Age | Commit message (Collapse) | Author | Files | Lines |
|
Fix a memory leak when removing old GBP contract rules and make sure a
GBP contract rule exists when matching the corresponding ACL rule.
Type: fix
Fixes: 13a08cc098
Change-Id: Iba67d573e69280ad998488a7a3d3462341c68ea4
Signed-off-by: Benoît Ganne <bganne@cisco.com>
(cherry picked from commit 44ca60ecdba866160bebbc6c1eb983674819d429)
|
|
Type: fix
This solves the ownership of vxlan-gbp tunnels. When the last reference of these goes away they need to be deleted. Currently there are two owners; gbp_itf via gef_itf and the lock held by the gbp_endpoint_location_t. The problem is that the
loc removes its reference whilst the fwd still holds the gbp_itf, and things go wrong.
This change moves the lifecycle management of the vxlan-gbp tunnel to the gbp_itf. When the last lock of the gbp_itf goes, so does the tunnel. now both the EP's loc and fwd can hold a lock on the gbp_itf and it's only removed when required.
The other change is the management of the 'user' of the gbp_itf. Since each user can enable and disable different features, it's the job of the gbp_itf to apply the combined set. determining a unique 'uesr' from the caller was near impossible, so I moved that to the gbp_itf, and return the allocated user, hence the 'handle' that encodes both user and interface.
The hash table maps from sw_if_index to pool index.
Change-Id: I4c7bf4c0e5dcf33d1c545f262365e69151febcf4
Signed-off-by: Neale Ranns <nranns@cisco.com>
|
|
clib_net_to_host_f64, clib_host_to_net_f64 are now implemented as '=',
https://gerrit.fd.io/r/#/c/20406/ set papi to match.
- all f64 api references are now wrapped with
clib_net_to_host_f64 or clib_host_to_net_f64.
IEEE f64 endianess is not defined. If clib_net_to_host_f64 and
clib_host_to_net_f64 are later defined in VPP as big-endian, it is
a single character change in the papi vpp_serializer.
Note: This breaks the api in a manner that would not be detected by
the flag day initiative. The scope is small. This only impacts map.api,
which applied the u64 transformation, while the gbp api uses '='.
The implementation of "=" raises issues for the papi socket implementation
if used between systems of differing endianess. See Vratko's comments.
- Added get_f64_endian_value() to api to allow client to verify endianess of f64's.
Type: fix
Depends-on: https://gerrit.fd.io/r/#/c/20484/
Change-Id: I00fc64a6557ba0190398df211aa0ea5c7eb101df
Signed-off-by: Paul Vinciguerra <pvinci@vinciconsulting.com>
|
|
Refactor both policy and policy-dpo nodes so they share the same code
for contract & acl lookup and for tracing.
This should help to implement new policy schemes.
Type: refactor
Change-Id: If5704bda708838eb01516dd39473d9bf248cfdf6
Signed-off-by: Benoît Ganne <bganne@cisco.com>
|
|
Change gbp-ext-itf API to create anonymous ext-itf through the same API
as non-anonymous instead of a new API
Type: refactor
Change-Id: I381ff2a5bcd55276793df78ca891334c28946cd0
Signed-off-by: Benoît Ganne <bganne@cisco.com>
|
|
An anonymous l3-out subnet is a locally attached l3-out subnet, and
differs from regular l3-out subnets in the way adjacencies are managed.
It is required for the anonymous l3-out external interfaces to correctly
classify locally attached l3-out hosts.
Type: feature
Change-Id: Ie7bc88b1f22abc4d0b46db5f3cfbf208bc53ba5f
Signed-off-by: Benoît Ganne <bganne@cisco.com>
|
|
So far, GBP l3-out packets classification & policy relied on programmed
EP. All traffic to/from l3-out must go through a known EP.
This patch introduces a new feature where l3-out next-hops are only
known by their subnets (l3-out prefixes). As there are no longer known
EPs to program, an interface must be configured as external anonymous
l3-out. Packets classification & policy on this interface will rely on
the external subnets programmed in the BD VRF.
Note that contrary to all other interfaces in a GBP BD, external
anonymous l3-out interfaces have BD L2 learning turned on and rely on
ARP/ND.
Type: feature
Change-Id: Ieedb29dff4e967d08c4301e82d06bff450a63e5f
Signed-off-by: Benoît Ganne <bganne@cisco.com>
|
|
Type: feature
Change-Id: I01772cfc3a0118a5c49bf346339788824e6931b2
Signed-off-by: Neale Ranns <nranns@cisco.com>
|
|
- Make plugin descriptions more consistent
so the output of "show plugin" can be
used in the wiki.
