summaryrefslogtreecommitdiffstats
path: root/src/plugins/acl
AgeCommit message (Collapse)AuthorFilesLines
2023-01-17acl: CLI allow replace, allow deletionPim van Pelt1-8/+66
Allow the CLI caller to specify an optional [index <idx>] index, which will remove the ACL at that index. This mimicks the API behavior, Add a 'delete acl-plugin acl index <idx>' to mimick the API acl_del call, which will refuse to delete a non-existent index, as well as an index that is referenced by an interface. Type: improvement Signed-off-by: pim@ipng.nl Change-Id: I5f240f7a4e3bca14e8122917e8a5186d80094de2
2022-11-22acl: fix set acl-plugin cli unformat free.Huawei LI1-1/+2
Type: fix Signed-off-by: Huawei LI <lihuawei_zzu@163.com> Change-Id: Icb5450f4bd0eaef7684eb7e3816d1d6051e889d7
2022-11-09acl: verify that src and dst have sane and same address familyAndrew Yourtchenko1-1/+5
API refactoring moved the address-family tag from rule level down to prefix level. This necessarily warrants the check that they are the same. Also, add a check that the address family is sane. Change-Id: Ia63b688cc9e7c9e9cc773e89708d9e9f99185fb7 Type: fix Signed-off-by: Andrew Yourtchenko <ayourtch@gmail.com>
2022-09-26api: replace print functions wth formatDamjan Marion2-3/+0
Type: improvement Change-Id: I7f7050c19453a69a7fb6c5e62f8f57db847d9144 Signed-off-by: Damjan Marion <damarion@cisco.com>
2022-05-16acl: memory leak in acl_fa_session_cleaner_processSteven Luong1-0/+1
The statement pw0->pending_clear_sw_if_index_bitmap = clib_bitmap_dup (pw0->serviced_sw_if_index_bitmap); will cause pw0->pending_clear_sw_if_index_bitmap's previous vector to be gone. Need to free it prior to calling clib_bitmap_dup() Type: fix Signed-off-by: Steven Luong <sluong@cisco.com> Change-Id: I20de780e73daea7be17efa0bf660af2592cd4680
2022-04-04vppinfra: make _vec_len() read-onlyDamjan Marion4-19/+18
Use of _vec_len() to set vector length breaks address sanitizer. Users should use vec_set_len(), vec_inc_len(), vec_dec_len () instead. Type: improvement Change-Id: I441ae948771eb21c23a61f3ff9163bdad74a2cb8 Signed-off-by: Damjan Marion <damarion@cisco.com>
2022-04-04vlib: remove unused fieldsDamjan Marion1-8/+0
Type: refactor Change-Id: I449fcea92a1c96dd7dd0bcad893060ad1c614351 Signed-off-by: Damjan Marion <damarion@cisco.com>
2021-10-13docs: convert plugins doc md->rstNathan Skrzypczak6-714/+735
Type: improvement Change-Id: I7e821cce1feae229e1be4baeed249b9cca658135 Signed-off-by: Nathan Skrzypczak <nathan.skrzypczak@gmail.com>
2021-10-06docs: more nitfixesNathan Skrzypczak1-8/+7
Type: fix Change-Id: I41455e1cdc62e7c0baa148630b0701b042f3b156 Signed-off-by: Nathan Skrzypczak <nathan.skrzypczak@gmail.com>
2021-08-26acl: fix prefetch out of struct bound on ArmTianyu Li1-1/+1
fa_session_t *sess; CLIB_PREFETCH (sess, 2 * CLIB_CACHE_LINE_BYTES, STORE); sizeof(fa_session_t) is 128 bytes i) on 64B cacheline size Arm machine, above CLIB_PREFETCH () macro will be expand to __builtin_prefetch(sess) __builtin_prefetch(sess + 64) __builtin_prefetch(sess + 128) << prefetch is out of range of *sess. __builtin_prefetch(sess + 192) << ii) on 128B cacheline size Arm machine, CLIB_PREFETCH () expands to __builtin_prefetch(sess) __builtin_prefetch(sess + 128) << still out of bound Solution: Change to CLIB_PREFETCH (sess, sizeof(*sess), STORE); Type: fix Signed-off-by: Tianyu Li <tianyu.li@arm.com> Reviewed-by: Lijian Zhang <lijian.zhang@arm.com> Change-Id: I4b3d4fc55747f3d9ad1bcf24f8834601a03ef55e
