summaryrefslogtreecommitdiffstats
path: root/src/vnet
AgeCommit message (Collapse)AuthorFilesLines
2017-11-09session: lookup/rules table improvements and cleanupFlorin Coras7-207/+363
Change-Id: I5217364220023df34d5bee071cb750df1661b093 Signed-off-by: Florin Coras <fcoras@cisco.com>
2017-11-09session: fix app ns list cli dumpFlorin Coras1-4/+8
Change-Id: I9b0a4676d088bc7587d12023fc3a3ea53aeaba20 Signed-off-by: Florin Coras <fcoras@cisco.com>
2017-11-08punt: fix sendmsg() failure detectionKlement Sekera1-1/+1
Change-Id: Ia8941b7b90f14dd688aca215b2dae1cc5c8f4472 Signed-off-by: Klement Sekera <ksekera@cisco.com>
2017-11-08session: fix show app ns table cliFlorin Coras1-10/+15
Change-Id: I188e0471636683345bd9daa779c3680a616c2244 Signed-off-by: Florin Coras <fcoras@cisco.com>
2017-11-08NAT64: fixed csum crash (VPP-1055)Matus Fabian2-28/+25
Change-Id: I28c8abe49c9858966a66530d3dc41c074c6901f3 Signed-off-by: Matus Fabian <matfabia@cisco.com>
2017-11-08http_server_rx_callbackJingLiuZTE1-2/+8
http_server_rx_callback must return -1, if session_rx_request fails. Change-Id: I08e48ea7560dee301958e0babe023bb739b9342c Signed-off-by: JingLiuZTE <liu.jing5@zte.com.cn>
2017-11-08Fix SHG handling for ARP/ICMPv6 received from BVI in a BDJohn Lo1-0/+8
This change makes sure ARP/ICMPv6 brodcast packets received from the BVI of a BD can be flooded to all remote VTEPs via its VXLAN tunnels irrespective of SHG setting. Similar processing was done for unicast packets already and needs to be extpanded to ARP and ICMPv6 broadcast packets. Change-Id: I26ac43ecdbc81a769f742a583a156506f7e70d49 Signed-off-by: John Lo <loj@cisco.com> (cherry picked from commit c97b4aca0db8d84b17ceb03a14ab44346a2b3466)
2017-11-08ip: fix container proxy coverity warningFlorin Coras1-4/+7
Change-Id: I5e35921acb65157a3de8ea0c53b3a6fa5cfca044 Signed-off-by: Florin Coras <fcoras@cisco.com>
2017-11-07add tracing to udp punt codeKlement Sekera1-5/+58
Change-Id: I5f92e40d2fe08a05f51622143648433732141cf4 Signed-off-by: Klement Sekera <ksekera@cisco.com>
2017-11-07vnet: ip4/6_local-> don't drop TCP/UCP marked for cksum calc fixJakub Grajciar2-13/+13
Change-Id: Id14826eefe43168747c8ba69b3b600441a7d4047 Signed-off-by: Jakub Grajciar <Jakub.Grajciar@pantheon.tech>
2017-11-07UDP Encapsulation.Neale Ranns14-6/+1422
A UDP-encap object that particiapates in the FIB graph and contributes DPO to teh output chain. It thereofre resembles a tunnel but without the interface. FIB paths (and henace routes) can then be created to egress through the UDP-encap. Said routes can have MPLS labels, hence this also allows MPLSoUPD. Encap is uni-directional. For decap, one still registers with the UDP port dispatcher. Change-Id: I23bd345523b20789a1de1b02022ea1148ca50797 Signed-off-by: Neale Ranns <nranns@cisco.com>
2017-11-07ip: add container proxy apiFlorin Coras4-20/+166
Change-Id: Id324a757517f85973097e20e2eb88d64ae0e931b Signed-off-by: Florin Coras <fcoras@cisco.com>
2017-11-07session: fix v6 double bindsFlorin Coras4-8/+100
Change-Id: Ie747b490901254e962cf61814491851b891129ee Signed-off-by: Florin Coras <fcoras@cisco.com>
2017-11-07fix bfd cli with gcc >= 6Gabriel Ganne1-1/+1
Change-Id: Iff63238bcf87db3411493e95064c5ad3ed8fd166 Signed-off-by: Gabriel Ganne <gabriel.ganne@enea.com>
2017-11-06session: add rule tagsFlorin Coras12-235/+468
