Age | Commit message (Collapse) | Author | Files | Lines |
|
Change-Id: Ieeafb41d10959700bfd434cd455800af31944150
Signed-off-by: Matus Fabian <matfabia@cisco.com>
|
|
The users of ACL lookup contexts might not check the data they supply,
so do it on their behalf in this function, and return an error if
an ACL does not exist or if they attempt to apply the same ACL twice.
Change-Id: I89d871e60f267ce643f88574c83baf9cd0a2d7b3
Signed-off-by: Andrew Yourtchenko <ayourtch@gmail.com>
(cherry picked from commit e5cbccf35f4d230afafa633abbc88e64ef33d758)
|
|
using the inline functions
The acl_main struct, which is defined in the acl_plugin, is not visible when
the ACL plugin inline code is being compiled within the context of other plugins.
Fix that by using the global pointer variable, which exists in both the ACL plugin
context and is set in the context of the external plugins using ACL plugin.
Change-Id: Iaa74dd8cf36ff5442a06a25c5c968722116bddf8
Signed-off-by: Andrew Yourtchenko <ayourtch@gmail.com>
(cherry picked from commit 1286a15a6e60f80b0e1b349f876de8fa38c71368)
|
|
Change-Id: If536ae142dc0109b587d92981d337bc6f15e070a
Signed-off-by: Damjan Marion <damarion@cisco.com>
|
|
- Ignore warnings W504 (newline after binary operator) which otherwise
occurs a significant number of times.
- Fix two instances of lines >79 chars.
Change-Id: I8cef56f8afc237187995e638e610c8c0554e2bb5
Signed-off-by: Chris Luke <chrisy@flirble.org>
|
|
So current makefile covers opensuse tumbleweed and
current opensuse leap 12.3. Neither of these cover
new leap 15 package naming. Cannot only use Name
or ID do to release differences.
Change-Id: I7ffcabb3a5af5b0789ba827209355050f6dc5204
Signed-off-by: Ed Kern <ejk@cisco.com>
|
|
lb session with the same user maybe deleted.
Change-Id: Ie58579cf4f8babb594f3c44aa185720134c58c3d
Signed-off-by: ahdj007 <dong.juan1@zte.com.cn>
|
|
Change-Id: I6400b77de388c01e85209e5dc5f11ccafb79a459
Signed-off-by: Radu Nicolau <radu.nicolau@intel.com>
|
|
Change-Id: Iaadfbc75832e37ae52511b25448da14116214fc1
Signed-off-by: Francois Clad <fclad@cisco.com>
|
|
With no IPv4 output features on an IPsec tunnel inferface,
when packets are forwarded to that interface, they reach
the ipsec-if-output node via the output_node_index on the
hw interface and they are handled correctly.
When an IPv4 output feature (e.g. output ACL, outbound
NAT) is enabled on an IPsec tunnel interface, outbound
IPsec stops working for that interface. The last node in
the ip4-output feature arc is interface-output. From there
a packet is sent to ipsec<N>-output, and then ipsec<N>-tx.
The tx function for an IPsec tunnel interface that is
called by ipsec<N>-tx is a dummy that doesn't do anything
except write a warning message.
Enable a feature on the interface-output feature arc for
an IPsec tunnel interface so the ipsec-if-output node is
reached from the interface-output node.
Change-Id: Ia9c73d3932f5930ec7ce0791a0375b1d37148b01
Signed-off-by: Matthew Smith <mgsmith@netgate.com>
|
|
We need to keep original linked list so destructire can remove entries.
Change-Id: I5ff5ca0e1a417d88707255207725bba46433c943
Signed-off-by: Damjan Marion <damarion@cisco.com>
|
|
Change-Id: I50ff0cacf88182f8e0be19840c50f4954de586e2
Signed-off-by: Neale Ranns <neale.ranns@cisco.com>
|
|
Change-Id: I32f68e2ee8f5d32962acdefb0193583f71d342b3
Signed-off-by: Damjan Marion <damarion@cisco.com>
|
|
Change-Id: I71660eb327124179ff200763c4743cc81dc6e1c6
Signed-off-by: Matus Fabian <matfabia@cisco.com>
|
|
helps troubleshooting JVpp test failures.
Change-Id: I4747832a0610ace168285bfe423c506ba4e00700
Signed-off-by: Marek Gradzki <mgradzki@cisco.com>
|
|
dpdk plugin self-disables if there are no hugepages available
Change-Id: Ib286e1a370deeb21248e6e961573ef9c68759b4c
Signed-off-by: Damjan Marion <damarion@cisco.com>
Signed-off-by: Dave Barach <dave@barachs.net>
|
|
Change-Id: I0efd03bdb84bc9ff2334d398bfdb82486228114a
Signed-off-by: Neale Ranns <neale.ranns@cisco.com>
|
|
Change-Id: I1fcc742699a60ef99ce97b35f7b964ee6ad29ddf
Signed-off-by: Klement Sekera <ksekera@cisco.com>
|
|
JIRA: VPP-1227
Remove rpm tmp dir build debuginfo rpms.
