summaryrefslogtreecommitdiffstats
path: root/src/vnet
AgeCommit message (Collapse)AuthorFilesLines
2017-11-03silence l2fib_init() invalid read of size 2 found by address-sanitizerGabriel Ganne1-1/+6
l2fib_make_key() casts and reads the input 6-Bytes mac_address as u64, therefore if the mac_address is declared with 6 Bytes only, address-sanitizer rightly triggers an invalid read on the last two Bytes. However, l2fib_make_key() does a 16 bits shift to discard those 2 values, therefore, this invalid read is of no consequence (and so can be silenced safely). Change-Id: I38646fe60073093d25cdf135185d4c96136d55d0 Signed-off-by: Gabriel Ganne <gabriel.ganne@enea.com>
2017-11-03session: support drop action in rules tableFlorin Coras4-36/+114
Change-Id: Ided2980373ed5329c68f958f61be893428bccd31 Signed-off-by: Florin Coras <fcoras@cisco.com>
2017-11-02session/udp: init rw locksFlorin Coras2-1/+14
Change-Id: I68152d7338ce0d7805e50ccf9e9046de02cfd206 Signed-off-by: Florin Coras <fcoras@cisco.com>
2017-11-02LISP: fix negative mapping timeout, VPP-1043Filip Tehlar1-1/+2
Change-Id: Ie57b81f8743f14182813558887d84d6667c81d43 Signed-off-by: Filip Tehlar <ftehlar@cisco.com>
2017-11-02Add builtin http server option to return static replyFlorin Coras1-23/+97
Change-Id: I9f4d1c7ee7b460a93198930a5a935fa90177cdad Signed-off-by: Florin Coras <fcoras@cisco.com>
2017-11-01session: fix proxy coverity warningsFlorin Coras1-1/+2
Change-Id: I8d233d2301fb0da0fe27fa36ba870484bb290b7b Signed-off-by: Florin Coras <fcoras@cisco.com>
2017-11-01session: add support for proxying appsFlorin Coras15-39/+353
To enable this, applications set the proxy flag in their attach requests and pass the transport protocols they want to act as proxies for as part of the attach options. When proxy is enabled, session rules that point incoming packets to the proxy app are addedd to the local and global session tables, if these scopes are accessible to the app. In particular, in case of the former, the rule accepts packets from all sources and all ports destined to the namespace's supporting interface address on any port. While in case of the latter, a generic any destination and any port rule is addedd. Change-Id: I791f8c1cc083350f02e26a2ac3bdbbfbfa19ece3 Signed-off-by: Florin Coras <fcoras@cisco.com>
2017-10-31Fix "l2fib add" CLI to allow adding of filter MAC entriesJohn Lo1-25/+17
When adding a filter MAC entry, the default sw_if_index of -1 was incorrectly validated and rejected. Change-Id: Id7f122b6269ea7c299a4335b05b748afaf01383c Signed-off-by: John Lo <loj@cisco.com>
2017-10-31Fix set interface mac address API to be endian neutralJohn Lo4-16/+10
Store and pass MAC address as 6 byte u8 array instead of u64 to make MAC address handling in set interface MAC endian neutral. The previous API handler only works for little endian. Change-Id: Ie4ec33a840bc5122ab1f17e25977e58f3466253b Signed-off-by: John Lo <loj@cisco.com>
2017-10-31LISP: add P-ITR/P-ETR/xTR API handlers, ONE-24Filip Tehlar12-72/+571
Change-Id: I25937cd7470c826d1e833e65530ae959c39139d8 Signed-off-by: Filip Tehlar <ftehlar@cisco.com>
2017-10-31l2fib: MAC: Fix uint64 to u8 byte arrayMohsin Kazmi5-49/+44