Change-Id: Id5ebb410f509ac4c83d60e48efd54e00035e5ce6 Signed-off-by: Florin Coras <fcoras@cisco.com>
2017-11-05session: add api to dump rulesFlorin Coras7-25/+253
Change-Id: Ie42fd77e75e86a45cfe5951768c4638f27fdc3aa Signed-off-by: Florin Coras <fcoras@cisco.com>
2017-11-05ip4 network request processingDave Barach5-89/+750
Change-Id: I6eb0681cc2595f81ac3bf5ffa3e9b2adfff04a36 Signed-off-by: Dave Barach <dave@barachs.net>
2017-11-03NAT64: Input feature arc on virtual interface via interface RX DPO.Ole Troan2-2/+2
Change-Id: If2048c7d72048679bc5d0412f3fae109926f759e Signed-off-by: Ole Troan <ot@cisco.com>
2017-11-03vnet: ip4/6_local->don't drop packet if marked for TCP/UDP offload cksum ↵Jakub Grajciar2-8/+26
calculation Change-Id: I62f625a93e5d818caef382316035cd5447bd8fef Signed-off-by: Jakub Grajciar <Jakub.Grajciar@pantheon.tech>
2017-11-03punt: free whole buffer chain if such is puntedKlement Sekera1-1/+1
Change-Id: I1326f21f0a00a201d2bdb55b73af14fca6ba8888 Signed-off-by: Klement Sekera <ksekera@cisco.com>
2017-11-03silence l2fib_init() invalid read of size 2 found by address-sanitizerGabriel Ganne1-1/+6
l2fib_make_key() casts and reads the input 6-Bytes mac_address as u64, therefore if the mac_address is declared with 6 Bytes only, address-sanitizer rightly triggers an invalid read on the last two Bytes. However, l2fib_make_key() does a 16 bits shift to discard those 2 values, therefore, this invalid read is of no consequence (and so can be silenced safely). Change-Id: I38646fe60073093d25cdf135185d4c96136d55d0 Signed-off-by: Gabriel Ganne <gabriel.ganne@enea.com>
2017-11-03session: support drop action in rules tableFlorin Coras4-36/+114
Change-Id: Ided2980373ed5329c68f958f61be893428bccd31 Signed-off-by: Florin Coras <fcoras@cisco.com>
2017-11-02session/udp: init rw locksFlorin Coras2-1/+14
Change-Id: I68152d7338ce0d7805e50ccf9e9046de02cfd206 Signed-off-by: Florin Coras <fcoras@cisco.com>
2017-11-02LISP: fix negative mapping timeout, VPP-1043Filip Tehlar1-1/+2
Change-Id: Ie57b81f8743f14182813558887d84d6667c81d43 Signed-off-by: Filip Tehlar <ftehlar@cisco.com>
2017-11-02Add builtin http server option to return static replyFlorin Coras1-23/+97
Change-Id: I9f4d1c7ee7b460a93198930a5a935fa90177cdad Signed-off-by: Florin Coras <fcoras@cisco.com>
2017-11-01session: fix proxy coverity warningsFlorin Coras1-1/+2
Change-Id: I8d233d2301fb0da0fe27fa36ba870484bb290b7b Signed-off-by: Florin Coras <fcoras@cisco.com>
2017-11-01session: add support for proxying appsFlorin Coras15-39/+353
To enable this, applications set the proxy flag in their attach requests and pass the transport protocols they want to act as proxies for as part of the attach options. When proxy is enabled, session rules that point incoming packets to the proxy app are addedd to the local and global session tables, if these scopes are accessible to the app. In particular, in case of the former, the rule accepts packets from all sources and all ports destined to the namespace's supporting interface address on any port. While in case of the latter, a generic any destination and any port rule is addedd. Change-Id: I791f8c1cc083350f02e26a2ac3bdbbfbfa19ece3 Signed-off-by: Florin Coras <fcoras@cisco.com>
2017-10-31Fix "l2fib add" CLI to allow adding of filter MAC entriesJohn Lo1-25/+17
