summaryrefslogtreecommitdiffstats
path: root/src/vnet
AgeCommit message (Collapse)AuthorFilesLines
2018-05-27VPP-1294: add missing feature arc constraintDave Barach5-51/+114
the ip4-dhcp-client-detect feature MUST run prior to nat44-out2in, or inbound dhcp broadcast packets will be dropped. Certain dhcp servers answer lease renewal dhcp-request packets with broadcast dhcp-acks, leading to unrecoverable lease loss. In detail, this constraint: VNET_FEATURE_INIT (ip4_snat_out2in, static) = { .arc_name = "ip4-unicast", .node_name = "nat44-out2in", .runs_after = VNET_FEATURES ("acl-plugin-in-ip4-fa"), }; doesn't get the job done: ip4-unicast: [17] nat44-out2in [23] ip4-dhcp-client-detect [26] ip4-not-enabled Add a proper constraint: VNET_FEATURE_INIT (ip4_snat_out2in, static) = { .arc_name = "ip4-unicast", .node_name = "nat44-out2in", .runs_after = VNET_FEATURES ("acl-plugin-in-ip4-fa", "ip4-dhcp-client-detect"), }; and the interface feature order is OK, at least in this regard: ip4-unicast: [17] ip4-dhcp-client-detect [18] nat44-out2in [26] ip4-not-enabled We need to carefully audit (especially) the ip4-unicast feature arc, which has [gasp] 37 features on it! Change-Id: I5e749ead7ab2a25d80839a331de6261e112977ad Signed-off-by: Dave Barach <dave@barachs.net>
2018-05-26Fix interface-rx-dpo-l2 node to setup l2_len in vnet bufferJohn Lo1-4/+16
Change-Id: Ic1fab1f3aba92bbdbfd281459562d1f9697ab465 Signed-off-by: John Lo <loj@cisco.com>
2018-05-26tcp: loss recovery improvements/fixesFlorin Coras8-146/+248
- fix newreno cwnd computation - reset snd_una_max on entering recovery - accept acks beyond snd_nxt but less than snd_congestion when in recovery - avoid entering fast recovery multiple times when using sacks - avoid as much as possible sending small segments when doing fast retransmit - more event logging Change-Id: I19dd151d7704e39d4eae06de3a26f5e124875366 Signed-off-by: Florin Coras <fcoras@cisco.com>
2018-05-25Add interface rx pcap tracingDave Barach1-15/+13
Should cost at most 1 clock per frame when not enabled. Add "pcap rx trace..." debug CLI, refactored "pcap tx trace" debug CLI to avoid duplicating code. Change-Id: I19ac75d1cf94a6a24c98facbf0753381d37963ea Signed-off-by: Dave Barach <dbarach@cisco.com>
2018-05-25Fix possible null pointer dereferenceJuraj Sloboda1-3/+14
Replace clib_warning with vlib_log_warn Change-Id: I6d0b8d97048b75f4418609264af0c14e19fad79b Signed-off-by: Juraj Sloboda <jsloboda@cisco.com>
2018-05-25tcp: handle acks in close waitFlorin Coras2-1/+2
Thanks to Ning Li <muziding001@163.com> for reporting. Change-Id: I758bc6760ec5a9ec688172bc162a1873f96ab4f3 Signed-off-by: Florin Coras <fcoras@cisco.com>
2018-05-25bond: performance harvestingSteven4-133/+183
- hash is great. But it is a bit too slow for the DP. Use direct array indexing to quickly retrieve the slave interface. - the algorithm used by flow hash is great. But it is a bit too slow for the DP. Use l2_hash_hash() extracted from lb_hash.h which ECMP is using. It makes use of intrinsic crc32 instruction set. - shortcut modulo arithmetic when the operand is 2**x (where x up to 4) to avoid division instruction. - special case for link count == 1 in bond_tx_fn() - use clib_mem_unaligned to access data for the packet to avoid alignment error - Fix some typos for packet tracing. Change-Id: I8eae3ad497061c5473aa675ba894ee0211120d25 Signed-off-by: Steven <sluong@cisco.com>
