Age | Commit message (Collapse) | Author | Files | Lines |
|
- autosize the ACL plugin heap size based on the number of workers
- for manual heap size setting, use the proper types (uword),
and proper format/unformat functions (unformat_memory_size)
Change-Id: I7c46134e949862a0abc9087d7232402fc5a95ad8
Signed-off-by: Andrew Yourtchenko <ayourtch@gmail.com>
|
|
Change-Id: I4851b2245f81bcf3cf5f40909c4d158a51af7068
Signed-off-by: Neale Ranns <neale.ranns@cisco.com>
|
|
private header size allows to reserve firs X bytes of payload to be
considered as private metadata. For now we just support value 0
but adding this field to address future needs without changing protocol
version.
Change-Id: Id77336584c0194a303b20210aff584c7372cba01
Signed-off-by: Damjan Marion <damarion@cisco.com>
|
|
coverity complains about statements in function A
function A
{
x % vec_len (y)
}
because vec_len (y) is a macro and may return 0 if the pointer y is null.
But coverity fails to realize the same statement vec_len (y) was already
invoked and checked in the caller of function A and punt if vec_len (y) is 0.
We can fix the coverity warning and shave off a few cpu cycles by caching
the result of vec_len (y) and pass it around to avoid calling vec_len (y)
again in multiple places.
Change-Id: I095166373abd3af3859646f860ee97c52f12fb50
Signed-off-by: Steven <sluong@cisco.com>
|
|
Change-Id: I0245263b212142858d3305b0f365d8342912dbb9
Signed-off-by: Mohsin Kazmi <sykazmi@cisco.com>
|
|
Change-Id: If3827828062a46f1cce43642535333f677f06e62
Signed-off-by: Dave Wallace <dwallacelf@gmail.com>
|
|
Changes the source of the l3 offset to a more
proper one, same as I5d9f41599ba8d8eb14ce2d9d523f82ea6e0fd10d.
Change-Id: I5ff05d7d89507ecb378a2bd62f5b149189ca9e99
Signed-off-by: Szymon Sliwa <szs@semihalf.com>
|
|
Change-Id: I007d48aeb934e5d2f087ca3b8ddc6f7a0e48d411
Signed-off-by: Neale Ranns <nranns@cisco.com>
|
|
Change-Id: Ic83971d8d9d8d0bb90a35932e60761cd728457f3
Signed-off-by: Damjan Marion <damarion@cisco.com>
|
|
Change-Id: I47768ea50140222fec54e97cbaff2049bd3cb599
Signed-off-by: Mohsin Kazmi <sykazmi@cisco.com>
|
|
Change-Id: Ic07ea5b0a7addec7b0ccfbe0570f341056e6d55b
Signed-off-by: Damjan Marion <damarion@cisco.com>
|
|
until it is needed
Registering ACL plugin user module within the "ACL as a service" infra during the plugin init
causes an unnecesary ACL heap allocation and prevents the changing of the ACL heap size
from the startup config.
Defer this registration until just before it is needed - i.e. when applying an ACL to
an interface.
Change-Id: Ied79967596b3b76d6630f136c998e59f8cdad962
Signed-off-by: Andrew Yourtchenko <ayourtch@gmail.com>
|
|
How to use:
plugins
{
plugin default {disable}
plugin dpdk_plugin.so {enable}
plugin acl_plugin.so {enable}
}
It also preserves the old behavior.
Change-Id: I9901c56d82ec4410e69c917992b78052aa6a99e0
Signed-off-by: Mohsin Kazmi <sykazmi@cisco.com>
|
|
Change-Id: Ia2532695aa9199d2a7b684aebef43df0b8235531
Signed-off-by: Jakub Grajciar <jgrajcia@cisco.com>
|
|
Change-Id: If168a9c54baaa516ecbe78de2141f11c17aa2f53
Signed-off-by: Damjan Marion <damarion@cisco.com>
|
|
Select the right segment manager for local sessions established via
global table.
Change-Id: I88ad4bf70d0cae160a0c744950098a954dfbc911
Signed-off-by: Florin Coras <fcoras@cisco.com>
|
|
Change-Id: I5a7fa3b1c247ad5611907db27835724dcd31f575
Signed-off-by: Klement Sekera <ksekera@cisco.com>
|
|
Change-Id: I2b01f73c4b10a230310a65b6f35526818bf4f76d
Signed-off-by: Klement Sekera <ksekera@cisco.com>
|
|
Change-Id: Ia87d55cad1d466a4cc624f06abbc322cddb5608c
Signed-off-by: Klement Sekera <ksekera@cisco.com>
|
|
If defined, Use MAKE_PARALLEL_JOBS as number of concurrent jobs for
build process instead of the internal calculation based on /proc/cpuinfo.