2021-08-19acl: add API call for setting the toggle to select between linear and ↵Andrew Yourtchenko3-1/+148
bihash-based lookups In some cases (ACL of a few lines long with a lot of different subnet masks), linear lookup may be more efficient than the hash-based lookup. Expose the API to allow the control plane to choose what lookup algorithm to use. Type: improvement Change-Id: I540dd1b4ce63c5106a556d550f911f3a578b33e0 Signed-off-by: Andrew Yourtchenko <ayourtch@gmail.com>
2021-07-15acl: Fix the CLI to accept IPv6 prefixesNeale Ranns1-16/+5
Type: fix DBGvpp# set acl-plugin acl src 1::1/128 dst 2::/64 DBGvpp# sh acl-plugin acl acl-index 0 count 1 tag {cli} 0: ipv4 permit src 1.1.1.1/32 dst 1.1.1.2/32 proto 0 sport 0-65535 dport 0-65535 acl-index 1 count 1 tag {cli} 0: ipv6 permit src 1::1/128 dst 2::/64 proto 0 sport 0-65535 dport 0-65535 Signed-off-by: Neale Ranns <neale@graphiant.com> Change-Id: Ibb8e20dd4ec2792f423a61eefe7398175e45a577
2021-07-15misc: replace CLIB_PREFETCH with clib_prefetch_{load,store}Damjan Marion1-1/+1
Type: refactor Change-Id: Id10cbf52e8f2dd809080a228d8fa282308be84ac Signed-off-by: Damjan Marion <damarion@cisco.com>
2021-07-13misc: fix init order to avoid startup warningsBin Zhou (bzhou2)1-6/+4
Put plugin init order inside plugin instead of in vnet Type: improvement Signed-off-by: Bin Zhou (bzhou2) <bzhou2@cisco.com> Change-Id: Icbacdb3f1cb4ac9d74e3f78458e8bc333793b4d6
2021-05-13tests: move test source to vpp/testDave Wallace6-5069/+0
- Generate copyright year and version instead of using hard-coded data Type: refactor Signed-off-by: Dave Wallace <dwallacelf@gmail.com> Change-Id: I6058f5025323b3aa483f5df4a2c4371e27b5914e
2021-03-26vlib: introduce vlib_get_main_by_index(), vlib_get_n_threads()Damjan Marion3-7/+8
Type: improvement Change-Id: If3da7d4338470912f37ff1794620418d928fb77f Signed-off-by: Damjan Marion <damarion@cisco.com>
2021-03-25acl: fix the integer overflow bug in API message length validation logicAndrew Yourtchenko1-4/+4
Sending the bogus acl_add_replace message with count=~0 will result in an overflow of "expected_len" field which is a u32, thus the message will pass the validation when it should not. Solution - make the expected_len a u64 to avoid overflow. The bug was found while experimenting with libfuzzer as part of https://gerrit.fd.io/r/c/vpp/+/31763 Type: fix Change-Id: I4a866d48f2418148236f1b1d77c487b869c7c43d Signed-off-by: Andrew Yourtchenko <ayourtch@gmail.com>
2021-02-08tests: allow for externally supplied VPP workers config for testsAndrew Yourtchenko1-0/+2
Allow to supply the external VPP worker config for tests which do not specify the workers config explicitly, and use the tags infra to flag those that need attention in this configuration. This commit shows one example use of such a tag, there will be a separate commit with the rest of the places needing it, since that change is rather mechanical. Thus, the assumption is that the test should by default be agnostic of the VPP configuration, unless it explicitly specifies so. Type: test Change-Id: I3c0077e4e22a75cb9561fb98d3b783b93486b2be Signed-off-by: Andrew Yourtchenko <ayourtch@gmail.com>