As per proposal on the mailing list, this patch fixes the represntation of MAC address in VPP API calls for · L2fib_add_del · L2_fib_table_details Change-Id: I31e17efd1a6314cded69666e693cb8fc33158d02 Signed-off-by: Mohsin Kazmi <sykazmi@cisco.com>
2017-10-31Refactor IP input checks for re-use at MPLS dispositionNeale Ranns5-277/+465
Change-Id: I7aafdecd6f370411138e6ab67b2ff72cda6e0666 Signed-off-by: Neale Ranns <nranns@cisco.com>
2017-10-30LISP: improve updating the dataplne when locators changeFilip Tehlar5-28/+74
Change-Id: Ifc0296834e25ddbdd0ad8283c061f309801b053c Signed-off-by: Filip Tehlar <ftehlar@cisco.com>
2017-10-29devices: Add binary API for set interface <interface> rx-modeSteven4-18/+88
Also add vat test code to test the subject API. The format is sw_interface_set_rx_mode sw_if_index <index> [queue <id>] <polling|nterrupt|adaptive> Change-Id: Ib810d85d430077865bead8cc08a070f8ae478225 Signed-off-by: Steven <sluong@cisco.com>
2017-10-29session: fix coverity warningsFlorin Coras2-7/+12
Change-Id: Ib87eccb853cafceea5f5513f6bb51c2364449afa Signed-off-by: Florin Coras <fcoras@cisco.com>
2017-10-28session: rules tablesFlorin Coras22-12/+2093
This introduces 5-tuple lookup tables that may be used to implement custom session layer actions at connection establishment time (session layer perspective). The rules table build mask-match-action lookup trees that for a given 5-tuple key return the action for the first longest match. If rules overlap, ordering is established by tuple longest match with the following descending priority: remote ip, local ip, remote port, local port. At this time, the only match action supported is to forward packets to the application identified by the action. Change-Id: Icbade6fac720fa3979820d50cd7d6137f8b635c3 Signed-off-by: Florin Coras <fcoras@cisco.com>
2017-10-27session: instantiate appns lookup table only onceFlorin Coras2-7/+11
Change-Id: I39d634b7691a524e5221c28997a737102298c281 Signed-off-by: Florin Coras <fcoras@cisco.com>
2017-10-26Consolidate short_help for classify table with memory-sizeHongjun Ni1-0/+1
When creating 32K classify sessions, VPP crashes. Default heap size is 2MB. Need to configure it when requiring large number sessions. Change-Id: I16678ee4a9e0ba61cbd2d3b38c43d10c59325968 Signed-off-by: Hongjun Ni <hongjun.ni@intel.com>
2017-10-26session: swap appns secret to host byte orderFlorin Coras1-1/+1
Change-Id: I355433e0f07b328c441ed642705b31ca5157fabe Signed-off-by: Florin Coras <fcoras@cisco.com>
2017-10-26fib test - fix undefined behavior warning found by clangGabriel Ganne3-3/+3
warning: passing an object that undergoes default argument promotion to 'va_start' has undefined behavior [-Wvarargs] Change-Id: Ic9cfd61e38983bd67f30bf92f605e6c87d103ca5 Signed-off-by: Gabriel Ganne <gabriel.ganne@enea.com>
2017-10-26VCL: add session namespace support.Dave Wallace3-17/+40
Change-Id: I04f1b63e66260d99c0dd180b0295a55a9b750df7 Signed-off-by: Dave Wallace <dwallacelf@gmail.com>
2017-10-26Allow IPsec interface to have SAs resetMatthew Smith5-1/+123
Make it easier to integrate with external IKE daemon. IPsec interfaces can have one or both SAs replaced after creation. This allows for the possibility of setting a new child SA on an interface when rekeying occurs. It also allows for the possibility of creating an interface ahead of time and updating the SA when parameters that are negotiated during IKE exchange become known. Change-Id: I0a31afdcc2bdff7098a924a51abbc58bdab2bd08 Signed-off-by: Matthew Smith <mgsmith@netgate.com>
