diff options
| -rw-r--r-- | build/build_common.mk | 5 | ||||
| -rw-r--r-- | docs/spelling_wordlist.txt | 1 | ||||
| -rw-r--r-- | src/plugins/bpf_trace_filter/bpf_trace_filter.rst | 65 | ||||
| -rw-r--r-- | src/plugins/dns/dns.c | 81 |
4 files changed, 150 insertions, 2 deletions
diff --git a/build/build_common.mk b/build/build_common.mk index 5c4a1654919..88529a4537e 100644 --- a/build/build_common.mk +++ b/build/build_common.mk @@ -14,6 +14,9 @@ # Scripts require non-POSIX parts of bash SHELL := $(shell which bash) +ifneq ($(NOMAD_TASK_NAME),) +WORKSPACE ?= $(shell dirname $(shell dirname $(CURDIR))) +endif DL_CACHE_DIR = $(HOME)/Downloads MAKE_ARGS ?= -j BUILD_DIR ?= $(CURDIR)/_build @@ -34,7 +37,7 @@ D := $(DOWNLOAD_DIR) ifeq ($(WORKSPACE),) L := $(B) else -L := $(WORKSPACE)/archives/vpp-ext-deps +L := $(WORKSPACE)/archives/install-deps-logs $(shell rm -rf $(L) && mkdir -p $(L)) endif diff --git a/docs/spelling_wordlist.txt b/docs/spelling_wordlist.txt index 54976ace356..c69869665bb 100644 --- a/docs/spelling_wordlist.txt +++ b/docs/spelling_wordlist.txt @@ -119,6 +119,7 @@ burstiness busybox BV bvi +bytecode byteswap cacheline callees diff --git a/src/plugins/bpf_trace_filter/bpf_trace_filter.rst b/src/plugins/bpf_trace_filter/bpf_trace_filter.rst index 63deddbc5ab..0cd9902fda7 100644 --- a/src/plugins/bpf_trace_filter/bpf_trace_filter.rst +++ b/src/plugins/bpf_trace_filter/bpf_trace_filter.rst @@ -1,4 +1,67 @@ BPF Trace Filter Function ============================ This plugin provides a trace filter function that relies on a BPF interpreter to select which packets -must be traced.
\ No newline at end of file +must be traced. This filter function can be applied to vpp traces and pcap captures. + +Note that if a classifier-based filter has been specified, then it will be used +in conjunction with the BPF filter. + +Setting BPF filter: +--------------------- + +Add filter for ICMP packets +:: + + vpp# set bpf trace filter {{ip proto icmp}} + +Show BPF bytecode: +:: + + vpp# show bpf trace filter + (000) ldh [12] + (001) jeq #0x800 jt 2 jf 5 + (002) ldb [23] + (003) jeq #0x1 jt 4 jf 5 + (004) ret #65535 + (005) ret #0 + +Applying BPF filter on trace: +----------------------------- + +Enable BPF filter function for trace: +:: + + vpp# set trace filter function bpf_trace_filter + vpp# show trace filter function + (*) name:bpf_trace_filter description: bpf based trace filter priority: 10 + name:vnet_is_packet_traced description: classifier based filter priority: 50 + +Add trace with filter: +:: + + vpp# trace add <input-graph-node> 100 filter + vpp# show trace + +Enabling BPF filter on pcap capture: +------------------------------------- + +Enable BPF filter function for pcap capture: +:: + + vpp# set pcap filter function bpf_trace_filter + vpp# show pcap filter function + (*) name:bpf_trace_filter description: bpf based trace filter priority: 10 + name:vnet_is_packet_traced description: classifier based filter priority: 50 + +Enable pcap capture with filter: +:: + + vpp# pcap trace rx tx max 1000 intfc <interface> filter + vpp# pcap trace off + +Additional information: +------------------------------------- + +BPF syntax reference : https://www.tcpdump.org/manpages/pcap-filter.7.html + +FAQ on limitations when filtering on VLAN/Geneve/MPLS packets: https://www.tcpdump.org/faq.html#q13 diff --git a/src/plugins/dns/dns.c b/src/plugins/dns/dns.c index 3cecf942d55..de01474703b 100644 --- a/src/plugins/dns/dns.c +++ b/src/plugins/dns/dns.c @@ -2304,6 +2304,87 @@ VLIB_CLI_COMMAND (dns_cache_add_del_command) = .function = dns_cache_add_del_command_fn, }; +static clib_error_t * +dns_enable_disable_command_fn (vlib_main_t *vm, unformat_input_t *input, + vlib_cli_command_t *cmd) +{ + dns_main_t *dm = &dns_main; + u32 enable_disable; + int rv; + + enable_disable = 0; + + while (unformat_check_input (input) != UNFORMAT_END_OF_INPUT) + { + if (unformat (input, "enable")) + enable_disable = 1; + else if (unformat (input, "disable")) + enable_disable = 0; + else + return clib_error_return (0, "unknown input `%U'", + format_unformat_error, input); + } + + rv = dns_enable_disable (vm, dm, enable_disable); + if (rv) + return clib_error_return (0, "%U", format_vnet_api_errno, rv); + + return 0; +} + +VLIB_CLI_COMMAND (dns_enable_disable_command) = { + .path = "dns", + .short_help = "dns [enable][disable]", + .function = dns_enable_disable_command_fn, +}; + +static clib_error_t * +dns_name_server_add_del_command_fn (vlib_main_t *vm, unformat_input_t *input, + vlib_cli_command_t *cmd) +{ + dns_main_t *dm = &dns_main; + u8 is_add = 1; + ip6_address_t ip6_server; + ip4_address_t ip4_server; + int ip6_set = 0; + int ip4_set = 0; + int rv = 0; + + while (unformat_check_input (input) != UNFORMAT_END_OF_INPUT) + { + if (unformat (input, "%U", unformat_ip6_address, &ip6_server)) + ip6_set = 1; + else if (unformat (input, "%U", unformat_ip4_address, &ip4_server)) + ip4_set = 1; + else if (unformat (input, "del")) + is_add = 0; + else + return clib_error_return (0, "unknown input `%U'", + format_unformat_error, input); + } + + if (ip4_set && ip6_set) + return clib_error_return (0, "Only one server address configed"); + if ((ip4_set + ip6_set) == 0) + return clib_error_return (0, "Server address required"); + + if (ip6_set) + rv = dns6_name_server_add_del (dm, ip6_server.as_u8, is_add); + else + rv = dns4_name_server_add_del (dm, ip4_server.as_u8, is_add); + + if (rv) + return clib_error_return (0, "%U", format_vnet_api_errno, rv); + + return 0; +} + +VLIB_CLI_COMMAND (dns_name_server_add_del_command) = { + .path = "dns name-server", + .short_help = "dns name-server <ip-address> [del]", + .function = dns_name_server_add_del_command_fn, +}; + #define DNS_FORMAT_TEST 1 #if DNS_FORMAT_TEST > 0 |