2021-01-20acl: replace glibc internal __bswap_64 with clibNathan Moos1-1/+2
Type: fix In order to build VPP as a package for an embedded Yocto-based distribution, this patch replaces the use of the glibc internal __bswap_64 function with the VPP function clib_net_to_host_u64, which is provided by vppinfra. Change-Id: I3ecc8525861dc3441bce2b51aa4c80f9a62d3051 Signed-off-by: Nathan Moos <nmoos@cisco.com>
2021-01-11acl: fix tag C-string overflowBenoît Ganne1-5/+14
tag is expected to be a null-terminated C-string Type: fix Change-Id: I633719068c37eac395cc30a6a314c00848e9cdca Signed-off-by: Benoît Ganne <bganne@cisco.com>
2021-01-06acl: fix cli tag parsingBenoît Ganne1-1/+5
- tag is expected to be 64-bytes - when specifying tag on cli, a vector is allocated. Make sure it is freed Type: fix Change-Id: Id1741fe406819ca9f71edb081d4483f52cae547d Signed-off-by: Benoît Ganne <bganne@cisco.com>
2020-12-14misc: refactor clib_bitmap_foreach macroDamjan Marion1-2/+2
Type: refactor Change-Id: I077110e1a422722e20aa546a6f3224c06ab0cde5 Signed-off-by: Damjan Marion <damarion@cisco.com>
2020-12-14misc: move to new pool_foreach macrosDamjan Marion3-30/+30
Type: refactor Change-Id: Ie67dc579e88132ddb1ee4a34cb69f96920101772 Signed-off-by: Damjan Marion <damarion@cisco.com>
2020-12-14api: add missing version infoPaul Vinciguerra1-0/+1
Type: fix Change-Id: I269214e3eae72e837f25ee61d714556d976d410f Signed-off-by: Paul Vinciguerra <pvinci@vinciconsulting.com>
2020-12-04acl: fix acl-plugin testcases packet countingAndrew Yourtchenko1-2/+3
Counter checks in ACL tests were incorrect if VPP is running with multiple workers Change-Id: Id095d55c6cd3bfee8aaac6d177984e569e87d29b Type: fix Signed-off-by: Andrew Yourtchenko <ayourtch@gmail.com>
2020-11-25api: vat2 and json autogeneration for api messagesOle Troan5-462/+50
VAT2: A completely auto-generated replacement of VAT. Reads input message in JSON from stdin and outputs received messages in JSON. A VAT2 plugin is automatically built for a .api file. There no longer a need for a separate _test.c. Example: vat2 show_version {} { "_msgname": "show_version_reply", "retval": 0, "program": "vpe", "version": "21.01-rc0~411-gf6eb348a6", "build_date": "2020-11-19T09:49:25", "build_directory": "/vpp/autogen3" } vat2 sw_interface_dump '{"sw_if_index": -1, "name_filter_valid": 0, "name_filter": ""}' [{ "_msgname": "sw_interface_details", "sw_if_index": 0, "sup_sw_if_index": 0, "l2_address": "00:00:00:00:00:00", "flags": "Invalid ENUM", "type": "IF_API_TYPE_HARDWARE", "link_duplex": "LINK_DUPLEX_API_UNKNOWN", "link_speed": 0, "link_mtu": 0, "mtu": [0, 0, 0, 0], "sub_id": 0, "sub_number_of_tags": 0, "sub_outer_vlan_id": 0, "sub_inner_vlan_id": 0, "sub_if_flags": "Invalid ENUM", "vtr_op": 0, "vtr_push_dot1q": 0, "vtr_tag1": 0, "vtr_tag2": 0, "outer_tag": 0, "b_dmac": "00:00:00:00:00:00", "b_smac": "00:00:00:00:00:00", "b_vlanid": 0, "i_sid": 0, "interface_name": "local0", "interface_dev_type": "local", "tag": "" }] This is the first phase and vat2 is not integrated in packaging yet. Type: feature Signed-off-by: Ole Troan <ot@cisco.com> Change-Id: Ib45ddeafb180ea7da8c5dc274a9274d7a4edc876 Signed-off-by: Ole Troan <ot@cisco.com>
2020-10-19misc: don't export symbols from pluginsDamjan Marion1-1/+2
