summaryrefslogtreecommitdiffstats
path: root/src/plugins/acl
AgeCommit message (Collapse)AuthorFilesLines
2024-07-03acl: cli addition to set macip rulesSanjyot Vaidya1-0/+211
This change is used to add cli command for macip acl rules. Cli commands added for addition and deletion of rule. Type: improvement Change-Id: I28adba0193a904f6c130c81cd19bb6de47f517a9 Signed-off-by: Sanjyot Vaidya <Sanjyot.Vaidya@arm.com>
2024-05-07api: add to_net parameter to endian messagesOle Troan1-16/+19
The VPP API auto-generated endian conversion functions are intended to be symmetrical. They are used both by the API client and the API server. Called on send to convert from host endian to network endian and on receive to convert back. For variable length arrays, we have to iterate over the array and call a more specific handler for the array type. Unfortunately the length of the array is part of the api definition, and if it's endian swapped prior to the for loop, unexpected behaviour will ensue. There was an earlier fix, for some specific messages, but unfortunately that only fixed the problem from the VPP (server) side. This adds a new parameters to the endian handler, so the boundary argument to the loop can be treated differently depending on if this message is to the network or from the network. Type: fix Change-Id: I43011aed384e3b847579a1dd2c390867ae17a9ad Signed-off-by: Ole Troan <otroan@employees.org>
2024-05-02acl: add missing byteswap header for muslEric Sun1-0/+2
On glibc this builds fine; on musl the byteswap header doesn't seem to be included properly. This change adds it, fixing the build. Type: fix Change-Id: I402812409395d471357b6317084774afba39548f Signed-off-by: Eric Sun <esun@meraki.com> Signed-off-by: Pierre Pfister <ppfister@cisco.com>
2024-04-24misc: fix int/enum mismatch errors reported by gcc-14Damjan Marion1-2/+3
Type: fix Change-Id: I80e90cab8e2e9fef837779e36e0256baf791b801 Signed-off-by: Damjan Marion <damarion@cisco.com>
2024-04-09acl: Use clib_net_to_host rather than library bswapTom Jones1-3/+3
Type: improvement Change-Id: I51345fb75843c67c6bf6a4c56380e1f0899c45b1 Signed-off-by: Tom Jones <thj@freebsd.org>
2024-03-28acl: rework headers to enable out-of-tree usageMohammed Hawari4-8/+19
Change-Id: I1f8adf1f5650ab6c04e03c95d7a8d0bfa39b5f2d Type: improvement Signed-off-by: Mohammed Hawari <mohammed@hawari.fr>
2024-03-12misc: remove GNU Indent directivesDamjan Marion5-42/+0
Type: refactor Change-Id: I5235bf3e9aff58af6ba2c14e8c6529c4fc9ec86c Signed-off-by: Damjan Marion <damarion@cisco.com>
2023-01-17acl: CLI allow replace, allow deletionPim van Pelt1-8/+66
Allow the CLI caller to specify an optional [index <idx>] index, which will remove the ACL at that index. This mimicks the API behavior, Add a 'delete acl-plugin acl index <idx>' to mimick the API acl_del call, which will refuse to delete a non-existent index, as well as an index that is referenced by an interface. Type: improvement Signed-off-by: pim@ipng.nl Change-Id: I5f240f7a4e3bca14e8122917e8a5186d80094de2
2022-11-22acl: fix set acl-plugin cli unformat free.Huawei LI1-1/+2
Type: fix Signed-off-by: Huawei LI <lihuawei_zzu@163.com> Change-Id: Icb5450f4bd0eaef7684eb7e3816d1d6051e889d7
2022-11-09acl: verify that src and dst have sane and same address familyAndrew Yourtchenko1-1/+5
