summaryrefslogtreecommitdiffstats
path: root/src/plugins/acl
AgeCommit message (Collapse)AuthorFilesLines
2021-03-25acl: fix the integer overflow bug in API message length validation logicAndrew Yourtchenko1-4/+4
Sending the bogus acl_add_replace message with count=~0 will result in an overflow of "expected_len" field which is a u32, thus the message will pass the validation when it should not. Solution - make the expected_len a u64 to avoid overflow. The bug was found while experimenting with libfuzzer as part of https://gerrit.fd.io/r/c/vpp/+/31763 Type: fix Change-Id: I4a866d48f2418148236f1b1d77c487b869c7c43d Signed-off-by: Andrew Yourtchenko <ayourtch@gmail.com>
2021-02-08tests: allow for externally supplied VPP workers config for testsAndrew Yourtchenko1-0/+2
Allow to supply the external VPP worker config for tests which do not specify the workers config explicitly, and use the tags infra to flag those that need attention in this configuration. This commit shows one example use of such a tag, there will be a separate commit with the rest of the places needing it, since that change is rather mechanical. Thus, the assumption is that the test should by default be agnostic of the VPP configuration, unless it explicitly specifies so. Type: test Change-Id: I3c0077e4e22a75cb9561fb98d3b783b93486b2be Signed-off-by: Andrew Yourtchenko <ayourtch@gmail.com>
2021-01-20acl: replace glibc internal __bswap_64 with clibNathan Moos1-1/+2
Type: fix In order to build VPP as a package for an embedded Yocto-based distribution, this patch replaces the use of the glibc internal __bswap_64 function with the VPP function clib_net_to_host_u64, which is provided by vppinfra. Change-Id: I3ecc8525861dc3441bce2b51aa4c80f9a62d3051 Signed-off-by: Nathan Moos <nmoos@cisco.com>
2021-01-11acl: fix tag C-string overflowBenoît Ganne1-5/+14
tag is expected to be a null-terminated C-string Type: fix Change-Id: I633719068c37eac395cc30a6a314c00848e9cdca Signed-off-by: Benoît Ganne <bganne@cisco.com>
2021-01-06acl: fix cli tag parsingBenoît Ganne1-1/+5
- tag is expected to be 64-bytes - when specifying tag on cli, a vector is allocated. Make sure it is freed Type: fix Change-Id: Id1741fe406819ca9f71edb081d4483f52cae547d Signed-off-by: Benoît Ganne <bganne@cisco.com>
2020-12-14misc: refactor clib_bitmap_foreach macroDamjan Marion1-2/+2
Type: refactor Change-Id: I077110e1a422722e20aa546a6f3224c06ab0cde5 Signed-off-by: Damjan Marion <damarion@cisco.com>
2020-12-14misc: move to new pool_foreach macrosDamjan Marion3-30/+30
Type: refactor Change-Id: Ie67dc579e88132ddb1ee4a34cb69f96920101772 Signed-off-by: Damjan Marion <damarion@cisco.com>
2020-12-14api: add missing version infoPaul Vinciguerra1-0/+1
Type: fix Change-Id: I269214e3eae72e837f25ee61d714556d976d410f Signed-off-by: Paul Vinciguerra <pvinci@vinciconsulting.com>
2020-12-04acl: fix acl-plugin testcases packet countingAndrew Yourtchenko1-2/+3
Counter checks in ACL tests were incorrect if VPP is running with multiple workers Change-Id: Id095d55c6cd3bfee8aaac6d177984e569e87d29b Type: fix Signed-off-by: Andrew Yourtchenko <ayourtch@gmail.com>
2020-11-25api: vat2 and json autogeneration for api messagesOle Troan5-462/+50
