aboutsummaryrefslogtreecommitdiffstats
path: root/src/plugins/gbp/gbp_api.c
AgeCommit message (Collapse)AuthorFilesLines
2019-10-03gbp: fix contract rule handlingBenoît Ganne1-0/+2
Fix a memory leak when removing old GBP contract rules and make sure a GBP contract rule exists when matching the corresponding ACL rule. Type: fix Fixes: 13a08cc098 Change-Id: Iba67d573e69280ad998488a7a3d3462341c68ea4 Signed-off-by: Benoît Ganne <bganne@cisco.com> (cherry picked from commit 44ca60ecdba866160bebbc6c1eb983674819d429)
2019-07-09gbp: Ownership of dynamically created vxlan-gbp tunnels managed via gbp_itfNeale Ranns1-3/+5
Type: fix This solves the ownership of vxlan-gbp tunnels. When the last reference of these goes away they need to be deleted. Currently there are two owners; gbp_itf via gef_itf and the lock held by the gbp_endpoint_location_t. The problem is that the loc removes its reference whilst the fwd still holds the gbp_itf, and things go wrong. This change moves the lifecycle management of the vxlan-gbp tunnel to the gbp_itf. When the last lock of the gbp_itf goes, so does the tunnel. now both the EP's loc and fwd can hold a lock on the gbp_itf and it's only removed when required. The other change is the management of the 'user' of the gbp_itf. Since each user can enable and disable different features, it's the job of the gbp_itf to apply the combined set. determining a unique 'uesr' from the caller was near impossible, so I moved that to the gbp_itf, and return the allocated user, hence the 'handle' that encodes both user and interface. The hash table maps from sw_if_index to pool index. Change-Id: I4c7bf4c0e5dcf33d1c545f262365e69151febcf4 Signed-off-by: Neale Ranns <nranns@cisco.com>
2019-07-08map gbp papi: match endianess of f64Paul Vinciguerra1-1/+3
clib_net_to_host_f64, clib_host_to_net_f64 are now implemented as '=', https://gerrit.fd.io/r/#/c/20406/ set papi to match. - all f64 api references are now wrapped with clib_net_to_host_f64 or clib_host_to_net_f64. IEEE f64 endianess is not defined. If clib_net_to_host_f64 and clib_host_to_net_f64 are later defined in VPP as big-endian, it is a single character change in the papi vpp_serializer. Note: This breaks the api in a manner that would not be detected by the flag day initiative. The scope is small. This only impacts map.api, which applied the u64 transformation, while the gbp api uses '='. The implementation of "=" raises issues for the papi socket implementation if used between systems of differing endianess. See Vratko's comments. - Added get_f64_endian_value() to api to allow client to verify endianess of f64's. Type: fix Depends-on: https://gerrit.fd.io/r/#/c/20484/ Change-Id: I00fc64a6557ba0190398df211aa0ea5c7eb101df Signed-off-by: Paul Vinciguerra <pvinci@vinciconsulting.com>
2019-07-08gbp: refactor policy nodesBenoît Ganne1-0/+1
Refactor both policy and policy-dpo nodes so they share the same code for contract & acl lookup and for tracing. This should help to implement new policy schemes. Type: refactor Change-Id: If5704bda708838eb01516dd39473d9bf248cfdf6 Signed-off-by: Benoît Ganne <bganne@cisco.com>
2019-07-05gbp: update gbp-ext-itf APIBenoît Ganne1-31/+4
Change gbp-ext-itf API to create anonymous ext-itf through the same API as non-anonymous instead of a new API Type: refactor Change-Id: I381ff2a5bcd55276793df78ca891334c28946cd0 Signed-off-by: Benoît Ganne <bganne@cisco.com>
2019-07-02gbp: add anonymous l3-out subnetsBenoît Ganne1-0/+6