Type: improvement Change-Id: I2a176fe2871d2e54b010bffc4f1f7a3616f0c455 Signed-off-by: Damjan Marion <damarion@cisco.com>
2020-10-16acl: do vlib_buffer_enqueue_to_next in outer functionDamjan Marion1-8/+11
Improves compilation time and reduces object file size for 1MB Type: improvement Change-Id: Ibe4840c0ced22070248d93822ea61afe20aff65c Signed-off-by: Damjan Marion <damarion@cisco.com>
2020-10-09acl: move nonip nodes to separate fileDamjan Marion3-221/+296
Type: refactor Change-Id: Idcef8effa86d6421e4b3e5f747695ddb2982e78f Signed-off-by: Damjan Marion <damarion@cisco.com>
2020-10-07misc: Purge unused pg includesNeale Ranns3-3/+0
Type: style Signed-off-by: Neale Ranns <nranns@cisco.com> Change-Id: I26a19e42076e031ec5399d5ca05cb49fd6fbe1cd
2020-09-21acl: remove custom ACL-plugin heapAndrew Yourtchenko7-232/+17
Custom ACL-plugin heap was useful in early stages, but it interferes with other infra optimizations. Remove it and use global heap. Change-Id: I2300548f1d1798dec27bc5a2a41cf37f9fcda95d Type: improvement Signed-off-by: Andrew Yourtchenko <ayourtch@gmail.com>
2020-08-13acl: use the global heap when allocating the lookup contextAndrew Yourtchenko1-0/+3
The "ACL as a service" lookup infra is shared, so a global heap must be used. Type: fix Signed-off-by: Andrew Yourtchenko <ayourtch@gmail.com> Change-Id: I86894254b737392c1968b6a581b5a37590376428
2020-07-23acl: correct acl vat help messageLijian.Zhang1-2/+2
"ipv4"/"ipv6" option is not supported in acl_add_replace and macip_acl_add_replace vat api. Update its help message per actual api usage. Type: fix Change-Id: I8d34fac5f98bd78a46a5e98df05cd35182988dd8 Signed-off-by: Lijian Zhang <Lijian.Zhang@arm.com> Reviewed-by: Jieqiang Wang <Jieqiang.Wang@arm.com> Reviewed-by: Govindarajan Mohandoss <Govindarajan.Mohandoss@arm.com>
2020-06-16misc: fix sonarclound warningsDave Barach1-1/+4
Type: fix Ticket: VPP-1888 Signed-off-by: Dave Barach <dave@barachs.net> Change-Id: I9c2fb926a5e010658088a74051c8c3462ff61734
2020-04-28tests: move defaults from defaultmapping to .api filesPaul Vinciguerra1-6/+6
facilitates use of papi beyond the tests. Type: improvement Change-Id: I3d502d9130b81a7fb65ee69bb06fe55802b28a27 Signed-off-by: Paul Vinciguerra <pvinci@vinciconsulting.com>
2020-04-24acl: ACL creation CLI parsing fixNeale Ranns1-2/+4
Type: fix Signed-off-by: Neale Ranns <nranns@cisco.com> Change-Id: I026f0d8385b538e543bae0c1f7e56e49e4713ba1
2020-04-08acl: fix unresolved symbol for format_fib_prefix in vat pluginNeale Ranns1-8/+8
Type: fix Change-Id: I5bf8d6043a49985b9241df8ff24774892678b557 Signed-off-by: Neale Ranns <nranns@cisco.com>
2020-03-27acl: API cleanupJakub Grajciar11-784/+1014
Use consistent API types. Type: fix Signed-off-by: Jakub Grajciar <jgrajcia@cisco.com> Change-Id: I09fa6c1b6917936351bd376b56c414ce24488095 Signed-off-by: Jakub Grajciar <jgrajcia@cisco.com>
2020-03-26acl: revert acl: api cleanupOle Trøan11-1012/+699
This reverts commit aad1ee149403994194cf37cef4530b042ba7df3a. Reason for revert: Verify failure. Doesn't build. Type: fix Change-Id: I91b1b26ac43edde4853e4561a0083d0b3a06efee Signed-off-by: Ole Troan <ot@cisco.com>
2020-03-26acl: API cleanupJakub Grajciar11-699/+1012