VAT2: A completely auto-generated replacement of VAT. Reads input message in JSON from stdin and outputs received messages in JSON. A VAT2 plugin is automatically built for a .api file. There no longer a need for a separate _test.c. Example: vat2 show_version {} { "_msgname": "show_version_reply", "retval": 0, "program": "vpe", "version": "21.01-rc0~411-gf6eb348a6", "build_date": "2020-11-19T09:49:25", "build_directory": "/vpp/autogen3" } vat2 sw_interface_dump '{"sw_if_index": -1, "name_filter_valid": 0, "name_filter": ""}' [{ "_msgname": "sw_interface_details", "sw_if_index": 0, "sup_sw_if_index": 0, "l2_address": "00:00:00:00:00:00", "flags": "Invalid ENUM", "type": "IF_API_TYPE_HARDWARE", "link_duplex": "LINK_DUPLEX_API_UNKNOWN", "link_speed": 0, "link_mtu": 0, "mtu": [0, 0, 0, 0], "sub_id": 0, "sub_number_of_tags": 0, "sub_outer_vlan_id": 0, "sub_inner_vlan_id": 0, "sub_if_flags": "Invalid ENUM", "vtr_op": 0, "vtr_push_dot1q": 0, "vtr_tag1": 0, "vtr_tag2": 0, "outer_tag": 0, "b_dmac": "00:00:00:00:00:00", "b_smac": "00:00:00:00:00:00", "b_vlanid": 0, "i_sid": 0, "interface_name": "local0", "interface_dev_type": "local", "tag": "" }] This is the first phase and vat2 is not integrated in packaging yet. Type: feature Signed-off-by: Ole Troan <ot@cisco.com> Change-Id: Ib45ddeafb180ea7da8c5dc274a9274d7a4edc876 Signed-off-by: Ole Troan <ot@cisco.com>
2020-10-19misc: don't export symbols from pluginsDamjan Marion1-1/+2
Type: improvement Change-Id: I2a176fe2871d2e54b010bffc4f1f7a3616f0c455 Signed-off-by: Damjan Marion <damarion@cisco.com>
2020-10-16acl: do vlib_buffer_enqueue_to_next in outer functionDamjan Marion1-8/+11
Improves compilation time and reduces object file size for 1MB Type: improvement Change-Id: Ibe4840c0ced22070248d93822ea61afe20aff65c Signed-off-by: Damjan Marion <damarion@cisco.com>
2020-10-09acl: move nonip nodes to separate fileDamjan Marion3-221/+296
Type: refactor Change-Id: Idcef8effa86d6421e4b3e5f747695ddb2982e78f Signed-off-by: Damjan Marion <damarion@cisco.com>
2020-10-07misc: Purge unused pg includesNeale Ranns3-3/+0
Type: style Signed-off-by: Neale Ranns <nranns@cisco.com> Change-Id: I26a19e42076e031ec5399d5ca05cb49fd6fbe1cd
2020-09-21acl: remove custom ACL-plugin heapAndrew Yourtchenko7-232/+17
Custom ACL-plugin heap was useful in early stages, but it interferes with other infra optimizations. Remove it and use global heap. Change-Id: I2300548f1d1798dec27bc5a2a41cf37f9fcda95d Type: improvement Signed-off-by: Andrew Yourtchenko <ayourtch@gmail.com>
2020-08-13acl: use the global heap when allocating the lookup contextAndrew Yourtchenko1-0/+3
The "ACL as a service" lookup infra is shared, so a global heap must be used. Type: fix Signed-off-by: Andrew Yourtchenko <ayourtch@gmail.com> Change-Id: I86894254b737392c1968b6a581b5a37590376428
2020-07-23acl: correct acl vat help messageLijian.Zhang1-2/+2
"ipv4"/"ipv6" option is not supported in acl_add_replace and macip_acl_add_replace vat api. Update its help message per actual api usage. Type: fix Change-Id: I8d34fac5f98bd78a46a5e98df05cd35182988dd8 Signed-off-by: Lijian Zhang <Lijian.Zhang@arm.com> Reviewed-by: Jieqiang Wang <Jieqiang.Wang@arm.com> Reviewed-by: Govindarajan Mohandoss <Govindarajan.Mohandoss@arm.com>
2020-06-16misc: fix sonarclound warningsDave Barach1-1/+4
Type: fix Ticket: VPP-1888 Signed-off-by: Dave Barach <dave@barachs.net> Change-Id: I9c2fb926a5e010658088a74051c8c3462ff61734
2020-04-28tests: move defaults from defaultmapping to .api filesPaul Vinciguerra1-6/+6
facilitates use of papi beyond the tests. Type: improvement Change-Id: I3d502d9130b81a7fb65ee69bb06fe55802b28a27 Signed-off-by: Paul Vinciguerra <pvinci@vinciconsulting.com>
2020-04-24acl: ACL creation CLI parsing fixNeale Ranns1-2/+4
Type: fix Signed-off-by: Neale Ranns <nranns@cisco.com> Change-Id: I026f0d8385b538e543bae0c1f7e56e49e4713ba1
2020-04-08acl: fix unresolved symbol for format_fib_prefix in vat pluginNeale Ranns1-8/+8
Type: fix Change-Id: I5bf8d6043a49985b9241df8ff24774892678b557 Signed-off-by: Neale Ranns <nranns@cisco.com>
2020-03-27acl: API cleanupJakub Grajciar11-784/+1014
Use consistent API types. Type: fix Signed-off-by: Jakub Grajciar <jgrajcia@cisco.com> Change-Id: I09fa6c1b6917936351bd376b56c414ce24488095 Signed-off-by: Jakub Grajciar <jgrajcia@cisco.com>