An anonymous l3-out subnet is a locally attached l3-out subnet, and differs from regular l3-out subnets in the way adjacencies are managed. It is required for the anonymous l3-out external interfaces to correctly classify locally attached l3-out hosts. Type: feature Change-Id: Ie7bc88b1f22abc4d0b46db5f3cfbf208bc53ba5f Signed-off-by: Benoît Ganne <bganne@cisco.com>
2019-07-02gbp: add anonymous l3-out external interfacesBenoît Ganne1-1/+30
So far, GBP l3-out packets classification & policy relied on programmed EP. All traffic to/from l3-out must go through a known EP. This patch introduces a new feature where l3-out next-hops are only known by their subnets (l3-out prefixes). As there are no longer known EPs to program, an interface must be configured as external anonymous l3-out. Packets classification & policy on this interface will rely on the external subnets programmed in the BD VRF. Note that contrary to all other interfaces in a GBP BD, external anonymous l3-out interfaces have BD L2 learning turned on and rely on ARP/ND. Type: feature Change-Id: Ieedb29dff4e967d08c4301e82d06bff450a63e5f Signed-off-by: Benoît Ganne <bganne@cisco.com>
2019-07-01gbp: VRF scoped contractsNeale Ranns1-2/+11
Type: feature Change-Id: I01772cfc3a0118a5c49bf346339788824e6931b2 Signed-off-by: Neale Ranns <nranns@cisco.com>
2019-05-03plugins: clean up plugin descriptionsDave Wallace1-1/+1
- Make plugin descriptions more consistent so the output of "show plugin" can be used in the wiki. Change-Id: I4c6feb11e7dcc5a4cf0848eed37f1d3b035c7dda Signed-off-by: Dave Wallace <dwallacelf@gmail.com>
2019-04-07GBP: coverity uninitialised variable warningNeale Ranns1-1/+1
Change-Id: Ic6e23f497fd91dcb1441f9f4d88a182712e69d3f Signed-off-by: Neale Ranns <nranns@cisco.com>
2019-04-06gbp: Add gbp bd flags unit testMohsin Kazmi1-0/+6
Change-Id: I5b18cb84bec88f5514cacd2df61b5ce3c70abd77 Signed-off-by: Mohsin Kazmi <sykazmi@cisco.com>
2019-04-04GBP: Counters per-contractNeale Ranns1-8/+9
Change-Id: I28bb9e3d3ea3a99a9e24801ef5241a0099186108 Signed-off-by: Neale Ranns <nranns@cisco.com>
2019-04-04gbp: Add bd flagsMohsin Kazmi1-1/+6
Add flags for unknown unicast drop, multicast and broadcast drop and arp unicast. Change-Id: I1203137510b8bee0a20ecfe5f2efad8043d4bac6 Signed-off-by: Mohsin Kazmi <sykazmi@cisco.com>
2019-03-12GBP: contracts API fixed length of allowed ethertypesNeale Ranns1-8/+3
VAPI does not handle two VLAs in one struct. Change-Id: I259c998bef4398ead2bbb9e788350d50c2f05694 Signed-off-by: Neale Ranns <nranns@cisco.com>
2019-03-06GBP: use sclass in the DP for policyNeale Ranns1-18/+18
Change-Id: I154e18f22ec7708127b8ade98e80546ab1dcd05b Signed-off-by: Neale Ranns <nranns@cisco.com>
2019-03-06GBP: learn from ARP and L2 packetsNeale Ranns1-1/+3
Change-Id: I8af7bca566ec7c9bd2b72529d49e04c6e649b44a Signed-off-by: Neale Ranns <nranns@cisco.com>
2019-03-05GBP: per-group EP retention policyNeale Ranns1-17/+14
Change-Id: I3ed4e2e92f74f15b07fcd3e7fbc3fa8718d5249d Signed-off-by: Neale Ranns <nranns@cisco.com>
2019-01-22GBP: Sclass to src-epg conversionsNeale Ranns1-1/+5
Change-Id: Ica88268fd6a6ee01da7e9219bb4e81f22ed2fd4b Signed-off-by: Neale Ranns <nranns@cisco.com>
2019-01-09gbp: Fix coverity warningsMohsin Kazmi1-7/+10
Change-Id: Iea64d246008b298edeeae338d781b79362f42046 Signed-off-by: Mohsin Kazmi <sykazmi@cisco.com>
2018-12-24GBP: fix dump and VOM populateNeale Ranns1-2/+2
Change-Id: I5440d80333190ebac46d22eac43183939805a24b Signed-off-by: Neale Ranns <nranns@cisco.com>
2018-12-21GBP: add allowed ethertypes to contractsNeale Ranns1-2/+24
