| 365b7f34 | 05-Nov-2024 |
Robin Jarry <rjarry@redhat.com> |
net: improve IPv6 header types alignment
IPv6 headers are always aligned on a 2-bytes grid.
Reflect this in the structure definition.
Signed-off-by: Robin Jarry <rjarry@redhat.com>
Reviewed-by: Mor
net: improve IPv6 header types alignment
IPv6 headers are always aligned on a 2-bytes grid.
Reflect this in the structure definition.
Signed-off-by: Robin Jarry <rjarry@redhat.com>
Reviewed-by: Morten Brørup <mb@smartsharesystems.com>
show more ...
|
| c14fba68 | 04-Nov-2024 |
David Marchand <david.marchand@redhat.com> |
net: fix IPv4 cksum simple function
The new function breaks compilation with -Wcast-align.
In file included from
/home/runner/work/ovs/ovs/dpdk-dir/include/rte_ip.h:9:
/home/runner/work/ovs/ovs/dpd
net: fix IPv4 cksum simple function
The new function breaks compilation with -Wcast-align.
In file included from
/home/runner/work/ovs/ovs/dpdk-dir/include/rte_ip.h:9:
/home/runner/work/ovs/ovs/dpdk-dir/include/rte_ip4.h:191:10:
error: cast from 'const uint8_t *' (aka 'const unsigned char *')
to 'const unaligned_uint16_t *' (aka 'const unsigned short *')
increases required alignment from 1 to 2 [-Werror,-Wcast-align]
v16_h = (const unaligned_uint16_t *)&ipv4_hdr->version_ihl;
^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Fix this by aligning rte_ipv4_hdr to two bytes, and point at the start
of the structure rather than the first field (which happens to be 1 byte
large).
Fixes: f9e1d67f237a ("net: add IPv4 cksum function for simple cases")
Signed-off-by: David Marchand <david.marchand@redhat.com>
Reviewed-by: Morten Brørup <mb@smartsharesystems.com>
Acked-by: Bruce Richardson <bruce.richardson@intel.com>
show more ...
|
| 1d9c6bbe | 24-Oct-2024 |
Robin Jarry <rjarry@redhat.com> |
net: fix out-of-bound access in IPv6 address mask
Fix the following out-of-bounds read in rte_ipv6_addr_mask() reported by
Coverity:
83 static inline void
84 rte_ipv6_addr_mask(struct rte_ipv6_addr
net: fix out-of-bound access in IPv6 address mask
Fix the following out-of-bounds read in rte_ipv6_addr_mask() reported by
Coverity:
83 static inline void
84 rte_ipv6_addr_mask(struct rte_ipv6_addr *ip, uint8_t depth)
85 {
1. Condition depth < 128 /* 16 * 8 */, taking true branch.
2. cond_at_most: Checking depth < 128 implies that depth may be
up to 127 on the true branch.
86 if (depth < RTE_IPV6_MAX_DEPTH) {
3. assignment: Assigning: d = depth / 8.
The value of d may now be up to 15.
87 uint8_t d = depth / 8;
88 uint8_t mask = ~(UINT8_MAX >> (depth % 8));
89 ip->a[d] &= mask;
4. incr: Incrementing d. The value of d may now be up to 16.
90 d++;
CID 446754: (#1 of 1): Out-of-bounds read (OVERRUN)
5. overrun-local: Overrunning array of 16 bytes at byte offset
16 by dereferencing pointer &ip->a[d].
91 memset(&ip->a[d], 0, sizeof(*ip) - d);
92 }
93 }
Use a simple loop instead of memset.