2020-03-26acl: revert acl: api cleanupOle Trøan11-1012/+699
This reverts commit aad1ee149403994194cf37cef4530b042ba7df3a. Reason for revert: Verify failure. Doesn't build. Type: fix Change-Id: I91b1b26ac43edde4853e4561a0083d0b3a06efee Signed-off-by: Ole Troan <ot@cisco.com>
2020-03-26acl: API cleanupJakub Grajciar11-699/+1012
Use consistent API types. Type: fix Signed-off-by: Jakub Grajciar <jgrajcia@cisco.com> Change-Id: If90d753f129312400c4c3669bb86289d0c3e0d99 Signed-off-by: Jakub Grajciar <jgrajcia@cisco.com>
2020-03-25acl: Add CLI additionsNeale Ranns1-0/+254
Type: improvement Signed-off-by: Neale Ranns <nranns@cisco.com> Change-Id: I172d3d907f324d8cb21e73aa08ef66da029ed365
2020-02-25feature: provide a u16 version of vnet_feature_nextNeale Ranns1-3/+2
Type: improvement when using vlib_buffer_enqueue_to_next the 'nexts' parameter is an array of u16, but vnet_feautre_next takes a u32. this is a simple wrapper to address the impedence mismatch. Signed-off-by: Neale Ranns <nranns@cisco.com> Change-Id: I0fa86629e979e313344eb68442dc35a7b9537a8f
2020-02-11vppinfra: remove the historical mheap memory allocatorDave Barach2-50/+3
The mheap allocator has been turned off for several releases. This commit removes the cmake config parameter, parallel support for dlmalloc and mheap, and the mheap allocator itself. Type: refactor Signed-off-by: Dave Barach <dave@barachs.net> Change-Id: I104f88a1f06e47e90e5f7fb3e11cd1ca66467903
2020-01-13acl: Remove unsued typeNeale Ranns2-53/+31
Type: style and add some indent offs. Change-Id: I31cf3ab9ff9b64d2cd1f2034dcedd4a9c453efb4 Signed-off-by: Neale Ranns <nranns@cisco.com>
2020-01-08acl: add FEATURE.yamlAndrew Yourtchenko1-0/+26
Change-Id: If6f13e7962c27f35528058224928def927fff19f Type: docs Signed-off-by: Andrew Yourtchenko <ayourtch@gmail.com>
2019-12-17ip: Protocol Independent IP NeighborsNeale Ranns2-4/+3
Type: feature - ip-neighbour: generic neighbour handling; APIs, DBs, event handling, aging - arp: ARP protocol implementation - ip6-nd; IPv6 neighbor discovery implementation; separate ND, MLD, RA - ip6-link; manage link-local addresses - l2-arp-term; events separated from IP neighbours, since they are not the same. vnet retains just enough education to perform ND/ARP packet construction. arp and ip6-nd to be moved to plugins soon. Change-Id: I88dedd0006b299344f4c7024a0aa5baa6b9a8bbe Signed-off-by: Neale Ranns <nranns@cisco.com>
2019-12-14tests: changes for scapy 2.4.3 migrationsnaramre1-1/+1
Type: fix Change-Id: I7e041b666dabd90df23a920a1f1d99db4c10ddfe Signed-off-by: snaramre <snaramre@cisco.com>
2019-12-03classify: API cleanupJakub Grajciar1-90/+8
Use consistent API types. Type: fix Change-Id: Ib5b1efa76f0a9cecc0bc146f8f8a47c2442fc1db Signed-off-by: Jakub Grajciar <jgrajcia@cisco.com> Signed-off-by: Ole Troan <ot@cisco.com> Signed-off-by: Paul Vinciguerra <pvinci@vinciconsulting.com>
2019-11-05misc: Fix python scripts shebang lineRenato Botelho do Couto5-5/+5
Type: fix Since CentOS 8, RPM build script doesn't accept '#!/usr/bin/env python' as a valid shebang line. It requires scripts to explicitly chose between python2 or python3. Change all to use python3 as suggested by Paul Vinciguerra. Depends-On: https://gerrit.fd.io/r/23170 Signed-off-by: Renato Botelho do Couto <renato@netgate.com> Change-Id: Ie72af9f60fd0609e07f05b70f8d96e738b2754d1
2019-10-31acl: add missing square brackets to vat_help option in acl apiJieqiang Wang1-2/+2
Add the missing right square brackets to remove ambiguity in vat_help option for acl_add_replace and macip_acl_add_replace api. Type: fix Change-Id: I2679d8ce163d23a0e513afdfdb87434cbb673c74 Signed-off-by: Jieqiang.Wang <Jieqiang.Wang@arm.com>
