DHCP client configuration control the setting of the broadcast flag in theNeale Ranns5-100/+397
DISCOVER message sent. According to RFC2131: In the case of a client using DHCP for initial configuration (before the client's TCP/IP software has been completely configured), DHCP requires creative use of the client's TCP/IP software and liberal interpretation of RFC 1122. The TCP/IP software SHOULD accept and forward to the IP layer any IP packets delivered to the client's hardware address before the IP address is configured; DHCP servers and BOOTP relay agents may not be able to deliver DHCP messages to clients that cannot accept hardware unicast datagrams before the TCP/IP software is configured. To work around some clients that cannot accept IP unicast datagrams before the TCP/IP software is configured as discussed in the previous paragraph, DHCP uses the 'flags' field [21]. The leftmost bit is defined as the BROADCAST (B) flag. The semantics of this flag are discussed in section 4.1 of this document. The remaining bits of the flags field are reserved for future use. They MUST be set to zero by clients and ignored by servers and relay agents. Figure 2 gives the format of the 'flags' field. this changes means VPP conforms to the: "SHOULD accept and forward to the IP layer any IP packets delivered to the client's hardware address before the IP address is configured" with the caveat that VPP allows DHCP packets destined to the stanard client DHCP port to be delivered. With this enhancement the control-plane is now able to choose the setting of the broadcast flag. Change-Id: Ia4eb2c9bb1e30c29f9192facc645e9533641955a Signed-off-by: Neale Ranns <nranns@cisco.com>
2018-01-23VPPAPIGEN: vppapigen replacement in Python PLY.Ole Troan40-73/+91
This is a version of the VPP API generator in Python PLY. It supports the existing language, and has a plugin architecture for generators. Currently C and JSON are supported. Changes: - vl_api_version to option version = "major.minor.patch" - enum support - Added error checking and reporting - import support (removed the C pre-processor) - services (tying request/reply together) Version: option version = "1.0.0"; Enum: enum colours { RED, BLUE = 50, }; define foo { vl_api_colours_t colours; }; Services: service { rpc foo returns foo_reply; rpc foo_dump returns stream foo_details; rpc want_stats returns want_stats_reply events ip4_counters, ip6_counters; }; Future planned features: - unions - bool, text - array support (including length) - proto3 output plugin - Refactor C/C++ generator as a plugin - Refactor Java generator as a plugin Change-Id: Ifa289966c790e1b1a8e2938a91e69331e3a58bdf Signed-off-by: Ole Troan <ot@cisco.com>
2018-01-21vhost_user: 'nregions' saves the actual number of mapped guest physical ↵Haiyang Tan1-1/+2
address area This patch fixed the VMA leak that if mapping one of guest physical address area get failed. Change-Id: I07b0b9a932209561d6ff2b2dd08a111ea5db2209 Signed-off-by: Haiyang Tan <haiyang.tan.dev@gmail.com>
2018-01-19vxlan:restructure encap loopEyal Bari1-321/+198
unified some code from IPv4/6 pathes replaced unrolled rewrite copy with simple assignment refactored stats handling was not tested for performance Change-Id: I00aeb9dd5b72584e6606e1a076e5c8270389aaa4 Signed-off-by: Eyal Bari <ebari@cisco.com>
2018-01-19Sub-Interface deletion not cleanup hash's properly (VPP-1136)John Lo2-14/+18
On deleting sub-interfaces, functions vnet_delete_sub_interface() and vnet_delete_hw_interface() are not cleaning up sub-interface related hash tables and memory properly. Change-Id: I17c7c4b2078c062c77bfe48889beb677610035ca Signed-off-by: John Lo <loj@cisco.com> (cherry picked from commit 7f5bec647c9dc743c015d461d040e63a77fd0a08)
2018-01-18vlib: add vlib_buffer_alloc_to_ring APIDamjan Marion2-11/+4
Change-Id: I4e2804754b443f5f41fb25eed8334908c4a70f84 Signed-off-by: Damjan Marion <damarion@cisco.com>
2018-01-18tapv2: add option to set host-side default gwDamjan Marion7-2/+97
Change-Id: I76fd655ecd9445299b94b3b5af10e7b1588584e4 Signed-off-by: Damjan Marion <damarion@cisco.com>
2018-01-18FIB Inherited SrouceNeale Ranns18-137/+1621
forwarding provided by the source is pushed to all other entries it covers in the sub-tree Change-Id: I2a45222ef653358f55c2436de3e3c6353cfadba2 Signed-off-by: Neale Ranns <nranns@cisco.com>
2018-01-17Fix checksum offload sssue caused by overwriten lX_hdr_offsetDamjan Marion1-2/+2
This happens when 2 packets belonging to 2 different interfaces hit dual loop in the ethernet-input. Packets go to slow path which doesn't set l2 hdr offset correctly for l3 packets. Change-Id: I61d87c079db0b2e21f8af6f6b600bff14030535d Signed-off-by: Damjan Marion <damarion@cisco.com>
2018-01-16Tolerate missing nodes during feature arc initialisationNeale Ranns1-2/+8
Change-Id: Ib0d0b663bf71ce52ead2f81140c710f31f040f89 Signed-off-by: Neale Ranns <nranns@cisco.com>
2018-01-16tapv2: deleting tap interface may leak buffers (VPP-1124)Steven4-11/+34