Coverity issue: 446754
Fixes: ca786def84ca ("net: add IPv6 address structure and utils")
Signed-off-by: Robin Jarry <rjarry@redhat.com>
Acked-by: Morten Brørup <mb@smartsharesystems.com>
show more ...
|
| b805c834 | 24-Oct-2024 |
Robin Jarry <rjarry@redhat.com> |
net: fix overflowed array index in IPv6 address utils
Fix the following overflowed array index reads reported by Coverity:
107 static inline bool
108 rte_ipv6_addr_eq_prefix(const struct rte_ipv6_a
net: fix overflowed array index in IPv6 address utils
Fix the following overflowed array index reads reported by Coverity:
107 static inline bool
108 rte_ipv6_addr_eq_prefix(const struct rte_ipv6_addr *a,
const struct rte_ipv6_addr *b, uint8_t depth)
109 {
1. Condition depth < 128 /* 16 * 8 */, taking true branch.
110 if (depth < RTE_IPV6_MAX_DEPTH) {
2. cast_overflow: Truncation due to cast operation on depth / 8
from 32 to 8 bits.
3. overflow_assign: d is assigned from depth / 8.
111 uint8_t d = depth / 8;
112 uint8_t mask = ~(UINT8_MAX >> (depth % 8));
113
CID 446756: (#1 of 1): Overflowed array index read
4. deref_overflow: d, which might have overflowed, is used in
a pointer index in a->a[d].
114 if ((a->a[d] ^ b->a[d]) & mask)
115 return false;
116
117 return memcmp(a, b, d) == 0;
118 }
119 return rte_ipv6_addr_eq(a, b);
120 }
The same issue has been reported both in rte_ipv6_addr_eq_prefix() and
rte_ipv6_addr_mask(). All arithmetic operations are made using regular
integers and then truncated on assign if necessary (or if explicitly
down cast to a smaller type). In this case, the result of (depth / 8) is
assumed to be on 32 bits and is implicitly down cast 8 bits. This is
causing a warning because it may result in unexpected behaviour.
Change the type of the d variables to unsigned int (32bit by default) to
avoid the overflow warning. Since depth is strictly lesser than
RTE_IPV6_MAX_DEPTH, d will always be lesser than RTE_IPV6_ADDR_SIZE.
Replace the magic 8 literals with CHAR_BIT to be consistent with the
definition of RTE_IPV6_MAX_DEPTH.
Coverity issue: 446756, 446758
Fixes: ca786def84ca ("net: add IPv6 address structure and utils")
Signed-off-by: Robin Jarry <rjarry@redhat.com>
Acked-by: Morten Brørup <mb@smartsharesystems.com>
show more ...
|
| cba27998 | 18-Jun-2024 |
Gregory Etelson <getelson@nvidia.com> |
net: add IPv6 traffic class and flow label fields
DPDK IPv6 header definition combined the `version`, `traffic class`
and `flow label` header fields into a single 32 bits structure member
`vtc_flow`
net: add IPv6 traffic class and flow label fields
DPDK IPv6 header definition combined the `version`, `traffic class`
and `flow label` header fields into a single 32 bits structure member
`vtc_flow`.
The patch expands IPv6 header definition with dedicated structure
members for the `version`, `traffic class` and `flow label` fields.
The `traffic class` is also separated into DS and ECN fields.
The patch also preserves existing `vtc_flow` structure member for
backward compatibility.
Signed-off-by: Gregory Etelson <getelson@nvidia.com>
Reviewed-by: Morten Brørup <mb@smartsharesystems.com>
show more ...
|
| ca786def | 18-Oct-2024 |
Robin Jarry <rjarry@redhat.com> |
net: add IPv6 address structure and utils
There is currently no structure defined for IPv6 addresses. Introduce
one that is simply a uint8_t array of 16 elements. The idea is to ensure
this structur
net: add IPv6 address structure and utils
There is currently no structure defined for IPv6 addresses. Introduce
one that is simply a uint8_t array of 16 elements. The idea is to ensure
this structure alignment is 1 so that it can be mapped directly on
unaligned packet memory.
Add utility functions and macros that use the newly added rte_ipv6_addr
structure. Add basic unit tests to ensure everything works as expected.
These functions will be used in the next commits to replace private
and/or duplicated functions.
Signed-off-by: Robin Jarry <rjarry@redhat.com>
show more ...
|
| 1a2b549b | 18-Oct-2024 |
Robin Jarry <rjarry@redhat.com> |
net: split IPv4 and IPv6 symbols in separate headers
Split IPv4 and IPv6 symbols in two separate headers. rte_ip4.h and
rte_ip6.h, respectively.