Reverses commits to fix a build problem with old versions of rpmbuild
that prevented builds in chrooted environments with short paths
and short project names.
Change-Id: I852696dccc984bf4882fd3ca9ec4c8da080bdb41
Signed-off-by: Thomas F Herbert <therbert@redhat.com>
|
|
JIRA: VPP-1229
Subunit and Subunit-devel in Fedora and Epel but not Centos.
This patch moves the Fedora from the Centos specific requirements.
Change-Id: I093a4571cddf14af5ee2827ba8ee00c7bcbe6fc0
Signed-off-by: Thomas F Herbert <therbert@redhat.com>
|
|
Change-Id: I2b1d1035f810cb58356626cf081d46eb289265b4
Signed-off-by: Neale Ranns <nranns@cisco.com>
|
|
If l2-fwd node does not find an L2FIB entry for DMAC of packet,
use input feature bitmap to find next node instead of always
sending packet to l2-flood node to perform unknow unicast flood.
It provides possibilty of using other feature to forward unknow
unicast packet instead of flooding the BD.
Change-Id: I56b277050537678c92bd548d96d87cadc8d2e287
Signed-off-by: John Lo <loj@cisco.com>
|
|
Although mbedtls is in Fedora and Epel, it is not
in Centos yet. It is not strictly necessary for TLS
which also can use openssl.
Change-Id: Id62d52000f9ecda2fc10d1938f02be1142fa5bdb
Signed-off-by: Thomas F Herbert <therbert@redhat.com>
|
|
Adopt nova naming convention for vhost-user interfaces.
Change-Id: If70f0828106bf594eb11d4f0ed2898a35ec0af15
Signed-off-by: Mohsin Kazmi <sykazmi@cisco.com>
|
|
Change-Id: I78a4176f98c2b4630a57ac5ddb7faf58ba0c4ee1
Signed-off-by: Neale Ranns <nranns@cisco.com>
|
|
Change-Id: Id775efb2e85d850e510d00f1b48bb711a3342397
Signed-off-by: Damjan Marion <damarion@cisco.com>
|
|
Change-Id: I3700fc1d140e30da783e41762670618f0298c7db
Signed-off-by: Mohsin Kazmi <sykazmi@cisco.com>
|
|
Change-Id: I92ca28d3007f7ea43cd3e8b20659e400dfa6c75c
Signed-off-by: Jon Loeliger <jdl@netgate.com>
|
|
Change-Id: I81d870ab9fc0b1f0e1b777d56ca7870ff99c7c2c
Signed-off-by: Chris Luke <chrisy@flirble.org>
|
|
Revert "Setup for branch stable/1804"
This reverts commit c9c0988a0f331cbecfefb3f8cf0617b42bc89139.
Change-Id: I53ac0e9742317962aebe6f6eb5c9180fa87af2a8
Signed-off-by: Chris Luke <chrisy@flirble.org>
|
|
Change-Id: I09360055222efba6fad178b4fa5917808b551a9d
Signed-off-by: Chris Luke <chrisy@flirble.org>
|
|
Change-Id: Ibcffee7d20dbb79720199bcd82d2353f39d5544f
Signed-off-by: Chris Luke <chrisy@flirble.org>
|
|
Change-Id: I65306fb1f8e39221dd1d8c00737a7fb1c0129ba8
Signed-off-by: Damjan Marion <damarion@cisco.com>
|
|
Use device-input and interface-output feautre arcs to collect unicast, multicast
and broadcast states for RX and TX resp. Since these feature arcs are present only
for 'physical' interfaces (i.e. not su-interfaces) counter collection is supported
only on parent interface types.
Change-Id: I915c235e336b0fc3a3c3de918f95dd674e4e0e4e
Signed-off-by: Neale Ranns <nranns@cisco.com>
Signed-off-by: Mohsin Kazmi <sykazmi@cisco.com>
|
|
Change-Id: Ia99490180683e8649784f7d9d18c509c3ca78438
Signed-off-by: Neale Ranns <nranns@cisco.com>
|
|
Change-Id: I32b30210c2f1aec10a1b614d04f427662326a3d2
Signed-off-by: Matus Fabian <matfabia@cisco.com>
|
|
Change-Id: Ifb4d23059b7989c32a52eaf0c25c275b35e83010
Signed-off-by: Matus Fabian <matfabia@cisco.com>
|
|
dpdk-input was dropping packets with bad ip-checksum on l2 interfaces
Change-Id: Ife5b52766bb71e878b1da6e94ae7b8a1e59fc478
Signed-off-by: Eyal Bari <ebari@cisco.com>
|
|
Allow setting of VPP_PYTHON_PREFIX to alternate location
so the python prereqs can be installed into base image
Also added test-dep trigger to isolate dependency install
from actual test run
Change-Id: Ia80f5dbf71bc24eb46cd6586bcadd474ef822704
Signed-off-by: Ed Kern <ejk@cisco.com>
|
|
This change fixes a bug which would corrupt features infra by making
feature infra resistant to double-removal. It also fixes 'out of memory'
issue by properly initializing the bihash tables.