2018-05-25ARP proxy dumpsNeale Ranns12-41/+279
Change-Id: I8335ebf266becf2f42bb3f28a17dfed8d9b08f97 Signed-off-by: Neale Ranns <nranns@cisco.com>
2018-05-25VPP-1277: IPIP - Copy TOS/TC from inner packet to outer.Ole Troan5-18/+109
Add support for either copying TOS/TC from inner packet to outer, or set to fixed value. Change-Id: I716a95f875349acec94317b266c8cf9f2f81a785 Signed-off-by: Ole Troan <ot@cisco.com>
2018-05-24Rewrite of l2-output nodeDamjan Marion1-332/+280
Change-Id: I8cbd1eac80ae4aeb173d02786e9ccf3b4877304d Signed-off-by: Damjan Marion <damarion@cisco.com>
2018-05-23VPP-1283: IPv6 PMTU missing MTU value in ICMP6 message.Ole Troan3-20/+32
Fix GRE/IPv6 setting of ip->payload_length (which has never worked). Change-Id: Ie68f1cc7bbb70489d6ec97356132c783f2345e1e Signed-off-by: Ole Troan <ot@cisco.com>
2018-05-23VPP-1283: IPv4 PMTU missing MTU value in ICMP4 message.Ole Troan2-32/+43
Change-Id: I7a4133c59ff45b0744b48e246a049d9f015026fc Signed-off-by: Ole Troan <ot@cisco.com>
2018-05-23VPPAPIGEN: Add union and enum support and IP4/IP6 address type.Ole Troan1-0/+37
Note: The Python, Java and C/C++ bindings must be updated before ip/ip_types.api can be used. ip_types.api: typedef ip4_address { u8 address[4]; }; typedef ip6_address { u8 address[16]; }; enum address_family { ADDRESS_IP4 = 0, ADDRESS_IP6, }; union address_union { vl_api_ip4_address_t ip4; vl_api_ip6_address_t ip6; }; typedef address { vl_api_address_family_t af; vl_api_address_union_t un; }; Change-Id: I22f67092f24db5bd650a03c6f446a84cd9fd1074 Signed-off-by: Ole Troan <ot@cisco.com>
2018-05-23tcp: cc improvements and fixesFlorin Coras5-26/+38
Change-Id: I6615bb612bcc3f795b5f822ea55209bb30ef35b5 Signed-off-by: Florin Coras <fcoras@cisco.com>
2018-05-22CSIT-928 dpdk/ipsec: performance improvementRadu Nicolau1-7/+5
Replace hash with a vector to improve performance. Plus other minor performance improvements. Change-Id: I3f0ebd909782ce3727f6360ce5ff5ddd131f8574 Signed-off-by: Radu Nicolau <radu.nicolau@intel.com>
2018-05-21tcp: unlock link-local adjacencies on connection cleanupFlorin Coras2-24/+56
Change-Id: I37705fb572045f42be4c2dabbd8460c8f8872167 Signed-off-by: Florin Coras <fcoras@cisco.com>
2018-05-20vector functions cleanup and improvementsDamjan Marion1-3/+2
Remove functions which have native C equivalent (i.e. _is_equal can be replaced with ==, _add with +) Add SSE4.2, AVX-512 implementations of splat, load_unaligned, store_unaligned, is_all_zero, is_equal, is_all_equal Change-Id: Ie80b0e482e7a76248ad79399c2576468532354cd Signed-off-by: Damjan Marion <damarion@cisco.com>
2018-05-18IP unnumbered dumpNeale Ranns2-1/+92
Change-Id: I4f245fd225bcc563fafee2696cd039477d661c57 Signed-off-by: Neale Ranns <neale.ranns@cisco.com>
2018-05-18IP table bind allowed only if table existsNeale Ranns1-30/+6
Change-Id: If01400e3434b25b2da36ba28ceb8444b216d0e38 Signed-off-by: Neale Ranns <neale.ranns@cisco.com>
2018-05-18ARP: Ensure STATIC and DYANMIC ARP flags are mutually exclusive.Jon Loeliger1-3/+9
Change-Id: I44278dea2ee1daa147b0928bfe26e861907a209f Signed-off-by: Jon Loeliger <jdl@netgate.com>
2018-05-18IP address dump - don't send subnets for unnumbered interfacesNeale Ranns1-4/+6
Change-Id: I8c64a0d2f757d96ffa7fd042c23b0d814217c215 Signed-off-by: Neale Ranns <neale.ranns@cisco.com>
2018-05-18session: add session process nodeFlorin Coras5-0/+85