Use consistent API types. Type: fix Signed-off-by: Jakub Grajciar <jgrajcia@cisco.com> Change-Id: If90d753f129312400c4c3669bb86289d0c3e0d99 Signed-off-by: Jakub Grajciar <jgrajcia@cisco.com>
2020-03-25acl: Add CLI additionsNeale Ranns1-0/+254
Type: improvement Signed-off-by: Neale Ranns <nranns@cisco.com> Change-Id: I172d3d907f324d8cb21e73aa08ef66da029ed365
2020-02-25feature: provide a u16 version of vnet_feature_nextNeale Ranns1-3/+2
Type: improvement when using vlib_buffer_enqueue_to_next the 'nexts' parameter is an array of u16, but vnet_feautre_next takes a u32. this is a simple wrapper to address the impedence mismatch. Signed-off-by: Neale Ranns <nranns@cisco.com> Change-Id: I0fa86629e979e313344eb68442dc35a7b9537a8f
2020-02-11vppinfra: remove the historical mheap memory allocatorDave Barach2-50/+3
The mheap allocator has been turned off for several releases. This commit removes the cmake config parameter, parallel support for dlmalloc and mheap, and the mheap allocator itself. Type: refactor Signed-off-by: Dave Barach <dave@barachs.net> Change-Id: I104f88a1f06e47e90e5f7fb3e11cd1ca66467903
2020-01-13acl: Remove unsued typeNeale Ranns2-53/+31
Type: style and add some indent offs. Change-Id: I31cf3ab9ff9b64d2cd1f2034dcedd4a9c453efb4 Signed-off-by: Neale Ranns <nranns@cisco.com>
2020-01-08acl: add FEATURE.yamlAndrew Yourtchenko1-0/+26
Change-Id: If6f13e7962c27f35528058224928def927fff19f Type: docs Signed-off-by: Andrew Yourtchenko <ayourtch@gmail.com>
2019-12-17ip: Protocol Independent IP NeighborsNeale Ranns2-4/+3
Type: feature - ip-neighbour: generic neighbour handling; APIs, DBs, event handling, aging - arp: ARP protocol implementation - ip6-nd; IPv6 neighbor discovery implementation; separate ND, MLD, RA - ip6-link; manage link-local addresses - l2-arp-term; events separated from IP neighbours, since they are not the same. vnet retains just enough education to perform ND/ARP packet construction. arp and ip6-nd to be moved to plugins soon. Change-Id: I88dedd0006b299344f4c7024a0aa5baa6b9a8bbe Signed-off-by: Neale Ranns <nranns@cisco.com>
2019-12-14tests: changes for scapy 2.4.3 migrationsnaramre1-1/+1
Type: fix Change-Id: I7e041b666dabd90df23a920a1f1d99db4c10ddfe Signed-off-by: snaramre <snaramre@cisco.com>
2019-12-03classify: API cleanupJakub Grajciar1-90/+8
Use consistent API types. Type: fix Change-Id: Ib5b1efa76f0a9cecc0bc146f8f8a47c2442fc1db Signed-off-by: Jakub Grajciar <jgrajcia@cisco.com> Signed-off-by: Ole Troan <ot@cisco.com> Signed-off-by: Paul Vinciguerra <pvinci@vinciconsulting.com>
2019-11-05misc: Fix python scripts shebang lineRenato Botelho do Couto5-5/+5
Type: fix Since CentOS 8, RPM build script doesn't accept '#!/usr/bin/env python' as a valid shebang line. It requires scripts to explicitly chose between python2 or python3. Change all to use python3 as suggested by Paul Vinciguerra. Depends-On: https://gerrit.fd.io/r/23170 Signed-off-by: Renato Botelho do Couto <renato@netgate.com> Change-Id: Ie72af9f60fd0609e07f05b70f8d96e738b2754d1
2019-10-31acl: add missing square brackets to vat_help option in acl apiJieqiang Wang1-2/+2
Add the missing right square brackets to remove ambiguity in vat_help option for acl_add_replace and macip_acl_add_replace api. Type: fix Change-Id: I2679d8ce163d23a0e513afdfdb87434cbb673c74 Signed-off-by: Jieqiang.Wang <Jieqiang.Wang@arm.com>