Change-Id: I74782d3b9b71a071bb500c34866a017b8ee15767 Signed-off-by: Neale Ranns <nranns@cisco.com>
2018-12-21Revert "Build issue after https://gerrit.fd.io/r/#/c/16508/."Ole Trøan1-3/+3
This reverts commit 57f170bdf9967e3f8ea6e937a70c7f86187f95a2. Change-Id: I1cab5be8b04ac881b712e67fd72ed202657fedf4 Signed-off-by: Ole Troan <ot@cisco.com>
2018-12-20Build issue after https://gerrit.fd.io/r/#/c/16508/.Paul Vinciguerra1-3/+3
CI passes without this. Change-Id: Iba542211e7b7b0e43c87a293b63a320b511c3d40 Signed-off-by: Paul Vinciguerra <pvinci@vinciconsulting.com>
2018-12-18PAPI: Add MACAddress object wrapper for vl_api_mac_address_tOle Troan1-3/+3
Change the definition of vl_api_mac_address_t to an aliased type. Change-Id: I1434f316d0fad6a099592f39bceeb8faeaf1d134 Signed-off-by: Ole Troan <ot@cisco.com>
2018-11-29GBP: l3-out subnetsNeale Ranns1-9/+86
Change-Id: Id4a20066fc5be716c61a497dfcb4d00dc1dbb28d Signed-off-by: Neale Ranns <nranns@cisco.com>
2018-11-20vom: Add support for redirect contracts in gbpMohsin Kazmi1-0/+3
Change-Id: I18543785166811ddbd628d19065d3dfad3f948e9 Signed-off-by: Mohsin Kazmi <sykazmi@cisco.com>
2018-11-15GBP: redirect contractsNeale Ranns1-23/+200
Change-Id: I463b153de93cfec29a9c15e8e84e41f6003d4c5f Signed-off-by: Neale Ranns <nranns@cisco.com>
2018-11-07GBP: Endpoints with VLAN tags and birdges that don't learnNeale Ranns1-0/+16
Change-Id: I20192f3a8f4f01f47e775746f6fde7c685f185ee Signed-off-by: Neale Ranns <nranns@cisco.com>
2018-11-07GBP Endpoint LearningNeale Ranns1-53/+443
Learning GBP endpoints over vxlan-gbp tunnels Change-Id: I1db9fda5a16802d9ad8b4efd4e475614f3b21502 Signed-off-by: Neale Ranns <neale.ranns@cisco.com>
2018-10-23c11 safe string handling supportDave Barach1-5/+5
Change-Id: Ied34720ca5a6e6e717eea4e86003e854031b6eab Signed-off-by: Dave Barach <dave@barachs.net>
2018-09-24Trivial: Clean up some typos.Paul Vinciguerra1-1/+1
Change-Id: I085615fde1f966490f30ed5d32017b8b088cfd59 Signed-off-by: Paul Vinciguerra <pvinci@vinciconsulting.com>
2018-09-11GBP Endpoint UpdatesNeale Ranns1-57/+60
- common types on the API - endpoints keyed in various ways for DP lookup - conparison functions for VPP IP address types Change-Id: If7ec0bbc5cea71fd0983fe78987d147ec1bd7ec8 Signed-off-by: Neale Ranns <neale.ranns@cisco.com>
2018-09-10vxlan-gbp: Add support for vxlan gbpMohsin Kazmi1-15/+15
This patch implements vxlan with extension of group based policy support. Change-Id: I70405bf7332c02867286da8958d9652837edd3c2 Signed-off-by: Mohsin Kazmi <sykazmi@cisco.com>
2018-07-19gbp: Add support for ACLMohsin Kazmi1-14/+9
Change-Id: I7513c41307e62068ab5d9739cac393675c6066f8 Signed-off-by: Mohsin Kazmi <sykazmi@cisco.com>
2018-04-13GBP V2Neale Ranns1-4/+226
update the GBP plugin to implement the full NAT feature set of opflex agent Change-Id: Ic06a039c889445ed0b9087fa1f292634192b0f8d Signed-off-by: Neale Ranns <neale.ranns@cisco.com>
2018-02-09GBP pluginNeale Ranns1-0/+294
Group Base Policy (GBP) defines: - endpoints: typically a VM or container that is connected to the virtual switch/router (i.e. to VPP) - endpoint-group: (EPG) a collection of endpoints - policy: rules determining which traffic can pass between EPGs a.k.a a 'contract' Here, policy is implemented via an ACL. EPG classification for transit packets is determined by: - source EPG: from the packet's input interface - destination EPG: from the packet's destination IP address. Change-Id: I7b983844826b5fc3d49e21353ebda9df9b224e25 Signed-off-by: Neale Ranns <neale.ranns@cisco.com>