Add a session process node that handles main thread tx and retransmit in order to avoid having a polling input node. Change-Id: I3357e987c023a84b533b32793e37ab4204420f64 Signed-off-by: Florin Coras <fcoras@cisco.com>
2018-05-18tap: remove the local vlib_log_info definitionMohsin Kazmi1-9/+3
Change-Id: Idff55a19d27fed0d57e222f38d2e16c5367911cb Signed-off-by: Mohsin Kazmi <sykazmi@cisco.com>
2018-05-17Fix failure during enable/disable of featuresMatthew Smith2-5/+5
vnet_feature_enable_disable_with_index() checks the return status of vnet_config_{add,del}_feature(). If the config string heap index returned is the same index that was in use prior to the add/delete, it is concluded that a failure occurred and processing of the feature stops. Sometimes the config index that is returned can legitimately be the same index that was in used before the add/delete. The old list of features can have its heap entry deallocated before a new entry for the new list is allocated. The heap entry for the new list can be the entry that was deallocated while deleting the old one. Make vnet_config_{add,del}_feature() return ~0 on failure. Look for that return value as an indication that an error occurred in vnet_enable_disable_feature_by_index(). Change-Id: I88bb3ff88a76971c1b5e5ece74784ce8ba78373c Signed-off-by: Matthew Smith <mgsmith@netgate.com>
2018-05-17Fixes in IPv6 RD control planeJuraj Sloboda2-30/+59
Add default route to the VRF table in which the interface is bound. Add missing pool_put. Change-Id: Id76c7dbfbf9bcf18357f372f3eee9b931df1995e Signed-off-by: Juraj Sloboda <jsloboda@cisco.com>
2018-05-17flow:redirect to nodeEyal Bari1-0/+8
Change-Id: I4b6577b496c56f27f07dd0066fcfdfd0cebb6f1a Signed-off-by: Eyal Bari <ebari@cisco.com>
2018-05-17tcp: handle link-local addressesFlorin Coras6-8/+75
Change-Id: I9ede6bc861350c7d9e78fa4d96cd584c2816d06f Signed-off-by: Florin Coras <fcoras@cisco.com>
2018-05-17Packet generator: preserve pcap file timestampsDave Barach6-0/+23
Set vnet_buffer2(b0)->pg_replay_timestamp, for use when desired. Fix a memory leak in pg_stream_free(...), which wasn't freeing the replay packet templates. Change-Id: I01822a9e91a52de4774d2b95cf0c2ee254a915e9 Signed-off-by: Dave Barach <dave@barachs.net>
2018-05-16Drop IPsec packets when interface is downMatthew Smith1-10/+32
Packets arriving on an IPsec tunnel interface are decrypted and forwarded even if the interface is down. Check interface flags. If the interface is down, cause packet to be dropped and increment the counters for drops. Change-Id: I94456bda3bd8eade0f3f522ad7cc341251174e6e Signed-off-by: Matthew Smith <mgsmith@netgate.com>
2018-05-16echo client: used fixed pool for preallocated sessionsFlorin Coras2-14/+9
Change-Id: I9e2cf74ebe3e8750fa8d03930d2d72f4cae453c2 Signed-off-by: Florin Coras <fcoras@cisco.com>
2018-05-15Update ipfix documentationDave Barach1-195/+180
Change-Id: Ie942efab86d24a953fe34754e3d50df54b560dc0 Signed-off-by: Dave Barach <dave@barachs.net>
2018-05-15No overlapping sub-nets on any interface in the same table/VRF (VPP-943)Neale Ranns2-25/+82
DBGvpp# set int ip addr loop0 10.10.10.10/24 DBGvpp# set int ip addr loop0 10.10.10.11/24 set interface ip address: failed to add 10.10.10.11/24 which conflicts with 10.10.10.10/24 for interface loop0 Change-Id: Iba63ffafbd36b6146ce86adb78139da9d55b40ba Signed-off-by: Neale Ranns <nranns@cisco.com>
2018-05-14proxy: fix active open connection cleanupFlorin Coras1-2/+2