2017-10-25lldp: protection code to check a valid interface indexSteve Shin1-2/+9
When lldp interface is set, it's better to check valid interface index. Change-Id: I0db0ab6483ad73d28c69893576aa9b719c3b087c Signed-off-by: Steve Shin <jonshin@cisco.com>
2017-10-25L3 proxy FIB source for container networkingAndrew Yourtchenko14-10/+381
Change-Id: I4164c4c19c8dbfd73e6ddf94a12056325cc093b9 Signed-off-by: Neale Ranns <nranns@cisco.com> Signed-off-by: Andrew Yourtchenko <ayourtch@gmail.com>
2017-10-24Update L2 header offset after VLAN tag rewriteNeale Ranns1-1/+3
Change-Id: I5c1df59bce7c9654101672a12981e5bd62e9adc4 Signed-off-by: Neale Ranns <nranns@cisco.com>
2017-10-24Add extern to *_main global variable declarations in header files.Dave Wallace49-33/+65
- Global variables declared in header files without the use of the 'extern' keword will result in multiple instances of the variable to be created by the compiler -- one for each different source file in which the the header file is included. This results in wasted memory allocated in the BSS segments as well as potentially introducing bugs in the application. Change-Id: I6ef1790b60a0bd9dd3994f8510723decf258b0cc Signed-off-by: Dave Wallace <dwallacelf@gmail.com>
2017-10-23af_packet: invalid TCP/UDP offload checksum on RX node recalculationJakub Grajciar6-3/+171
Change-Id: I1075e5d2a1b6dfe3a443b40b41b8458a30505680 Signed-off-by: Jakub Grajciar <Jakub.Grajciar@pantheon.tech> Signed-off-by: Jakub.Grajciar@pantheon.tech <Jakub.Grajciar@pantheon.tech>
2017-10-23VXLAN:small refactor to vxlan inputEyal Bari1-235/+175
Change-Id: I2e7e08e1de20ab57e3f899b080b90a3082219ae5 Signed-off-by: Eyal Bari <ebari@cisco.com>
2017-10-20Add reverse DNS (ip to name) resolutionDave Barach5-34/+311
Change-Id: Ic531d820b1846ff7363e5c396ac0b1176e87b401 Signed-off-by: Dave Barach <dave@barachs.net>
2017-10-20null-terminate some formatted stringGabriel Ganne3-0/+15
Any u8* variable created by format() is NOT null-terminated. Add the null terminating byte with vec_terminate_c_string(). If that variable is used by (at least) hash_get_mem(), then it needs to be null-terminated, as it will go through string_key_sum() which makes a call to strlen. Change-Id: I4e51e1b6668f557e53af3bb897cd281598eedbc0 Signed-off-by: Gabriel Ganne <gabriel.ganne@enea.com>
2017-10-19Remove unused 'not_last' parameter from ip_add_del_routeMarek Gradzki1-3/+0
Vat supports setting value for the parameter, but 'not_last' is ignored by ip_add_del_route handler, so can be removed. This patch - updates ip.api, - removes vat handlers - updates vpp_papi_provider.py (also mpls_route_add_del with unused not_last) Change-Id: Ife15de123db4bc8247103a29b90bce1988e46534 Signed-off-by: Marek Gradzki <mgradzki@cisco.com>
2017-10-19VPP-1024: rewrite buffer trajectory tracerDave Barach4-6/+134
Use a proper u16 * vector to capture node indices, since vpp w/ plugins now exceeds 255 graph nodes Change-Id: Ic48cad676fa3a6116413ddf08c083dd9660783f1 Signed-off-by: Dave Barach <dave@barachs.net>
2017-10-18LISP: fix crash when sending NSH map-request message, ONE-32Filip Tehlar1-0/+3