Update doxygen index accordingly.
Include rte_ip4.h
net: split IPv4 and IPv6 symbols in separate headers
Split IPv4 and IPv6 symbols in two separate headers. rte_ip4.h and
rte_ip6.h, respectively.
Update doxygen index accordingly.
Include rte_ip4.h and rte_ip6.h in rte_ip.h for backward compatibility
in applications.
Signed-off-by: Robin Jarry <rjarry@redhat.com>
Acked-by: Stephen Hemminger <stephen@networkplumber.org>
show more ...
|
| 4149b1fb | 18-Oct-2024 |
Robin Jarry <rjarry@redhat.com> |
net: split raw checksum functions in separate header
The checksum functions are used by both ipv4 and ipv6 functions. In
preparation of moving ipv6 symbols to a new header, move the checksum
related
net: split raw checksum functions in separate header
The checksum functions are used by both ipv4 and ipv6 functions. In
preparation of moving ipv6 symbols to a new header, move the checksum
related symbols to another dedicated header.
Update doxygen index accordingly.
Signed-off-by: Robin Jarry <rjarry@redhat.com>
Acked-by: Stephen Hemminger <stephen@networkplumber.org>
show more ...
|
| ee86d6e9 | 18-Apr-2024 |
David Marchand <david.marchand@redhat.com> |
net: clear outer UDP checksum in Intel prepare helper
If requesting an inner (L3/L4 checksum or L4 segmentation) offload,
when the hardware does not support recomputing outer UDP checksum,
automatic
net: clear outer UDP checksum in Intel prepare helper
If requesting an inner (L3/L4 checksum or L4 segmentation) offload,
when the hardware does not support recomputing outer UDP checksum,
automatically disable it in the common helper.
Signed-off-by: David Marchand <david.marchand@redhat.com>
Tested-by: Ali Alnubani <alialnu@nvidia.com>
show more ...
|
| 77cb7b18 | 05-Jun-2024 |
Gavin Li <gavinl@nvidia.com> |
net: extend VXLAN header to support more extensions
VXLAN and VXLAN-GPE were supported with similar header structures.
In order to add VXLAN-GBP, which is another extension to VXLAN, both
extensions
net: extend VXLAN header to support more extensions
VXLAN and VXLAN-GPE were supported with similar header structures.
In order to add VXLAN-GBP, which is another extension to VXLAN, both
extensions are merged in the original VXLAN header structure for an easier
usage. More VXLAN extensions may be added in the future in the same single
structure.
VXLAN and VXLAN-GBP use the same UDP port (4789), while VXLAN-GPE uses a
different port (4790).
The three protocols have the same header length and overall a similar
header structure as below.
0 1 2 3
0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
|R|R|R|R|I|R|R|R| Reserved |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| VXLAN Network Identifier (VNI) | Reserved |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
Figure 1: VXLAN Header
0 1 2 3
0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
|R|R|Ver|I|P|B|O| Reserved |Next Protocol |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| VXLAN Network Identifier (VNI) | Reserved |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
Figure 2: VXLAN-GPE Header
0 1 2 3
0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
|G|R|R|R|I|R|R|R|R|D|R|R|A|R|R|R| Group Policy ID |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| VXLAN Network Identifier (VNI) | Reserved |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
Figure 3: VXLAN-GBP Extension
Both GPE and GBP are extending VXLAN by using some reserved bits.
It means the packets can be processed with the same pattern and most of
the code can be reused.
The old field names are kept with the use of anonymous unions.
The Group Policy ID (GBP) and the Next Protocol (GPE) fields are
overlapping so they are in a union as well.
Another improvement is defining and documenting each bit.
Instead of adding flow items, a single VXLAN flow item is more flexible
as it uses the same header anyway.
GBP can be matches with the G bit.
GPE can be matched with the UDP port number.
VXLAN-GPE flow item and specific header are marked as deprecated.
A removal of the deprecated structures and macros may be proposed later.
Signed-off-by: Gavin Li <gavinl@nvidia.com>
Signed-off-by: Thomas Monjalon <thomas@monjalon.net>
show more ...
|