Thanks to DucTM for spotting the issue. Change-Id: I7985560f224c99cf0fdeea0c8457a3ac6f10b03c Signed-off-by: Florin Coras <fcoras@cisco.com>
2018-05-14Rework CP and DP communication in IPv6 RD (VPP-1256)Juraj Sloboda4-359/+163
Replace binary API communication between CP and DP with direct communication using function calls and callbacks. Change-Id: Ib54f09062217c028e5ee0e96ae2449cf7e9224e3 Signed-off-by: Juraj Sloboda <jsloboda@cisco.com>
2018-05-13Improve ipfix template packet rewrite constructionDave Barach4-10/+127
Instead of repeatedly cutting, pasting, and hacking to create a new callback, use vnet_flow_rewrite_generic_callback(). Add three arguments to the flow rewrite callback: (in) pointer to an array of report elements, (in) length of array, (out) pointer to the stream index Change existing code prototypes. Code owners encouraged to evaluate whether they can use the generic callback or not, at leisure. /* ipfix field definitions for a particular report */ typedef struct { u32 info_element; u32 size; } ipfix_report_element_t; Best generated like so: _(sourceIPv4Address, 4) \ _(destinationIPv4Address, 4) \ _(sourceTransportPort, 2) \ _(destinationTransportPort, 2) \ _(protocolIdentifier, 1) \ _(flowStartMicroseconds, 8) \ _(flowEndMicroseconds, 8) static ipfix_report_element_t simple_report_elements[] = { foreach_simple_report_ipfix_element }; ... /* Set up the ipfix report */ memset (&a, 0, sizeof (a)); a.is_add = 1 /* to enable the report */ ; a.domain_id = 1 /* pick a domain ID */ ; a.src_port = UDP_DST_PORT_ipfix /* src port for reports */ ; a.rewrite_callback = vnet_flow_rewrite_generic_callback; a.report_elements = simple_report_elements; a.n_report_elements = ARRAY_LEN (simple_report_elements); a.stream_indexp = &jim->stream_index; a.flow_data_callback = simple_flow_data_callback; /* Create the report */ rv = vnet_flow_report_add_del (frm, &a, &template_id); if (rv) return rv; ... Change-Id: If6131e6821d3a37a29269c0d58040cdf18ff05e4 Signed-off-by: Dave Barach <dave@barachs.net>
2018-05-13session: improve app verbose format functionFlorin Coras1-5/+6
Change-Id: Idae4ecb60351f2e74bad2f2a33c073de8412fcb0 Signed-off-by: Florin Coras <fcoras@cisco.com>
2018-05-13session: alloc one frame per output node dispatchFlorin Coras5-54/+94
Change-Id: I1f7877af61f3726cfb7b93ce7893f6df23e866a6 Signed-off-by: Florin Coras <fcoras@cisco.com>
2018-05-11Periodic scan and probe of IP neighbors to maintain neighbor poolsJohn Lo9-14/+533
Scan IPv4 and IPv6 neigbor pool entries once a minute to keep them up to date. The neighbor of an entry is probed if its time-stamp is older than 1 minute. If the neighbor respond, its time-stamp will be updated. If there is no response from a neighbor, its entry will be deleted when the time-stamp of the entry become more than 4 minutes old. Static neighbor entries are not probed nor deleted. Implemented CLI and API to enable and disable priodic scan of IPv4, IPv6 or both types of IP neighbors. CLI is "ip scan-neighbor" and API is "ip_scan_neighbor_enable_disable". Other IP neighbor scan parameters can also be changed from their defaults via the CLI/API. Change-Id: Id1a0a934ace15d03db845aa698bcbb9cdabebfcd Signed-off-by: John Lo <loj@cisco.com>
2018-05-11VPP-1275 Fix memory leaks in IPsec CLIKlement Sekera1-54/+83
Change-Id: I1f7c634328f25b33580a215af2daeb498cd3b181 Signed-off-by: Klement Sekera <ksekera@cisco.com>