Change-Id: Ief8c3d3bec116e9f884981fb52af528f98b5f6ff Signed-off-by: Filip Tehlar <ftehlar@cisco.com>
2017-10-18VPP-930: add missing ntohl to send_ip6_fib_details(...)Dave Barach1-1/+1
Change-Id: I0c1671f3eaf2dad084e3ac9fb124c9ed78273f50 Signed-off-by: Dave Barach <dave@barachs.net>
2017-10-17session: fix connect corner case crash.Dave Wallace1-17/+20
Change-Id: I54ced42749432335183ee3085a9ccc5f95a87ae9 Signed-off-by: Dave Wallace <dwallacelf@gmail.com>
2017-10-17VPP-1032: fix coverity warningsDave Barach1-3/+12
Change-Id: Ic3a0c51e5408921051deaf2e50372d9654574b27 Signed-off-by: Dave Barach <dave@barachs.net>
2017-10-17Add API versioning to GENEVE tunnel implementation.Marco Varlese1-1/+3
Change-Id: I5974e5545d74af53c27938c8cdbae12745c38a54 Signed-off-by: Marco Varlese <marco.varlese@suse.com>
2017-10-17session: return local transport endpoint in connect replyFlorin Coras3-1/+14
Change-Id: I7794d5a0774017da4c1c15f45783a18754994ac8 Signed-off-by: Florin Coras <fcoras@cisco.com>
2017-10-16session: fix build when debugging is onFlorin Coras3-3/+3
Change-Id: I193832a0cd0557fffc034a1223f67fa64a4d45ae Signed-off-by: Florin Coras <fcoras@cisco.com>
2017-10-16udp: refactor udp codeFlorin Coras34-1175/+1697
Change-Id: I44d5c9df7c49b8d4d5677c6d319033b2da3e6b80 Signed-off-by: Florin Coras <fcoras@cisco.com>
2017-10-16DNS name resolver improvementsDave Barach4-31/+217
- Cache intermediate CNAME records - Bug fixes Change-Id: I06dcb558212fc5e9434281493c872577cf9b83e1 Signed-off-by: Dave Barach <dave@barachs.net>
2017-10-16LISP: fix map-request counters, ONE-25Filip Tehlar1-6/+5
Change-Id: I198f58a84c4692408f9205052af24ee22df7aeaa Signed-off-by: Filip Tehlar <ftehlar@cisco.com>
2017-10-15ip: avoid arp assert if out of buffers (VPP-1030)Florin Coras1-0/+4
Change-Id: Ia31b978c6c1619c3e0075a84fcbbb6ccbf1c0076 Signed-off-by: Florin Coras <fcoras@cisco.com>
2017-10-15Revert "Enforce FIB table creation before use"Florin Coras5-11/+78
This reverts commit f9342023c19887da656133e2688a90d70383b0c5. Reverting to unblock master. No idea why jjb +1ed this patch! On closer inspection it looks like it -1ed it and subsequently changed opinion. CSIT tests should be fixed before re-merging. Change-Id: I26608912a962c52083073e16c7c9d2cc44a3cc8d Signed-off-by: Florin Coras <fcoras@cisco.com>
2017-10-14change format_get_indent() to use u32 instead of uwordGabriel Ganne1-1/+1
This follows commit d3c008d108aa2187d1a2afe2833b4de25ca2c2ab by Christophe Fontaine. Change-Id: I0c4df40df44be2ac0ab25817fa050a1f619eca4d Signed-off-by: Gabriel Ganne <gabriel.ganne@enea.com>
2017-10-14Add API call to set keys on IPsec tunnel intfMatthew Smith2-0/+75
There was already a CLI command and a libvnet function to set the keys on an existing IPsec tunnel interface. Expose this via the API. Change-Id: I226a9616f680fc022f04447177a2e8232690657f Signed-off-by: Matthew Smith <mgsmith@netgate.com>
2017-10-14Source Lookup progammable via APINeale Ranns9-12/+85
Change-Id: I5d5d4f22b6369d504455a644f73076d772fbcfb4 Signed-off-by: Neale Ranns <nranns@cisco.com>
2017-10-14vhost: crash under heavy traffic condition due to memory corruption (VPP-1016)Steven1-2/+33
