aboutsummaryrefslogtreecommitdiffstats
AgeCommit message (Expand)AuthorFilesLines
2024-02-18vppinfra: Provide FreeBSD implementation of clib_mem functionsTom Jones2-0/+476
2024-02-18build: Add FreeBSD as a supported platform for cmakeTom Jones1-5/+11
2024-02-18vnet: Provide platform specific if_tap headersTom Jones2-0/+8
2024-02-18vnet: Only build tap on LinuxTom Jones1-0/+2
2024-02-18vpp: Add platform specific headers for socket and inetTom Jones2-0/+10
2024-02-17tcp: retransmit fins in last-ackFlorin Coras2-2/+2
2024-02-16udp: unregister ports on all cleanupsFlorin Coras1-4/+3
2024-02-16vppapitrace: Fixed trace dump API result issue.Denys Haryachyy1-2/+2
2024-02-15hs-test: shortened interface names to avoid character limitadrianvillin13-43/+47
2024-02-15tls: mark ho done atomically after ctx initFlorin Coras1-1/+2
2024-02-15session: postpone ct cleanup if rx evt pendingFlorin Coras1-3/+4
2024-02-15build: add fib configuring optionBenoît Ganne1-0/+14
2024-02-15hs-test: improved loggingadrianvillin10-41/+94
2024-02-14tests: refactor virtual interface testsNaveen Joy17-98/+718
2024-02-14tls: fix compilation errorNiyaz Murshed1-1/+2
2024-02-14ikev2: dump state and profile name in CLI and APIDenys Haryachyy6-2/+344
2024-02-13vcl: fix epollet test for unhandled evtsFlorin Coras1-1/+1
2024-02-13svm: Add FreeBSD specific signal handling pathTom Jones1-0/+5
2024-02-13vppinfra: Put clib_perf* behind Linux checks and provide stubs for FreeBSDTom Jones2-0/+38
2024-02-13vppinfra: Add netlink header on FreeBSDTom Jones1-1/+3
2024-02-13vppinfra: Protect Linux specific features behind CLIB_LINUXTom Jones1-2/+4
2024-02-13build: Limit external libraries on FreeBSDTom Jones1-0/+10
2024-02-13svm: Include stdint on FreeBSDTom Jones1-0/+3
2024-02-13vppinfra: Make program counter printing more portableTom Jones1-0/+8
2024-02-13vnet: Don't use __unused for struct paddingTom Jones1-1/+1
2024-02-13vppinfra: Add a stubbed out test_perf function for FreeBSDTom Jones1-0/+6
2024-02-13vppinfra: MAP_HUGETLB isn't available on FreeBSDTom Jones1-0/+2
2024-02-13vppinfra: Only prealloc hugepages on LinuxTom Jones1-0/+2
2024-02-13vppinfra: Don't build perfmon on FreeBSDTom Jones1-3/+4
2024-02-13vppinfra: Place SIGPWR behind a linux defineTom Jones1-0/+2
2024-02-12fib: contention with DP on deleting a routeSteven Luong1-0/+1
2024-02-12af_packet : fix crash on interface creationhsandid1-4/+6
2024-02-12buffers: bring back cache occupancy improvementVratko Polak1-0/+4
2024-02-12ip_session_redirect: export symbolsBenoît Ganne2-2/+5
2024-02-09ikev2: accept rekey request for IKE SAAtzm Watanabe4-48/+417
2024-02-07udp: add cli to dump transport portsFlorin Coras1-0/+92
2024-02-02session: guard session lookup table allocsFlorin Coras2-0/+37
2024-02-02vlib: flush rpcs on worker syncFlorin Coras1-0/+1
2024-02-02vlib api: move wrkr rpc flushing to vlibFlorin Coras5-21/+18
2024-01-31tls: set app closed flag in frameworkFlorin Coras2-2/+1
2024-01-31tls: convert ctx fields to connection flagsFlorin Coras5-36/+40
2024-01-30linux-cp: add add_del_v3 and get_v2 methodsAnton Nikolaev2-6/+108
2024-01-29api: provide api definition over apiOle Troan10-29/+968
2024-01-29hs-test: update docs on debuggingFilip Tehlar1-0/+15
2024-01-29hs-test: use relative paths for docker volumesFilip Tehlar7-17/+22
