vpp - Vector Packet Processing

Age	Commit message (Collapse)	Author	Files	Lines
2019-05-31	VPP-1640 - Missing rules in vpp-selinux-policy	Billy McFall	1	-1/+2
	SELinux exceptions occurring for host interfaces and with the vmxnet3 driver. Change-Id: Ia22bd82572acfa07ae287a755830abe1413f9939 Signed-off-by: Billy McFall <bmcfall@redhat.com>
2019-05-31	VPP-1679 - SElinux rules are not set accordingly	Billy McFall	1	-2/+4
	Updates to the VPP SELinux policy to support the MLX5 DPDK driver. Change-Id: I089ede88a5e9c4152178f8cf9be5ee14d8a9130f Signed-off-by: Billy McFall <bmcfall@redhat.com>
2019-05-31	VPP-1640 - Missing rules in vpp-selinux-policy	Billy McFall	1	-0/+212
	Add additional section to the SELinux documentation to describe how to collect debug information when SELinux issues are encountered. This is purely a documentation change. Note: Merged seperate from SELinux Policy change in case policy change needs to be cherry-picked to older releases. Change-Id: I7ba3d3c7d84171b503d956eb01e13a680b4d53fc Signed-off-by: Billy McFall <bmcfall@redhat.com>
2019-02-19	VPP-1504: Remove JVPP	Michal Cmarada	1	-1/+0
	As part of JVPP migration this removes JVPP completely from VPP. Change-Id: I6b74e7961aa474ae471e63fe43a624cd9fc3659b Signed-off-by: Michal Cmarada <mcmarada@cisco.com>
2018-03-14	VPP-1197: SELinux: 'create tap' (vhost-net backend TAP) fails when	Billy McFall	1	-0/+2
	SELinux is enable Update the SELinux Policy to allow management of the new vhost-net backend TAP interface. Change-Id: I2d0633a7fce2ee2a4d6e0008ab13599647c14f42 Signed-off-by: Billy McFall <bmcfall@redhat.com>
2018-02-28	Fix SELinux capabilities. Creating a tap interface with 'tap connect' was ↵	Victor Nguyen -T (victong2 - OTHERWISE PORTAGE at Cisco)	1	-2/+2
	returning an error when VPP was launched as a service (tested on CentOS 7.3). Adding 'net_admin' to SELinux capabilities for VPP solves the issue. Change-Id: Icd0529b49adb86e7b371283a6f39af03816951c5 Signed-off-by: Victor Nguyen <victong2@cisco.com>
2018-01-30	VPP-899: Run VPP under SELinux	Billy McFall	4	-0/+457
	Add an SELinux profile such that VPP can run under SELinux on RPM based platforms. The SELinux Policy is currently only implemented for RPM packages, specifically, Fedora, CentOS and RHEL. Doxygen User Documentation has been included (selinux_doc.md). Once some discussion on file locations has completed (see vpp-devlist), updates to the Debug CLI documentation will also need to be updated. Additional changes: Patch Set 2: - Rework selinux_doc.md such that each line is only 80 characters instead of each sentence on a line. Made additonal minor chnages to the text. - Update vHost Debug CLI documentation to reflex new socket location. Cleaned up some text from when I originally wrote it, to better reflex proper use. - Update exec Debug CLI documentation to be more inline with suggested helptext, added text regarding recommended script file location. - For Debian builds, create the /var/log/vpp/ directory. I don't use Debian very much, so please pay extra attention to build-data/platforms.mk and build-root/deb/debian/.gitignore. - Per discussion on VPP call, changed the default log location to /var/log/vpp/vpp.log. - Changed the socket location for vHost in AutoConfig to /var/run/vpp/. Patch Set 3: - Update selinux_doc.md based on comments. Change-Id: I400520dc33f1ca51012d09ef8fe5a7b7b96c631e Signed-off-by: Billy McFall <bmcfall@redhat.com>

/* * Copyright (c) 2016 Cisco and/or its affiliates. * Licensed under the Apache License, Version 2.0 (the "License"); * you may not use this file except in compliance with the License. * You may obtain a copy of the License at: * * http://www.apache.org/licenses/LICENSE-2.0 * * Unless required by applicable law or agreed to in writing, software * distributed under the License is distributed on an "AS IS" BASIS, * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. * See the License for the specific language governing permissions and * limitations under the License. */ #ifndef __FIB_PATH_LIST_H__ #define __FIB_PATH_LIST_H__ #include <vlib/vlib.h> #include <vnet/adj/adj.h> #include "fib_node.h" #include "fib_path.h" /** * Enumeration of path-list flags. */ typedef enum fib_path_list_attribute_t_ { /** * Marker. Add new flags after this one. */ FIB_PATH_LIST_ATTRIBUTE_FIRST = 0, /** * This path list is shareable. Shareable path-lists * are inserted into the path-list data-base. * All path-list are inherently shareable, the reason we share some and * not others is to limit