Change-Id: I18d1f526dc5c156c1cd9c9cf6dbbfd9cb8dbbad7
Signed-off-by: Klement Sekera <ksekera@cisco.com>
|
|
Change-Id: I1283960a9a49f6d70b9d7b7793cfb345c22ccdea
Signed-off-by: Klement Sekera <ksekera@cisco.com>
|
|
When a user session is allocated/reused, only increase
one of the session counters for that user if the counters
are below the per-user limit.
THis addresses a SEGV that arises after the following
sequence of events:
- an outside interface IP address is put in a pool
- a user exceeds the number of per-user translations by
an amount greater than the number of per-user translations
(nsessions + nstaticsessions > 100 + 100)
- the outside interface IP address is deleted and then added
again (observed when using DHCP client, likely happens if
address changed via CLI, API also)
- the user sends more packets that should be translated
When nsessions is > the per-user limit,
nat_session_alloc_or_recycle() reclaims the oldest existing
user session. When an outside address is deleted, the
corresponding user sessions are deleted. If the counters were
far above the per-user limit, the deletions wouldn't result
in the counters dropping back below the limit. So no session
could be reclaimed -> SEGV.
Change-Id: I940bafba0fd5385a563e2ce87534688eb9469f12
Signed-off-by: Matthew Smith <mgsmith@netgate.com>
|
|
Change-Id: Ifc9bb4ea39b504372a6a39bbf56c29761d0c6111
Signed-off-by: Neale Ranns <nranns@cisco.com>
|
|
- allow to optionally specify the specific MACIP ACL index:
'show acl-plugin macip acl [index N]'
- after showing the MACIP ACL, show the sw_if_index of
interface(s) where it is applied.
Also, add some executions of this debug commands
to the MACIP test case for easy verification.
Change-Id: I56cf8272abc20b1b2581b60d528d27a70d186b18
Signed-off-by: Andrew Yourtchenko <ayourtch@gmail.com>
|
|
Add a few dhcp client rx packet/state counters
Temporarily disable the dhcp client unit test, since it trips over the
newly-added hardware address check.
Change-Id: I7f68607e6ed3d738cba357c3fe76664a99b71cd8
Signed-off-by: Dave Barach <dave@barachs.net>
|
|
The init-path for IPSEC_AH where the CTX gets initialized is broken
since the for-loop never executes due to the wrong usage of
tm->n_vlib_mains which being subtracted by 1.
Change-Id: I4d967f52cd3ca061aa60d824d65f446e06162403
Signed-off-by: Marco Varlese <marco.varlese@suse.com>
|
|
Change-Id: Idef3c665580c13d72e99f43d16b8b13cc6ab746f
Signed-off-by: Florin Coras <fcoras@cisco.com>
|
|
Change-Id: I4b428e170436671b329657283cf7653befc85c9f
Signed-off-by: Florin Coras <fcoras@cisco.com>
|
|
Parsing the list of applied ACLs from the debug CLI output
is not a good idea, since the debug CLI can and will change.
Fix that.
Change-Id: Ia47214863f2658a54219f59cb974b5cbc536f862
Signed-off-by: Andrew Yourtchenko <ayourtch@gmail.com>
|
|
The functions which get called by other plugins need to set the acl plugin heap,
such that the other plugins do not have to think about it.
Change-Id: I673073f17116ffe444c163bf3dff40821d0c2686
Signed-off-by: Andrew Yourtchenko <ayourtch@gmail.com>
|
|
Change-Id: Ic689de569e5b6e6209d16d6acdb13c489daca1f5
Signed-off-by: Klement Sekera <ksekera@cisco.com>
|
|
Change-Id: I3e4bbfe205c86cb0839dd5c542f083dbe6bea881
Signed-off-by: Matus Fabian <matfabia@cisco.com>
|
|
There was no test coverage for a scenario of an interface having an
ACL and that interface being deleted. Add a basic sanity test which
applies an ACL to an interface and then deletes that interface.
Change-Id: Ib6462e02cf69f1173125ac2481c608f68eb389ac
Signed-off-by: Andrew Yourtchenko <ayourtch@gmail.com>
|
|
During the testing of 94f9a6de3f706243d138e05b63fef1d5c8174f6c
I realized there was no test coverage for the cases where
the ACLs are added then modified while having beein applied.
This change adds some simple shuffling to l2l3 ACL test set,
whereby after each of the ACLs being applied, a few extra ACLs
are applied at the front and the back of the list, and are changed
several times, the base for the changes being the set of all the
ACEs that are being applied previously.
After these few shuffles, the routine restores the applied ACLs
and proceeds to the test as usual.
Change-Id: Ieda2aa5b7963746d62484e54719309de9c1ee752
Signed-off-by: Andrew Yourtchenko <ayourtch@gmail.com>
|
|
Change-Id: Ic2eddc803f9ba8215e37388a686004830211cf6f
Signed-off-by: Neale Ranns <neale.ranns@cisco.com>
|
|
We were only puting one packet per frame to the output node. Change to
buffer multiple packets per frame. Performance is now on top of dpdk-based
bonding.