Change-Id: I78ac03139234a9a0e0b48e7bdfac1c38a0069e82
Signed-off-by: Klement Sekera <ksekera@cisco.com>
|
|
use api_helper_macros.h
declare plugin_main_t external in the header file
declare plugin_main_t instance in plugin.c
setup main_t->vlib_main, main_t->vnet_main in the init routine
Change-Id: Ib8c742a60c63adfe9724447e1a2acc8c7723e90c
Signed-off-by: Dave Barach <dave@barachs.net>
|
|
Change-Id: I148cb40c8bea55dabe54fa6a662d46862e571640
Signed-off-by: Florin Coras <fcoras@cisco.com>
|
|
The default config on Ubuntu 16.04.4 desktop results in truncated cores
when running make test which coredumps. Uninstalling the filter program
(apport) makes the corefiles normal size. Print a warning about that fact,
so the others potentially affected didn't have to wonder.
Change-Id: Iba4b0a2765a25100d6e24fd7f4de0e0339efd835
Signed-off-by: Andrew Yourtchenko <ayourtch@gmail.com>
|
|
virtio_free_rx_buffers uses the wrong slot in the vring to get
the buffer index. It uses desc_next. It should be last_used_idx
which is the slot number for the first valid descriptor.
Change-Id: I6b62b794f06869fbffffce45430b8b2e37b1266c
Signed-off-by: Steven <sluong@cisco.com>
|
|
Slave is now able to dequeue buffers from rx queue and enqueue them to tx queue
(zero-copy operation). Slave can produce buffers with headroom, which will allow adding
encap without copy.
Change-Id: Ia189f8de1a68be787545ed46cf78d36403e7e9bf
Signed-off-by: Jakub Grajciar <jgrajcia@cisco.com>
|
|
(re-)applied
There were several discussions in which users would expect the sessions to be deleted
if the new policy after the change does not permit them.
There is no right or wrong answer to this question - it is a policy decision.
This patch implements an idea to approach this. It uses a per-interface-per-direction counter to designate
a "policy epoch" - a period of unchanging rulesets. The moment one removes or adds an ACL applied to
an interface, this counter increments.
The newly created connections inherit the current policy epoch in a given direction.
Likewise, this counter increments if anyone updates an ACL applied to an interface.
There is also a new (so far hidden) CLI "set acl-plugin reclassify-sessions [0|1]"
(with default being 0) which allows to enable the checking of the existing sessions
against the current policy epoch in a given direction.
The session is not verified unless there is traffic hitting that session
*in the direction of the policy creation* - if the epoch has changed,
the session is deleted and within the same processing cycle is evaluated
against the ACL rule base and recreated - thus, it should allow traffic-driven
session state refresh without affecting the connectivity for the existing sessions.
If the packet is coming in the direction opposite to which the session was initially
created, the state adjustment is never done, because doing so generically
is not really possible without diving too deep into the special cases,
which may or may not work.
Change-Id: I9e90426492d4bd474b5e89ea8dfb75a7c9de2646
Signed-off-by: Andrew Yourtchenko <ayourtch@gmail.com>
|
|
Change-Id: Id2884a4c2208b4382fce56019b11e4b7fdc4275b
Signed-off-by: Maciek Konstantynowicz <mkonstan@cisco.com>
|
|
Change-Id: I1ce5106d99dd4d4b1c033d4873b4511e9a170afc
Signed-off-by: John DeNisco <jdenisco@cisco.com>
|
|
Coverity has started whining about uint32_t missing in this .h
Change-Id: I57992121c0593d6a0ada35917802d0300cf91259
Signed-off-by: Chris Luke <chrisy@flirble.org>
|
|
Do fast-rate if we are not yet synchronized with the partner.
Stop sending LACP updates as a flash in the worker thread. Just expire the
timer and let the lacp_process handle sending LACP PDU.
Change-Id: I8b36fe74e752e7f45bd4a8d70512c0341cc197a1
Signed-off-by: Steven <sluong@cisco.com>
|