API refactoring moved the address-family tag from rule level down to prefix level. This necessarily warrants the check that they are the same. Also, add a check that the address family is sane. Change-Id: Ia63b688cc9e7c9e9cc773e89708d9e9f99185fb7 Type: fix Signed-off-by: Andrew Yourtchenko <ayourtch@gmail.com>
2022-09-26api: replace print functions wth formatDamjan Marion2-3/+0
Type: improvement Change-Id: I7f7050c19453a69a7fb6c5e62f8f57db847d9144 Signed-off-by: Damjan Marion <damarion@cisco.com>
2022-05-16acl: memory leak in acl_fa_session_cleaner_processSteven Luong1-0/+1
The statement pw0->pending_clear_sw_if_index_bitmap = clib_bitmap_dup (pw0->serviced_sw_if_index_bitmap); will cause pw0->pending_clear_sw_if_index_bitmap's previous vector to be gone. Need to free it prior to calling clib_bitmap_dup() Type: fix Signed-off-by: Steven Luong <sluong@cisco.com> Change-Id: I20de780e73daea7be17efa0bf660af2592cd4680
2022-04-04vppinfra: make _vec_len() read-onlyDamjan Marion4-19/+18
Use of _vec_len() to set vector length breaks address sanitizer. Users should use vec_set_len(), vec_inc_len(), vec_dec_len () instead. Type: improvement Change-Id: I441ae948771eb21c23a61f3ff9163bdad74a2cb8 Signed-off-by: Damjan Marion <damarion@cisco.com>
2022-04-04vlib: remove unused fieldsDamjan Marion1-8/+0
Type: refactor Change-Id: I449fcea92a1c96dd7dd0bcad893060ad1c614351 Signed-off-by: Damjan Marion <damarion@cisco.com>
2021-10-13docs: convert plugins doc md->rstNathan Skrzypczak6-714/+735
Type: improvement Change-Id: I7e821cce1feae229e1be4baeed249b9cca658135 Signed-off-by: Nathan Skrzypczak <nathan.skrzypczak@gmail.com>
2021-10-06docs: more nitfixesNathan Skrzypczak1-8/+7
Type: fix Change-Id: I41455e1cdc62e7c0baa148630b0701b042f3b156 Signed-off-by: Nathan Skrzypczak <nathan.skrzypczak@gmail.com>
2021-08-26acl: fix prefetch out of struct bound on ArmTianyu Li1-1/+1
fa_session_t *sess; CLIB_PREFETCH (sess, 2 * CLIB_CACHE_LINE_BYTES, STORE); sizeof(fa_session_t) is 128 bytes i) on 64B cacheline size Arm machine, above CLIB_PREFETCH () macro will be expand to __builtin_prefetch(sess) __builtin_prefetch(sess + 64) __builtin_prefetch(sess + 128) << prefetch is out of range of *sess. __builtin_prefetch(sess + 192) << ii) on 128B cacheline size Arm machine, CLIB_PREFETCH () expands to __builtin_prefetch(sess) __builtin_prefetch(sess + 128) << still out of bound Solution: Change to CLIB_PREFETCH (sess, sizeof(*sess), STORE); Type: fix Signed-off-by: Tianyu Li <tianyu.li@arm.com> Reviewed-by: Lijian Zhang <lijian.zhang@arm.com> Change-Id: I4b3d4fc55747f3d9ad1bcf24f8834601a03ef55e
2021-08-19acl: add API call for setting the toggle to select between linear and ↵Andrew Yourtchenko3-1/+148
bihash-based lookups In some cases (ACL of a few lines long with a lot of different subnet masks), linear lookup may be more efficient than the hash-based lookup. Expose the API to allow the control plane to choose what lookup algorithm to use. Type: improvement Change-Id: I540dd1b4ce63c5106a556d550f911f3a578b33e0 Signed-off-by: Andrew Yourtchenko <ayourtch@gmail.com>
2021-07-15acl: Fix the CLI to accept IPv6 prefixesNeale Ranns1-16/+5