Put a spinlock in the tx thread in case the rug is pulled under us.
Change-Id: Ifda5af086a984a7301972cd6c8e428217f676a95
Signed-off-by: Steven <sluong@cisco.com>
|
|
Change-Id: I57b2ec35d9629fb5336c1ccfa4c6c849df118f7b
Signed-off-by: Mohsin Kazmi <sykazmi@cisco.com>
|
|
Change-Id: Iacb32e6e855f7b77108154d956ef27ee141bbde0
Signed-off-by: Dave Barach <dave@barachs.net>
|
|
Change-Id: Ide8bf41e24a427643a3a17b1c9089993790c12a6
Signed-off-by: Dave Barach <dave@barachs.net>
|
|
This reverts commit 378ac0533e5ac8c3121d8f66ba61a8548e55282f.
Change-Id: If34b1c964453adb0e4c44e3eab4f6e306bd9c9e9
Signed-off-by: Damjan Marion <damarion@cisco.com>
|
|
other plugins
This code implements the functionality required for other plugins wishing
to perform ACL lookups in the contexts of their choice, rather than only
in the context of the interface in/out.
The lookups are the stateless ACLs - there is no concept of "direction"
within the context, hence no concept of "connection" either.
The plugins need to include the
The file acl_lookup_context.md has more info.
Change-Id: I91ba97428cc92b24d1517e808dc2fd8e56ea2f8d
Signed-off-by: Andrew Yourtchenko <ayourtch@gmail.com>
|
|
Change-Id: Ia0f659b810f2c79b1a6c98ce566a86ce413c7448
Signed-off-by: Mohsin Kazmi <sykazmi@cisco.com>
|
|
Do not translate packet which go out via nat44-in2out-output and was tranlated
in nat44-out2in before. On way back forward packet to nat44-in2out node.
Change-Id: I934d69856f0178c86ff879bc691c9e074b8485c8
Signed-off-by: Matus Fabian <matfabia@cisco.com>
|
|
In version 1 of the protocol sender was always ring producer and
receiver was consumer. In version 2 slave is always producer,
and in case of master-to-slave rings, slave is responsible for
populating ring with empty buffers.
As this is major change, we need to bump version number.
In addition, descriptor size is reduced to 16 bytes.
This change allows zero-copy-slave operation (to be privided in the separate
patch).
Change-Id: I02115d232f455ffc05c0bd247f7d03f47252cfaf
Signed-off-by: Damjan Marion <damarion@cisco.com>
Signed-off-by: Jakub Grajciar <jgrajcia@cisco.com>
|
|
Change-Id: I31c6a0a1d11b5b12d8a5c32c29fea9618b1a53d4
Signed-off-by: Dave Barach <dave@barachs.net>
|
|
Change-Id: I6fdb9e7b718c696f7352541f90026cf60f11338f
Signed-off-by: Mohsin Kazmi <sykazmi@cisco.com>
|
|
This fixes issue with unaligned vector access on gcc-7.
As udp_encap_t is declared as cacheline aligned, alloc also need to be.
Change-Id: Ic30876911baf2c22c135097490075fa7bcf0ca18
Signed-off-by: Damjan Marion <damarion@cisco.com>
|
|
- Show interface on which given MACIP ACL is applied
- index is added for show acl-plugin macip acl:
ex) show acl-plugin macip acl [index N]
Change-Id: I3e888c8e3267060fe157dfc1bbe3e65371bd858a
Signed-off-by: Steve Shin <jonshin@cisco.com>
|
|
Add bonding driver to support creation of bond interface which composes of
multiple slave interfaces. The slave interfaces could be physical interfaces,
or just any virtual interfaces. For example, memif interfaces.
The syntax to create a bond interface is
create bond mode <lacp | xor | acitve-backup | broadcast | round-robin>
To enslave an interface to the bond interface,
enslave interface TenGigabitEthernet6/0/0 to BondEthernet0
Please see src/plugins/lacp/lacp_doc.md for more examples and additional
options.
LACP is a control plane protocol which manages and monitors the status of
the slave interfaces. The protocol is part of 802.3ad standard. This patch
implements LACPv1. LACPv2 is not supported.
To enable LACP on the bond interface, specify "mode lacp" when the bond
interface is created. The syntax to enslave a slave interface is the same as
other bonding modes.
Change-Id: I06581d3b87635972f9f0e1ec50b67560fc13e26c
Signed-off-by: Steven <sluong@cisco.com>
|
|
Change-Id: I469a734747099cef2d135d77e4db0244e24bf0bc
Signed-off-by: Dave Barach <dbarach@cisco.com>
|