Buffers may be allocated for indirect descriptors by tx thread and they are freed when tx thread is invoked in the next invocation. This is to allow the recipient (kernel) to have a chance to process them. But if the tap interface is deleted, the tx thread may not yet be called to clean up the indirect descriptors' buffers. In that case, we need to remove them without waiting for the tx thread to be called. Failure to do so may cause buffers leak when the tap interface is deleted. For the RX ring, leakage also exists for vring->buffers when the interface is removed. Change-Id: I3df313a0e60334776b19daf51a9f5bf20dfdc489 Signed-off-by: Steven <sluong@cisco.com> (cherry picked from commit d8a998e74b815dd3725dfcd80080e4e540940236)
2018-01-15bfd: fix bfd_auth_keys_dumpFlorin Coras1-1/+1
Change-Id: I58598f18b9af70e580be4d28a0c40ec0ffcd5dca Signed-off-by: Florin Coras <fcoras@cisco.com>
2018-01-15svm: refactor memfd and remove ssvm_ethFlorin Coras3-976/+0
Change-Id: Icde296e956eb89ea3a17d547f04a833916ec6440 Signed-off-by: Florin Coras <fcoras@cisco.com>
2018-01-13Improve "show xxx tunnel" and "show int addr" outputJohn Lo5-139/+111
Improve "show xxx tunnel" output functions format_xxx_tunnel() for GRE, VXLAN, VXLAN-GPE, GENEVE and GTPU tunnels to make their output more consistent and provide better information. Improved the output of "show int addr" to make its info more consistent with tunnels and provide fib-index info. Change-Id: Icd4b5b85a5bec417f8ee19afea336c770ad3b4c5 Signed-off-by: John Lo <loj@cisco.com>
2018-01-11api: fix handlers that explicitly depend on svm queueFlorin Coras4-40/+38
Fixes the remainig apis that explicitly check svm queue length. Change-Id: I6055c7c50050affee3098e162e15fb12c205e5db Signed-off-by: Florin Coras <fcoras@cisco.com>
2018-01-11tcp: make proxy server uri cli configurableFlorin Coras2-3/+18
Change-Id: I94c7315558ccc9f3d4bcdefd09a696234bc56227 Signed-off-by: Florin Coras <fcoras@cisco.com>
2018-01-11api: remove transport specific code from handlersFlorin Coras29-604/+525
This does not update api client code. In other words, if the client assumes the transport is shmem based, this patch does not change that. Furthermore, code that checks queue size, for tail dropping, is not updated. Done for the following apis: Plugins - acl - gtpu - memif - nat - pppoe VNET - bfd - bier - tapv2 - vhost user - dhcp - flow - geneve - ip - punt - ipsec/ipsec-gre - l2 - l2tp - lisp-cp/one-cp - lisp-gpe - map - mpls - policer - session - span - udp - tap - vxlan/vxlan-gpe - interface VPP - api/api.c OAM - oam_api.c Stats - stats.c Change-Id: I0e33ecefb2bdab0295698c0add948068a5a83345 Signed-off-by: Florin Coras <fcoras@cisco.com>
2018-01-11Handle a mix of CNAME, A/AAAA recordsDave Barach1-10/+30
Poster-child: 8.8.8.8 resolving mag.ncep.noaa.gov Change-Id: I600cd0274b9017e9c91817511d3d3366f0bd02b9 Signed-off-by: Dave Barach <dave@barachs.net>
2018-01-11Add support for MAP-T CE (VPP-1058)Juraj Sloboda5-162/+441
Change-Id: Ib99058323c50f20fcdb44185aee027c5c6ef8c91 Signed-off-by: Juraj Sloboda <jsloboda@cisco.com>
2018-01-10Functional improvements, bug fixesDave Barach4-25/+152
At least when testing against "known good" DNS servers: it turns out that sending 2x requests - one for an A-record and another for a AAAA-record - seems to work better than sending a single DNS_TYPE_ALL request. Fix c-string vs. u8 vector mistakes. Fix server failover. Change-Id: I26554f0a9c1744376f21372506ebec8658e351e2 Signed-off-by: Dave Barach <dave@barachs.net>
2018-01-09VPP-1113 SR MPLS path.frp_label_stackPablo Camarillo1-17/+16
provide one label stack per fib_table_entry_path_add2 call. otherwise multiple mheap releases take place. Change-Id: I475ca1b801fc85dddda0b540c69ad628a274df7f Signed-off-by: Pablo Camarillo <pcamaril@cisco.com>
2018-01-09VPP-1120 SRv6 bug with SID list containing only one SID and no srhPablo Camarillo1-26/+64
Packets with a SR policy of one SID list create a malformed packet. Outer IPv6 header points to a routing extension header that does not exist since the SID list contains only one SID. Change-Id: I1effee0457453bab95706a8a24fdabfbd843d5b7 Signed-off-by: Pablo Camarillo <pcamaril@cisco.com>
2018-01-09api: refactor vlibmemoryFlorin Coras50-284/+248
- separate client/server code for both memory and socket apis - separate memory api code from generic vlib api code - move unix_shared_memory_fifo to svm and rename to svm_fifo_t - overall declutter Change-Id: I90cdd98ff74d0787d58825b914b0f1eafcfa4dc2 Signed-off-by: Florin Coras <fcoras@cisco.com>
2018-01-09GRE tunnel key should use fib_index instead of fib_id (VPP-1118)John Lo1-12/+1
Follow up fix - vl_api_gre_add_del_tunnel_t_handler should pass outer_fib_id from API message to vnet_gre_add_del_tunnel() and not convert it to fib_index, since vnet_gre_add_del_tunnel() already perform the lookup to get fib_index from fib_id. Change-Id: I24967a97f82ce018ddef596e556bd3eb1706cb63 Signed-off-by: John Lo <loj@cisco.com>