Type: fix DBGvpp# set acl-plugin acl src 1::1/128 dst 2::/64 DBGvpp# sh acl-plugin acl acl-index 0 count 1 tag {cli} 0: ipv4 permit src 1.1.1.1/32 dst 1.1.1.2/32 proto 0 sport 0-65535 dport 0-65535 acl-index 1 count 1 tag {cli} 0: ipv6 permit src 1::1/128 dst 2::/64 proto 0 sport 0-65535 dport 0-65535 Signed-off-by: Neale Ranns <neale@graphiant.com> Change-Id: Ibb8e20dd4ec2792f423a61eefe7398175e45a577
2021-07-15misc: replace CLIB_PREFETCH with clib_prefetch_{load,store}Damjan Marion1-1/+1
Type: refactor Change-Id: Id10cbf52e8f2dd809080a228d8fa282308be84ac Signed-off-by: Damjan Marion <damarion@cisco.com>
2021-07-13misc: fix init order to avoid startup warningsBin Zhou (bzhou2)1-6/+4
Put plugin init order inside plugin instead of in vnet Type: improvement Signed-off-by: Bin Zhou (bzhou2) <bzhou2@cisco.com> Change-Id: Icbacdb3f1cb4ac9d74e3f78458e8bc333793b4d6
2021-05-13tests: move test source to vpp/testDave Wallace6-5069/+0
- Generate copyright year and version instead of using hard-coded data Type: refactor Signed-off-by: Dave Wallace <dwallacelf@gmail.com> Change-Id: I6058f5025323b3aa483f5df4a2c4371e27b5914e
2021-03-26vlib: introduce vlib_get_main_by_index(), vlib_get_n_threads()Damjan Marion3-7/+8
Type: improvement Change-Id: If3da7d4338470912f37ff1794620418d928fb77f Signed-off-by: Damjan Marion <damarion@cisco.com>
2021-03-25acl: fix the integer overflow bug in API message length validation logicAndrew Yourtchenko1-4/+4
Sending the bogus acl_add_replace message with count=~0 will result in an overflow of "expected_len" field which is a u32, thus the message will pass the validation when it should not. Solution - make the expected_len a u64 to avoid overflow. The bug was found while experimenting with libfuzzer as part of https://gerrit.fd.io/r/c/vpp/+/31763 Type: fix Change-Id: I4a866d48f2418148236f1b1d77c487b869c7c43d Signed-off-by: Andrew Yourtchenko <ayourtch@gmail.com>
2021-02-08tests: allow for externally supplied VPP workers config for testsAndrew Yourtchenko1-0/+2
Allow to supply the external VPP worker config for tests which do not specify the workers config explicitly, and use the tags infra to flag those that need attention in this configuration. This commit shows one example use of such a tag, there will be a separate commit with the rest of the places needing it, since that change is rather mechanical. Thus, the assumption is that the test should by default be agnostic of the VPP configuration, unless it explicitly specifies so. Type: test Change-Id: I3c0077e4e22a75cb9561fb98d3b783b93486b2be Signed-off-by: Andrew Yourtchenko <ayourtch@gmail.com>
2021-01-20acl: replace glibc internal __bswap_64 with clibNathan Moos1-1/+2
Type: fix In order to build VPP as a package for an embedded Yocto-based distribution, this patch replaces the use of the glibc internal __bswap_64 function with the VPP function clib_net_to_host_u64, which is provided by vppinfra. Change-Id: I3ecc8525861dc3441bce2b51aa4c80f9a62d3051 Signed-off-by: Nathan Moos <nmoos@cisco.com>
2021-01-11acl: fix tag C-string overflowBenoît Ganne1-5/+14
tag is expected to be a null-terminated C-string Type: fix Change-Id: I633719068c37eac395cc30a6a314c00848e9cdca Signed-off-by: Benoît Ganne <bganne@cisco.com>
2021-01-06acl: fix cli tag parsingBenoît Ganne1-1/+5
- tag is expected to be 64-bytes - when specifying tag on cli, a vector is allocated. Make sure it is freed Type: fix Change-Id: Id1741fe406819ca9f71edb081d4483f52cae547d Signed-off-by: Benoît Ganne <bganne@cisco.com>