When adding a filter MAC entry, the default sw_if_index of -1 was incorrectly validated and rejected. Change-Id: Id7f122b6269ea7c299a4335b05b748afaf01383c Signed-off-by: John Lo <loj@cisco.com>
2017-10-31Fix set interface mac address API to be endian neutralJohn Lo4-16/+10
Store and pass MAC address as 6 byte u8 array instead of u64 to make MAC address handling in set interface MAC endian neutral. The previous API handler only works for little endian. Change-Id: Ie4ec33a840bc5122ab1f17e25977e58f3466253b Signed-off-by: John Lo <loj@cisco.com>
2017-10-31LISP: add P-ITR/P-ETR/xTR API handlers, ONE-24Filip Tehlar12-72/+571
Change-Id: I25937cd7470c826d1e833e65530ae959c39139d8 Signed-off-by: Filip Tehlar <ftehlar@cisco.com>
2017-10-31l2fib: MAC: Fix uint64 to u8 byte arrayMohsin Kazmi5-49/+44
As per proposal on the mailing list, this patch fixes the represntation of MAC address in VPP API calls for · L2fib_add_del · L2_fib_table_details Change-Id: I31e17efd1a6314cded69666e693cb8fc33158d02 Signed-off-by: Mohsin Kazmi <sykazmi@cisco.com>
2017-10-31Refactor IP input checks for re-use at MPLS dispositionNeale Ranns5-277/+465
Change-Id: I7aafdecd6f370411138e6ab67b2ff72cda6e0666 Signed-off-by: Neale Ranns <nranns@cisco.com>
2017-10-30LISP: improve updating the dataplne when locators changeFilip Tehlar5-28/+74
Change-Id: Ifc0296834e25ddbdd0ad8283c061f309801b053c Signed-off-by: Filip Tehlar <ftehlar@cisco.com>
2017-10-29devices: Add binary API for set interface <interface> rx-modeSteven4-18/+88
Also add vat test code to test the subject API. The format is sw_interface_set_rx_mode sw_if_index <index> [queue <id>] <polling|nterrupt|adaptive> Change-Id: Ib810d85d430077865bead8cc08a070f8ae478225 Signed-off-by: Steven <sluong@cisco.com>
2017-10-29session: fix coverity warningsFlorin Coras2-7/+12
Change-Id: Ib87eccb853cafceea5f5513f6bb51c2364449afa Signed-off-by: Florin Coras <fcoras@cisco.com>
2017-10-28session: rules tablesFlorin Coras22-12/+2093
This introduces 5-tuple lookup tables that may be used to implement custom session layer actions at connection establishment time (session layer perspective). The rules table build mask-match-action lookup trees that for a given 5-tuple key return the action for the first longest match. If rules overlap, ordering is established by tuple longest match with the following descending priority: remote ip, local ip, remote port, local port. At this time, the only match action supported is to forward packets to the application identified by the action. Change-Id: Icbade6fac720fa3979820d50cd7d6137f8b635c3 Signed-off-by: Florin Coras <fcoras@cisco.com>
2017-10-27session: instantiate appns lookup table only onceFlorin Coras2-7/+11
Change-Id: I39d634b7691a524e5221c28997a737102298c281 Signed-off-by: Florin Coras <fcoras@cisco.com>
2017-10-26Consolidate short_help for classify table with memory-sizeHongjun Ni1-0/+1
When creating 32K classify sessions, VPP crashes. Default heap size is 2MB. Need to configure it when requiring large number sessions. Change-Id: I16678ee4a9e0ba61cbd2d3b38c43d10c59325968 Signed-off-by: Hongjun Ni <hongjun.ni@intel.com>
2017-10-26session: swap appns secret to host byte orderFlorin Coras1-1/+1
Change-Id: I355433e0f07b328c441ed642705b31ca5157fabe Signed-off-by: Florin Coras <fcoras@cisco.com>