the size of the path-list database. This DB must * be searched for each route update. */ FIB_PATH_LIST_ATTRIBUTE_SHARED = FIB_PATH_LIST_ATTRIBUTE_FIRST, /** * explicit drop path-list. Used when the entry source needs to * force a drop, despite the fact the path info is present. */ FIB_PATH_LIST_ATTRIBUTE_DROP, /** * explicit local path-list. */ FIB_PATH_LIST_ATTRIBUTE_LOCAL, /** * exclusive path-list. Exclusive means the path will resolve via the * exclusive (user provided) adj. */ FIB_PATH_LIST_ATTRIBUTE_EXCLUSIVE, /** * resolved path-list */ FIB_PATH_LIST_ATTRIBUTE_RESOLVED, /** * looped path-list. one path looped implies the whole list is */ FIB_PATH_LIST_ATTRIBUTE_LOOPED, /** * no uRPF - do not generate unicast RPF list for this path-list */ FIB_PATH_LIST_ATTRIBUTE_NO_URPF, /** * Marher. Add new flags before this one, and then update it. */ FIB_PATH_LIST_ATTRIBUTE_LAST = FIB_PATH_LIST_ATTRIBUTE_LOOPED, } fib_path_list_attribute_t; typedef enum fib_path_list_flags_t_ { FIB_PATH_LIST_FLAG_NONE = 0, FIB_PATH_LIST_FLAG_SHARED = (1 << FIB_PATH_LIST_ATTRIBUTE_SHARED), FIB_PATH_LIST_FLAG_DROP = (1 << FIB_PATH_LIST_ATTRIBUTE_DROP), FIB_PATH_LIST_FLAG_LOCAL = (1 << FIB_PATH_LIST_ATTRIBUTE_LOCAL), FIB_PATH_LIST_FLAG_EXCLUSIVE = (1 << FIB_PATH_LIST_ATTRIBUTE_EXCLUSIVE), FIB_PATH_LIST_FLAG_RESOLVED = (1 << FIB_PATH_LIST_ATTRIBUTE_RESOLVED), FIB_PATH_LIST_FLAG_LOOPED = (1 << FIB_PATH_LIST_ATTRIBUTE_LOOPED), FIB_PATH_LIST_FLAG_NO_URPF = (1 << FIB_PATH_LIST_ATTRIBUTE_NO_URPF), } fib_path_list_flags_t; #define FIB_PATH_LIST_ATTRIBUTES { \ [FIB_PATH_LIST_ATTRIBUTE_SHARED] = "shared", \ [FIB_PATH_LIST_ATTRIBUTE_RESOLVED] = "resolved", \ [FIB_PATH_LIST_ATTRIBUTE_DROP] = "drop", \ [FIB_PATH_LIST_ATTRIBUTE_EXCLUSIVE] = "exclusive", \ [FIB_PATH_LIST_ATTRIBUTE_LOCAL] = "local", \ [FIB_PATH_LIST_ATTRIBUTE_LOOPED] = "looped", \ [FIB_PATH_LIST_ATTRIBUTE_NO_URPF] = "no-uRPF", \ } #define FOR_EACH_PATH_LIST_ATTRIBUTE(_item) \ for (_item = FIB_PATH_LIST_ATTRIBUTE_FIRST; \ _item <= FIB_PATH_LIST_ATTRIBUTE_LAST; \ _item++) extern fib_node_index_t fib_path_list_create(fib_path_list_flags_t flags, const fib_route_path_t *paths); extern fib_node_index_t fib_path_list_create_special(fib_protocol_t nh_proto, fib_path_list_flags_t flags, const dpo_id_t *dpo); extern fib_node_index_t fib_path_list_copy_and_path_add( fib_node_index_t pl_index, fib_path_list_flags_t flags, const fib_route_path_t *path); extern fib_node_index_t fib_path_list_copy_and_path_remove( fib_node_index_t pl_index, fib_path_list_flags_t flags, const fib_route_path_t *path); extern u32 fib_path_list_get_n_paths(fib_node_index_t pl_index); extern void fib_path_list_contribute_forwarding(fib_node_index_t path_list_index, fib_forward_chain_type_t type, dpo_id_t *dpo); extern void fib_path_list_contribute_urpf(fib_node_index_t path_index, index_t urpf); extern index_t fib_path_list_get_urpf(fib_node_index_t path_list_index); extern index_t fib_path_list_get_adj(fib_node_index_t path_list_index, fib_forward_chain_type_t type); extern u32 fib_path_list_child_add(fib_node_index_t pl_index, fib_node_type_t type, fib_node_index_t child_index); extern void fib_path_list_child_remove(fib_node_index_t pl_index, fib_node_index_t sibling_index); extern void fib_path_list_back_walk(fib_node_index_t pl_index, fib_node_back_walk_ctx_t *ctx); extern void fib_path_list_lock(fib_node_index_t pl_index); extern void fib_path_list_unlock(fib_node_index_t pl_index); extern int fib_path_list_recursive_loop_detect(fib_node_index_t path_list_index, fib_node_index_t **entry_indicies); extern u32 fib_path_list_get_resolving_interface(fib_node_index_t path_list_index); extern int fib_path_list_is_looped(fib_node_index_t path_list_index); extern fib_protocol_t fib_path_list_get_proto(fib_node_index_t path_list_index); extern u8 * fib_path_list_format(fib_node_index_t pl_index, u8 * s); extern u8 * fib_path_list_adjs_format(fib_node_index_t pl_index, u32 indent, u8 * s); extern index_t fib_path_list_lb_map_add_or_lock(fib_node_index_t pl_index, const fib_node_index_t *pis); /** * A callback function type for walking a path-list's paths */ typedef int (*fib_path_list_walk_fn_t)(fib_node_index_t pl_index, fib_node_index_t path_index, void *ctx); extern void fib_path_list_walk(fib_node_index_t pl_index, fib_path_list_walk_fn_t func, void *ctx); extern void fib_path_list_module_init(void); extern void fib_path_list_module_init(void); /* * functions for testing. */ u32 fib_path_list_pool_size(void); u32 fib_path_list_db_size(void); #endif