2019-10-21acl: l2 classify test support python3Ole Troan1-2/+2
Type: fix Signed-off-by: Ole Troan <ot@cisco.com> Change-Id: I3b2e57e3dcf04ae50724b5909272b083d6003a85
2019-10-17tests: python3 changes for span and aclplugin testsnaramre2-7/+7
Type: fix Change-Id: Ia9f74f951f831cc5c9b5af863db1bb3f7a1a81ff Signed-off-by: snaramre <snaramre@cisco.com>
2019-10-10acl: remove api boilerplateOle Troan5-172/+44
Type: refactor Signed-off-by: Ole Troan <ot@cisco.com> Change-Id: Idc9c508eb0e3d4b0c3908360fb0771012a8e2bc0
2019-10-03acl: fix intermittent test failureAndrew Yourtchenko1-9/+9
ACL tests use random port number in the tests. A port number 6081 causes the decode in scapy to consume some of the Raw payload into GENEVE encoding, which breaks the test. Solution: bring up the lower range of random port to 16384, so that it does not touch any of the well known ports. Type: test Change-Id: I022660d8ec147857924b436f1871b0b5ddcf4c47 Signed-off-by: Andrew Yourtchenko <ayourtch@gmail.com>
2019-09-27acl: remove api boilerplateOle Troan2-92/+12
Type: refactor Signed-off-by: Ole Troan <ot@cisco.com> Change-Id: I5701b7d6d5e1423fb0004f7e48815cd672f81e4d
2019-09-16api: autogenerate api trace print/endianOle Troan3-1/+55
In addition to the external vppapitrace tool, VPP itself supports dumping of API trace files. In two formats, "custom-dump" and "dump". "dump" gives a human friendly list, and "custom-dump" is meant to give a list of commands that can be fed to VAT. This patch only deals with "dump". Prior to this fix, auto-generation was only done for the basic types. This fix adds support for any type, including lists, and supports pretty-printing of enums, strings, IP addresses, MAC addresses and so on. Usage: api trace dump <api-trace-file> For example Change-Id: I4e485680e6dcfce7489299ae6cf31d835071ac40 ---------- trace 48 ----------- vl_api_sw_interface_set_flags_t: _vl_msg_id: 75 client_index: 0 context: 10 sw_if_index: 1 flags: IF_STATUS_API_FLAG_ADMIN_UP ---------- trace 49 ----------- vl_api_sw_interface_add_del_address_t: _vl_msg_id: 88 client_index: 0 context: 11 sw_if_index: 1 is_add: 1 del_all: 0 prefix: 172.16.1.1/24 ---------- trace 51 ----------- vl_api_cli_inband_t: _vl_msg_id: 819 client_index: 0 context: 13 cmd: packet-generator capture pg0 pcap /tmp/vpp-unittest-TestMAP-YhcmDX/pg0_out.pcap disable ---------- trace 58 ----------- vl_api_ip_neighbor_add_del_t: _vl_msg_id: 199 client_index: 0 context: 20 is_add: 1 neighbor: sw_if_index: 2 flags: IP_API_NEIGHBOR_FLAG_NONE mac_address: 0202.0000.ff02 ip_address: fd01:2::2 Signed-off-by: Ole Troan <ot@cisco.com> Change-Id: I5556d06008de2762e7c2d35a8b0963ae670b3db1 Type: fix Signed-off-by: Ole Troan <ot@cisco.com> Signed-off-by: Ole Troan <ot@cisco.com> Signed-off-by: Ole Troan <ot@cisco.com> Signed-off-by: Ole Troan <ot@cisco.com> Signed-off-by: Ole Troan <ot@cisco.com> Signed-off-by: Ole Troan <ot@cisco.com> Signed-off-by: Ole Troan <ot@cisco.com> Signed-off-by: Ole Troan <ot@cisco.com>
2019-08-28acl: perform a sanity check of ACL rules before creating ACLAndrew Yourtchenko1-0/+81
Adding acl with incorrect arguments like 1.1.1.1/24 (instead of 1.1.1.0/24) don't cause a disaster, but doesn't match either, as some might expect. Add an explicit sanity check which returns an error. Type: fix Change-Id: Id1601f4b9c9887d3e7e70aac419d1f1de0c0e012 Signed-off-by: Andrew Yourtchenko <ayourtch@gmail.com>
2019-08-22tests: move plugin tests to src/plugins/*/testDave Wallace5-0/+4785
- Relocate plugin tests for 'make test' into src/plugins/*/test so that plugin test cases are co-located with the plugin source code. Type: refactor Signed-off-by: Dave Wallace <dwallacelf@gmail.com> Change-Id: I503e6a43528e14981799b735fa65674155713f67 Signed-off-by: Dave Wallace <dwallacelf@gmail.com>