With heavy traffic, tx code path may crash due to memory corruption Thread 5 "vpp_wk_2" received signal SIGSEGV, Segmentation fault. [Switching to Thread 0x7fff3995c700 (LWP 2505)] 0x00007ffff73675e8 in vhost_user_if_input (vm=0x7fffb5f5bf9c, vum=0x7ffff7882a40 <vhost_user_main>, vui=0x7fffb65570c4, qid=0, node=0x7fffb6577dac, mode=VNET_HW_INTERFACE_RX_MODE_POLLING) at /home/sluong/vpp-master/vpp/build-data/../src/vnet/devices/virtio/vhost-user.c:1610 1610 bi_current = (vum->cpus[thread_index].rx_buffers) [vum->cpus[thread_index].rx_buffers_len]; (gdb) p vum->cpus[thread_index].rx_buffers_len $2 = 793212607 (gdb) Apparently, some code accidentally wrote the bad value in rx_buffers_len. rx_buffers_len should never be greater than 1024 since that is how many buffers we request each time. After debugging many hours, I discovered that the memory corruption happens in the tx code path right here on line 2176. { vhost_copy_t *cpy = &vum->cpus[thread_index].copy[copy_len]; copy_len++; cpy->len = bytes_left; cpy->len = (cpy->len > buffer_len) ? buffer_len : cpy->len; cpy->dst = buffer_map_addr; cpy->src = (uword) vlib_buffer_get_current (current_b0) + current_b0->current_length - bytes_left; (gdb) p cpy $3 = (vhost_copy_t *) 0x7fffb554077c (gdb) p copy_len $4 = 1025 (gdb) p &vum->cpus[3].rx_buffers_len $8 = (u32 *) 0x7fffb5540784 copy_len is picking up the index entry 1024 before it was incremented. copy array has only 1024 members (0 - 1023 are valid). The assignment here in cpy surely causes memory corruption. It is only discovered later when the memory location that it corrupted is used. The condition for the crash is to transmit jumbo frames under heavy volume. Since ring size is 1024, with one packet taking up one index for frame size (less 2048), it does not cause overflow. With jumbo frames, it requires multiple indices for one packet, it can cause the overflow under heavy traffic. The fix is to do copy out when we have 1000 entries in the array to avoid overflow. Change-Id: Iefbc739b8e80470f1cf13123113f8331ffcd0eb2 Signed-off-by: Steven <sluong@cisco.com>
2017-10-13Enforce FIB table creation before useNeale Ranns5-78/+11
last i the serise of the use of the FIB table create/delete API. VPP now forces the tables to have been explicitly creted before they are used. Change-Id: Ifde3b1bbb76697a01ab71bce4f5264e6d1725467 Signed-off-by: Neale Ranns <nranns@cisco.com>
2017-10-13VPP-1027: DNS name resolverDave Barach10-2/+2958
This patch is a plausible first-cut, suitable for initial testing by vcl (host stack client library). Main features; - recursive name resolution - multiple ip4/ip6 name servers - cache size limit enforcement - currently limited to 65K - ttl / aging - static mapping support - show / clear / debug CLI commands Binary APIs provided for the following: - add/delete name servers - enable/disable the name cache - resolve a name To Do list: - Respond to ip4/ip6 client DNS requests (vs. binary API requests) - Perf / scale tuning - map pending transaction ids to pool indices, so the cache can (greatly) exceed 65K entries - Security improvements - Use unpredictable dns transaction IDs, related to previous item - Make sure that response-packet src ip addresses match the server - Add binary APIs - deliver raw response data to clients - control recursive name resolution - Documentation Change-Id: I48c373d5c05d7108ccd814d4055caf8c75ca10b7 Signed-off-by: Dave Barach <dave@barachs.net>