2017-10-26fib test - fix undefined behavior warning found by clangGabriel Ganne3-3/+3
warning: passing an object that undergoes default argument promotion to 'va_start' has undefined behavior [-Wvarargs] Change-Id: Ic9cfd61e38983bd67f30bf92f605e6c87d103ca5 Signed-off-by: Gabriel Ganne <gabriel.ganne@enea.com>
2017-10-26VCL: add session namespace support.Dave Wallace3-17/+40
Change-Id: I04f1b63e66260d99c0dd180b0295a55a9b750df7 Signed-off-by: Dave Wallace <dwallacelf@gmail.com>
2017-10-26Allow IPsec interface to have SAs resetMatthew Smith5-1/+123
Make it easier to integrate with external IKE daemon. IPsec interfaces can have one or both SAs replaced after creation. This allows for the possibility of setting a new child SA on an interface when rekeying occurs. It also allows for the possibility of creating an interface ahead of time and updating the SA when parameters that are negotiated during IKE exchange become known. Change-Id: I0a31afdcc2bdff7098a924a51abbc58bdab2bd08 Signed-off-by: Matthew Smith <mgsmith@netgate.com>
2017-10-25lldp: protection code to check a valid interface indexSteve Shin1-2/+9
When lldp interface is set, it's better to check valid interface index. Change-Id: I0db0ab6483ad73d28c69893576aa9b719c3b087c Signed-off-by: Steve Shin <jonshin@cisco.com>
2017-10-25L3 proxy FIB source for container networkingAndrew Yourtchenko14-10/+381
Change-Id: I4164c4c19c8dbfd73e6ddf94a12056325cc093b9 Signed-off-by: Neale Ranns <nranns@cisco.com> Signed-off-by: Andrew Yourtchenko <ayourtch@gmail.com>
2017-10-24Update L2 header offset after VLAN tag rewriteNeale Ranns1-1/+3
Change-Id: I5c1df59bce7c9654101672a12981e5bd62e9adc4 Signed-off-by: Neale Ranns <nranns@cisco.com>
2017-10-24Add extern to *_main global variable declarations in header files.Dave Wallace49-33/+65
- Global variables declared in header files without the use of the 'extern' keword will result in multiple instances of the variable to be created by the compiler -- one for each different source file in which the the header file is included. This results in wasted memory allocated in the BSS segments as well as potentially introducing bugs in the application. Change-Id: I6ef1790b60a0bd9dd3994f8510723decf258b0cc Signed-off-by: Dave Wallace <dwallacelf@gmail.com>
2017-10-23af_packet: invalid TCP/UDP offload checksum on RX node recalculationJakub Grajciar6-3/+171
Change-Id: I1075e5d2a1b6dfe3a443b40b41b8458a30505680 Signed-off-by: Jakub Grajciar <Jakub.Grajciar@pantheon.tech> Signed-off-by: Jakub.Grajciar@pantheon.tech <Jakub.Grajciar@pantheon.tech>
2017-10-23VXLAN:small refactor to vxlan inputEyal Bari1-235/+175
Change-Id: I2e7e08e1de20ab57e3f899b080b90a3082219ae5 Signed-off-by: Eyal Bari <ebari@cisco.com>
2017-10-20Add reverse DNS (ip to name) resolutionDave Barach5-34/+311
Change-Id: Ic531d820b1846ff7363e5c396ac0b1176e87b401 Signed-off-by: Dave Barach <dave@barachs.net>
2017-10-20null-terminate some formatted stringGabriel Ganne3-0/+15
Any u8* variable created by format() is NOT null-terminated. Add the null terminating byte with vec_terminate_c_string(). If that variable is used by (at least) hash_get_mem(), then it needs to be null-terminated, as it will go through string_key_sum() which makes a call to strlen. Change-Id: I4e51e1b6668f557e53af3bb897cd281598eedbc0 Signed-off-by: Gabriel Ganne <gabriel.ganne@enea.com>