2019-08-20vppapigen: remove support for legacy typedefsPaul Vinciguerra2-57/+2
vppapigen has remapped legacy to typedefs behind the scenes for some time now. - update .api files to use new style typedefs. - issue error on 'typeonly define' in .api files - remove unneeded macros redefining vl_noop_handler Type: refactor Change-Id: I7a8c4a6dafacee6a131f95cd0e9b03a8c60dea8b Signed-off-by: Paul Vinciguerra <pvinci@vinciconsulting.com>
2019-08-16acl: fix stats-segment counters validation on acl updateAndrew Yourtchenko2-8/+46
The stats-segment validation/clear logic for acl counters was wrong, fix it. Also add the code to the unittests to cover that case, add a vat command to enable/disable counters, clean up the unnecessary endian conversion and remove the stray clib_warning() Change-Id: I421297a92e4aeb885c468c72a97cec25981df615 Type: fix Ticket: VPP-1744 Fixes: f995c7122ba0d024b17bc3232e8edd18d5e25088 Signed-off-by: Andrew Yourtchenko <ayourtch@gmail.com> (cherry picked from commit 4c945dacb9ff9da731301feb26b1edb4ac00e8bd)
2019-07-29api acl: breakout acl_types.api for reuse by othersPaul Vinciguerra2-79/+101
Type: refactor Change-Id: I40518ccddcb78e58f7e6a098c27d9ec53e5a1146 Signed-off-by: Paul Vinciguerra <pvinci@vinciconsulting.com>
2019-07-24acl: implement countersAndrew Yourtchenko5-9/+183
implement per-acl-number counters in the stats segment. They are created during the ACL creation, the counters are incremented in the dataplane using the new inline function with the extra parameter being the packet size. Counting in shared segment adds a noticeable overhead, so add also an API to turn the counters on. Type: feature Change-Id: I8af7b0c31a3d986b68089eb52452aed45df66c7b Signed-off-by: Andrew Yourtchenko <ayourtch@gmail.com>
2019-07-09acl: perform the ACL-as-a-service user registrations in global heapAndrew Yourtchenko2-10/+14
Some users tend to call registration routine long before they need that service - which triggers an immediate initialization of the ACL heap, which is rather big. This commit defers this process by keeping the registrations in the global heap. Change-Id: I5825871bd836851942b55184b6ee2657c7a9cc33 Type: fix Signed-off-by: Andrew Yourtchenko <ayourtch@gmail.com>
2019-07-09vat: unload unused vat pluginsDave Barach1-18/+2
If the corresponding vpp plugin is absent, return a non-zero clib_error_t * from vat_plugin_register ("xxx plugin not loaded"). The vat plugin calls dlclose on the vat plugin, and it disappears. Depending on the plugin configuration, this can reduce the vpp virtual size by several gigabytes. Added a VAT_PLUGIN(<plugin-name>) macro to vat_helper_macros, clean up boilerplate vat_plugin_register() implementations. Fixed a number of non-standard vat_plugin_register methods. Type: refactor Change-Id: Iac908e5af7d5497c78d6aa9c3c51cdae08374045 Signed-off-by: Dave Barach <dave@barachs.net>
2019-05-03plugins: clean up plugin descriptionsDave Wallace1-1/+1
- Make plugin descriptions more consistent so the output of "show plugin" can be used in the wiki. Change-Id: I4c6feb11e7dcc5a4cf0848eed37f1d3b035c7dda Signed-off-by: Dave Wallace <dwallacelf@gmail.com>
2019-04-10API: Fix shared memory only action handlers.Ole Troan1-7/+5
Some API action handlers called vl_msg_ai_send_shmem() directly. That breaks Unix domain socket API transport. A couple (bond / vhost) also tried to send a sw_interface_event directly, but did not send the message to all that had registred interest. That scheme never worked correctly. Refactored and improved the interface event code. Change-Id: Idb90edfd8703c6ae593b36b4eeb4d3ed7da5c808 Signed-off-by: Ole Troan <ot@cisco.com>