2018-05-11Add ipfix exporter coding guideDave Barach1-0/+375
Change-Id: Iaa28f96d613d6fb75bd29958d757de206448eb22 Signed-off-by: Dave Barach <dave@barachs.net>
2018-05-11Fix issue with xconnect not working on the main interfaceDamjan Marion1-9/+6
Due to union, l2 sub-interface bits were wrongly set causing sporadic misconfiguration of l2 mode on some interfaces. Change-Id: Id77ee281e3a0030878641a786c22ffe16ce1c759 Signed-off-by: Damjan Marion <damarion@cisco.com>
2018-05-10vppinfra: use count_trailing_zeros in sparse_vec_indexDamjan Marion2-7/+7
It is much cheaper to use ctzll than to do shift,subtract and mask in likely case when we are looking for 1st set bit in the uword. Change-Id: I31954081571978878c7098bafad0c85a91755fa2 Signed-off-by: Damjan Marion <damarion@cisco.com>
2018-05-10vnet: device flow offload infraDamjan Marion11-0/+969
Change-Id: Ibea4a96bdec5e368301a03d8b11a0712fa0265e0 Signed-off-by: Damjan Marion <damarion@cisco.com>
2018-05-10session: fix proxy app multithreadingFlorin Coras1-15/+50
Change-Id: Ic5304749935f69018eb00183bb4670bb9f16273c Signed-off-by: Florin Coras <fcoras@cisco.com>
2018-05-10Change the way IP header pointer is calculated in esp_decrypt nodesSzymon Sliwa2-3/+11
The pointer to IP header was derived from l3_hdr_offset, which would be ok, if l3_hdr_offset was valid. But it does not have to be, so it was a bad solution. Now the previous nodes mark whether it is a IPv6 or IPv4 packet tyle, and in esp_decrypt we count get ip header pointer by substracting the size of the ip header from the pointer to esp header (which lies in front of the ip header). Change-Id: I6d425b90931053711e8ce9126811b77ae6002a16 Signed-off-by: Szymon Sliwa <szs@semihalf.com>
2018-05-10DHCP4 client process replies when renewing leaseMatthew Smith1-16/+24
When a DHCP client is in the bound state, it wakes up halfway through it's lease (by default) to try and renew the lease. The ip4-dhcp-client-detect is not enabled as a feature at this point, so replies sent from the DHCP server do not get applied to the lease. Eventually the lease expires, the address is removed from the interface, a new discovery is performed and the same address is added back to the interface. Before sending a request to renew in the bound state, enable the feature to process the reply. Change-Id: I95332ee0596f47df6f3c8bf8e3f0698dde9a1fc5 Signed-off-by: Matthew Smith <mgsmith@netgate.com>
2018-05-10tcp: fix jumbo retransmitsFlorin Coras1-42/+42
Change-Id: I1c8a14d4d51aa730f0edcf491e3c4725e2d8bd66 Signed-off-by: Florin Coras <fcoras@cisco.com>
2018-05-09ipsec: support UDP encap/decap for NAT traversalKlement Sekera9-33/+90
Change-Id: I65c12617ad49e4d5ef242e53988782f0cefa5684 Signed-off-by: Klement Sekera <ksekera@cisco.com>
2018-05-09session: cleanup session tx functionFlorin Coras6-324/+450
- rework the function to declutter and avoid building more than one tx frame - add dual loop although benefits in my tests seem to be minimal - improve tcp/udp echo external apps. They have slightly better throughput than internal echo apps. - udp bugfixes Change-Id: Iea4a245b1b1bb407a7f403dedcce2664a49f774b Signed-off-by: Florin Coras <fcoras@cisco.com>
2018-05-07BFD: Fix format_ip46_address() parameter ordering.Jon Loeliger1-1/+1
Change-Id: I2b50e3fc06b4e905395d4706083f12ebc76826ce Signed-off-by: Jon Loeliger <jdl@netgate.com>