2020-12-14misc: refactor clib_bitmap_foreach macroDamjan Marion1-2/+2
Type: refactor Change-Id: I077110e1a422722e20aa546a6f3224c06ab0cde5 Signed-off-by: Damjan Marion <damarion@cisco.com>
2020-12-14misc: move to new pool_foreach macrosDamjan Marion3-30/+30
Type: refactor Change-Id: Ie67dc579e88132ddb1ee4a34cb69f96920101772 Signed-off-by: Damjan Marion <damarion@cisco.com>
2020-12-14api: add missing version infoPaul Vinciguerra1-0/+1
Type: fix Change-Id: I269214e3eae72e837f25ee61d714556d976d410f Signed-off-by: Paul Vinciguerra <pvinci@vinciconsulting.com>
2020-12-04acl: fix acl-plugin testcases packet countingAndrew Yourtchenko1-2/+3
Counter checks in ACL tests were incorrect if VPP is running with multiple workers Change-Id: Id095d55c6cd3bfee8aaac6d177984e569e87d29b Type: fix Signed-off-by: Andrew Yourtchenko <ayourtch@gmail.com>
2020-11-25api: vat2 and json autogeneration for api messagesOle Troan5-462/+50
VAT2: A completely auto-generated replacement of VAT. Reads input message in JSON from stdin and outputs received messages in JSON. A VAT2 plugin is automatically built for a .api file. There no longer a need for a separate _test.c. Example: vat2 show_version {} { "_msgname": "show_version_reply", "retval": 0, "program": "vpe", "version": "21.01-rc0~411-gf6eb348a6", "build_date": "2020-11-19T09:49:25", "build_directory": "/vpp/autogen3" } vat2 sw_interface_dump '{"sw_if_index": -1, "name_filter_valid": 0, "name_filter": ""}' [{ "_msgname": "sw_interface_details", "sw_if_index": 0, "sup_sw_if_index": 0, "l2_address": "00:00:00:00:00:00", "flags": "Invalid ENUM", "type": "IF_API_TYPE_HARDWARE", "link_duplex": "LINK_DUPLEX_API_UNKNOWN", "link_speed": 0, "link_mtu": 0, "mtu": [0, 0, 0, 0], "sub_id": 0, "sub_number_of_tags": 0, "sub_outer_vlan_id": 0, "sub_inner_vlan_id": 0, "sub_if_flags": "Invalid ENUM", "vtr_op": 0, "vtr_push_dot1q": 0, "vtr_tag1": 0, "vtr_tag2": 0, "outer_tag": 0, "b_dmac": "00:00:00:00:00:00", "b_smac": "00:00:00:00:00:00", "b_vlanid": 0, "i_sid": 0, "interface_name": "local0", "interface_dev_type": "local", "tag": "" }] This is the first phase and vat2 is not integrated in packaging yet. Type: feature Signed-off-by: Ole Troan <ot@cisco.com> Change-Id: Ib45ddeafb180ea7da8c5dc274a9274d7a4edc876 Signed-off-by: Ole Troan <ot@cisco.com>
2020-10-19misc: don't export symbols from pluginsDamjan Marion1-1/+2
Type: improvement Change-Id: I2a176fe2871d2e54b010bffc4f1f7a3616f0c455 Signed-off-by: Damjan Marion <damarion@cisco.com>
2020-10-16acl: do vlib_buffer_enqueue_to_next in outer functionDamjan Marion1-8/+11
Improves compilation time and reduces object file size for 1MB Type: improvement Change-Id: Ibe4840c0ced22070248d93822ea61afe20aff65c Signed-off-by: Damjan Marion <damarion@cisco.com>
2020-10-09acl: move nonip nodes to separate fileDamjan Marion3-221/+296
Type: refactor Change-Id: Idcef8effa86d6421e4b3e5f747695ddb2982e78f Signed-off-by: Damjan Marion <damarion@cisco.com>
2020-10-07misc: Purge unused pg includesNeale Ranns3-3/+0
Type: style Signed-off-by: Neale Ranns <nranns@cisco.com> Change-Id: I26a19e42076e031ec5399d5ca05cb49fd6fbe1cd
2020-09-21acl: remove custom ACL-plugin heapAndrew Yourtchenko7-232/+17
Custom ACL-plugin heap was useful in early stages, but it interferes with other infra optimizations. Remove it and use global heap. Change-Id: I2300548f1d1798dec27bc5a2a41cf37f9fcda95d Type: improvement Signed-off-by: Andrew Yourtchenko <ayourtch@gmail.com>