2024-01-29ip: don't export useless error counters for ip6 rewriteArthur de Kerhor2-2/+4
2024-01-26hs-test: updated golang and packagesadrianvillin3-31/+38
2024-01-25udp: update rx sw_if_index to ip-local selected oneFlorin Coras1-0/+4
2024-01-24misc: Initial 24.06-rc0 commitv24.06-rc0Andrew Yourtchenko2-1/+1
2024-01-23vppinfra: fix clib_array_mask_u32 OOB readsDmitry Valter2-7/+28
lass="p">][sw_if_index] = ~0; } return 0; } int vnet_set_input_acl_intfc (vlib_main_t * vm, u32 sw_if_index, u32 ip4_table_index, u32 ip6_table_index, u32 l2_table_index, u32 is_add) { return vnet_set_in_out_acl_intfc (vm, sw_if_index, ip4_table_index, ip6_table_index, l2_table_index, is_add, IN_OUT_ACL_INPUT_TABLE_GROUP); } int vnet_set_output_acl_intfc (vlib_main_t * vm, u32 sw_if_index, u32 ip4_table_index, u32 ip6_table_index, u32 l2_table_index, u32 is_add) { return vnet_set_in_out_acl_intfc (vm, sw_if_index, ip4_table_index, ip6_table_index, l2_table_index, is_add, IN_OUT_ACL_OUTPUT_TABLE_GROUP); } static clib_error_t * set_in_out_acl_command_fn (vlib_main_t * vm, unformat_input_t * input, vlib_cli_command_t * cmd, u32 is_output) { vnet_main_t *vnm = vnet_get_main (); u32 sw_if_index = ~0; u32 ip4_table_index = ~0; u32 ip6_table_index = ~0; u32 l2_table_index = ~0; u32 is_add = 1; u32 idx_cnt = 0; int rv; while (unformat_check_input (input) != UNFORMAT_END_OF_INPUT) { if (unformat (input, "intfc %U", unformat_vnet_sw_interface, vnm, &sw_if_index)) ; else if (unformat (input, "ip4-table %d", &ip4_table_index)) idx_cnt++; else if (unformat (input, "ip6-table %d", &ip6_table_index)) idx_cnt++; else if (unformat (input, "l2-table %d", &l2_table_index)) idx_cnt++; else if (unformat (input, "del")) is_add = 0; else break; } if (sw_if_index == ~0) return clib_error_return (0, "Interface must be specified."); if (!idx_cnt) return clib_error_return (0, "Table index should be specified."); if (idx_cnt > 1) return clib_error_return (0, "Only one table index per API is allowed."); rv = vnet_set_in_out_acl_intfc (vm, sw_if_index, ip4_table_index, ip6_table_index, l2_table_index, is_add, is_output); switch (rv) { case 0: break; case VNET_API_ERROR_NO_MATCHING_INTERFACE: return clib_error_return (0, "No such interface"); case VNET_API_ERROR_NO_SUCH_ENTRY: return clib_error_return (0, "No such classifier table"); } return 0; } static clib_error_t * set_input_acl_command_fn (vlib_main_t * vm, unformat_input_t * input, vlib_cli_command_t * cmd) { return set_in_out_acl_command_fn (vm, input, cmd, IN_OUT_ACL_INPUT_TABLE_GROUP); } static clib_error_t * set_output_acl_command_fn (vlib_main_t * vm, unformat_input_t * input, vlib_cli_command_t * cmd) { return set_in_out_acl_command_fn (vm, input, cmd, IN_OUT_ACL_OUTPUT_TABLE_GROUP); } /* * Configure interface to enable/disble input/output ACL features: * intfc - interface name to be configured as input ACL * Ip4-table <index> [del] - enable/disable IP4 input ACL * Ip6-table <index> [del] - enable/disable IP6 input ACL * l2-table <index> [del] - enable/disable Layer2 input ACL * * Note: Only one table index per API call is allowed. * */ /* *INDENT-OFF* */ VLIB_CLI_COMMAND (set_input_acl_command, static) = { .path = "set interface input acl", .short_help = "set interface input acl intfc <int> [ip4-table <index>]\n" " [ip6-table <index>] [l2-table <index>] [del]", .function = set_input_acl_command_fn, }; VLIB_CLI_COMMAND (set_output_acl_command, static) = { .path = "set interface output acl", .short_help = "set interface output acl intfc <int> [ip4-table <index>]\n" " [ip6-table <index>] [l2-table <index>] [del]", .function = set_output_acl_command_fn, }; /* *INDENT-ON* */ clib_error_t * in_out_acl_init (vlib_main_t * vm) { in_out_acl_main_t *am = &in_out_acl_main; clib_error_t *error = 0; if ((error = vlib_call_init_function (vm, ip_in_out_acl_init))) return error; am->vlib_main = vm; am->vnet_main = vnet_get_main (); am->vnet_classify_main = &vnet_classify_main; return 0; } VLIB_INIT_FUNCTION (in_out_acl_init); uword unformat_acl_type (unformat_input_t * input, va_list * args) { u32 *acl_type = va_arg (*args, u32 *); u32 tid = IN_OUT_ACL_N_TABLES; while (unformat_check_input (input) != UNFORMAT_END_OF_INPUT) { if (unformat (input, "ip4")) tid = IN_OUT_ACL_TABLE_IP4; else if (unformat (input, "ip6")) tid = IN_OUT_ACL_TABLE_IP6; else if (unformat (input, "l2")) tid = IN_OUT_ACL_TABLE_L2; else break; } *acl_type = tid; return 1; } u8 * format_vnet_in_out_acl_info (u8 * s, va_list * va) { in_out_acl_main_t *am = va_arg (*va, in_out_acl_main_t *); int sw_if_idx = va_arg (*va, int); u32 tid = va_arg (*va, u32); if (tid == ~0) { s = format (s, "%10s%20s\t\t%s", "Intfc idx", "Classify table", "Interface name"); return s; } s = format (s, "%10d%20d\t\t%U", sw_if_idx, tid, format_vnet_sw_if_index_name, am->vnet_main, sw_if_idx); return s; } static clib_error_t * show_in_out_acl_command_fn (vlib_main_t * vm, unformat_input_t * input, vlib_cli_command_t * cmd, u32 is_output) { in_out_acl_main_t *am = &in_out_acl_main; u32 type = IN_OUT_ACL_N_TABLES; int i; u32 *vec_tbl; while (unformat_check_input (input) != UNFORMAT_END_OF_INPUT) { if (unformat (input, "type %U", unformat_acl_type, &type)) ; else break; } if (type == IN_OUT_ACL_N_TABLES) return clib_error_return (0, is_output ? "Invalid output ACL table type." : "Invalid input ACL table type."); vec_tbl = am->classify_table_index_by_sw_if_index[is_output][type]; if (vec_len (vec_tbl)) vlib_cli_output (vm, "%U", format_vnet_in_out_acl_info, am, ~0 /* hdr */ , ~0); else vlib_cli_output (vm, is_output ? "No output ACL tables configured" : "No input ACL tables configured"); for (i = 0; i < vec_len (vec_tbl); i++) { if (vec_elt (vec_tbl, i) == ~0) continue; vlib_cli_output (vm, "%U", format_vnet_in_out_acl_info, am, i, vec_elt (vec_tbl, i)); } return 0; } static clib_error_t * show_inacl_command_fn (vlib_main_t * vm, unformat_input_t * input, vlib_cli_command_t * cmd) { return show_in_out_acl_command_fn (vm, input, cmd, IN_OUT_ACL_INPUT_TABLE_GROUP); } static clib_error_t * show_outacl_command_fn (vlib_main_t * vm, unformat_input_t * input, vlib_cli_command_t * cmd) { return show_in_out_acl_command_fn (vm, input, cmd, IN_OUT_ACL_OUTPUT_TABLE_GROUP); } /* *INDENT-OFF* */ VLIB_CLI_COMMAND (show_inacl_command, static) = { .path = "show inacl", .short_help = "show inacl type [ip4|ip6|l2]", .function = show_inacl_command_fn, }; VLIB_CLI_COMMAND (show_outacl_command, static) = { .path = "show outacl", .short_help = "show outacl type [ip4|ip6|l2]", .function = show_outacl_command_fn, }; /* *INDENT-ON* */ /* * fd.io coding-style-patch-verification: ON * * Local Variables: * eval: (c-set-style "gnu") * End: */