2020-08-13acl: use the global heap when allocating the lookup contextAndrew Yourtchenko1-0/+3
The "ACL as a service" lookup infra is shared, so a global heap must be used. Type: fix Signed-off-by: Andrew Yourtchenko <ayourtch@gmail.com> Change-Id: I86894254b737392c1968b6a581b5a37590376428
2020-07-23acl: correct acl vat help messageLijian.Zhang1-2/+2
"ipv4"/"ipv6" option is not supported in acl_add_replace and macip_acl_add_replace vat api. Update its help message per actual api usage. Type: fix Change-Id: I8d34fac5f98bd78a46a5e98df05cd35182988dd8 Signed-off-by: Lijian Zhang <Lijian.Zhang@arm.com> Reviewed-by: Jieqiang Wang <Jieqiang.Wang@arm.com> Reviewed-by: Govindarajan Mohandoss <Govindarajan.Mohandoss@arm.com>
2020-06-16misc: fix sonarclound warningsDave Barach1-1/+4
Type: fix Ticket: VPP-1888 Signed-off-by: Dave Barach <dave@barachs.net> Change-Id: I9c2fb926a5e010658088a74051c8c3462ff61734
2020-04-28tests: move defaults from defaultmapping to .api filesPaul Vinciguerra1-6/+6
facilitates use of papi beyond the tests. Type: improvement Change-Id: I3d502d9130b81a7fb65ee69bb06fe55802b28a27 Signed-off-by: Paul Vinciguerra <pvinci@vinciconsulting.com>
2020-04-24acl: ACL creation CLI parsing fixNeale Ranns1-2/+4
Type: fix Signed-off-by: Neale Ranns <nranns@cisco.com> Change-Id: I026f0d8385b538e543bae0c1f7e56e49e4713ba1
2020-04-08acl: fix unresolved symbol for format_fib_prefix in vat pluginNeale Ranns1-8/+8
Type: fix Change-Id: I5bf8d6043a49985b9241df8ff24774892678b557 Signed-off-by: Neale Ranns <nranns@cisco.com>
2020-03-27acl: API cleanupJakub Grajciar11-784/+1014
Use consistent API types. Type: fix Signed-off-by: Jakub Grajciar <jgrajcia@cisco.com> Change-Id: I09fa6c1b6917936351bd376b56c414ce24488095 Signed-off-by: Jakub Grajciar <jgrajcia@cisco.com>
2020-03-26acl: revert acl: api cleanupOle Trøan11-1012/+699
This reverts commit aad1ee149403994194cf37cef4530b042ba7df3a. Reason for revert: Verify failure. Doesn't build. Type: fix Change-Id: I91b1b26ac43edde4853e4561a0083d0b3a06efee Signed-off-by: Ole Troan <ot@cisco.com>
2020-03-26acl: API cleanupJakub Grajciar11-699/+1012
Use consistent API types. Type: fix Signed-off-by: Jakub Grajciar <jgrajcia@cisco.com> Change-Id: If90d753f129312400c4c3669bb86289d0c3e0d99 Signed-off-by: Jakub Grajciar <jgrajcia@cisco.com>
2020-03-25acl: Add CLI additionsNeale Ranns1-0/+254
Type: improvement Signed-off-by: Neale Ranns <nranns@cisco.com> Change-Id: I172d3d907f324d8cb21e73aa08ef66da029ed365
2020-02-25feature: provide a u16 version of vnet_feature_nextNeale Ranns1-3/+2
Type: improvement when using vlib_buffer_enqueue_to_next the 'nexts' parameter is an array of u16, but vnet_feautre_next takes a u32. this is a simple wrapper to address the impedence mismatch. Signed-off-by: Neale Ranns <nranns@cisco.com> Change-Id: I0fa86629e979e313344eb68442dc35a7b9537a8f
2020-02-11vppinfra: remove the historical mheap memory allocatorDave Barach2-50/+3
The mheap allocator has been turned off for several releases. This commit removes the cmake config parameter, parallel support for dlmalloc and mheap, and the mheap allocator itself. Type: refactor Signed-off-by: Dave Barach <dave@barachs.net> Change-Id: I104f88a1f06e47e90e5f7fb3e11cd1ca66467903