Change-Id: I4c6feb11e7dcc5a4cf0848eed37f1d3b035c7dda
Signed-off-by: Dave Wallace <dwallacelf@gmail.com>
|
|
Change-Id: Ic6e23f497fd91dcb1441f9f4d88a182712e69d3f
Signed-off-by: Neale Ranns <nranns@cisco.com>
|
|
Change-Id: I5b18cb84bec88f5514cacd2df61b5ce3c70abd77
Signed-off-by: Mohsin Kazmi <sykazmi@cisco.com>
|
|
Change-Id: I28bb9e3d3ea3a99a9e24801ef5241a0099186108
Signed-off-by: Neale Ranns <nranns@cisco.com>
|
|
Add flags for unknown unicast drop, multicast and broadcast
drop and arp unicast.
Change-Id: I1203137510b8bee0a20ecfe5f2efad8043d4bac6
Signed-off-by: Mohsin Kazmi <sykazmi@cisco.com>
|
|
VAPI does not handle two VLAs in one struct.
Change-Id: I259c998bef4398ead2bbb9e788350d50c2f05694
Signed-off-by: Neale Ranns <nranns@cisco.com>
|
|
Change-Id: I154e18f22ec7708127b8ade98e80546ab1dcd05b
Signed-off-by: Neale Ranns <nranns@cisco.com>
|
|
Change-Id: I8af7bca566ec7c9bd2b72529d49e04c6e649b44a
Signed-off-by: Neale Ranns <nranns@cisco.com>
|
|
Change-Id: I3ed4e2e92f74f15b07fcd3e7fbc3fa8718d5249d
Signed-off-by: Neale Ranns <nranns@cisco.com>
|
|
Change-Id: Ica88268fd6a6ee01da7e9219bb4e81f22ed2fd4b
Signed-off-by: Neale Ranns <nranns@cisco.com>
|
|
Change-Id: Iea64d246008b298edeeae338d781b79362f42046
Signed-off-by: Mohsin Kazmi <sykazmi@cisco.com>
|
|
Change-Id: I5440d80333190ebac46d22eac43183939805a24b
Signed-off-by: Neale Ranns <nranns@cisco.com>
|
|
Change-Id: I74782d3b9b71a071bb500c34866a017b8ee15767
Signed-off-by: Neale Ranns <nranns@cisco.com>
|
|
This reverts commit 57f170bdf9967e3f8ea6e937a70c7f86187f95a2.
Change-Id: I1cab5be8b04ac881b712e67fd72ed202657fedf4
Signed-off-by: Ole Troan <ot@cisco.com>
|
|
CI passes without this.
Change-Id: Iba542211e7b7b0e43c87a293b63a320b511c3d40
Signed-off-by: Paul Vinciguerra <pvinci@vinciconsulting.com>
|
|
Change the definition of vl_api_mac_address_t to an aliased type.
Change-Id: I1434f316d0fad6a099592f39bceeb8faeaf1d134
Signed-off-by: Ole Troan <ot@cisco.com>
|
|
Change-Id: Id4a20066fc5be716c61a497dfcb4d00dc1dbb28d
Signed-off-by: Neale Ranns <nranns@cisco.com>
|
|
Change-Id: I18543785166811ddbd628d19065d3dfad3f948e9
Signed-off-by: Mohsin Kazmi <sykazmi@cisco.com>
|
|
Change-Id: I463b153de93cfec29a9c15e8e84e41f6003d4c5f
Signed-off-by: Neale Ranns <nranns@cisco.com>
|
|
Change-Id: I20192f3a8f4f01f47e775746f6fde7c685f185ee
Signed-off-by: Neale Ranns <nranns@cisco.com>
|
|
Learning GBP endpoints over vxlan-gbp tunnels
Change-Id: I1db9fda5a16802d9ad8b4efd4e475614f3b21502
Signed-off-by: Neale Ranns <neale.ranns@cisco.com>
|
|
Change-Id: Ied34720ca5a6e6e717eea4e86003e854031b6eab
Signed-off-by: Dave Barach <dave@barachs.net>
|
|
Change-Id: I085615fde1f966490f30ed5d32017b8b088cfd59
Signed-off-by: Paul Vinciguerra <pvinci@vinciconsulting.com>
|
|
- common types on the API
- endpoints keyed in various ways for DP lookup
- conparison functions for VPP IP address types
Change-Id: If7ec0bbc5cea71fd0983fe78987d147ec1bd7ec8
Signed-off-by: Neale Ranns <neale.ranns@cisco.com>
|
|
This patch implements vxlan with extension of group based
policy support.
Change-Id: I70405bf7332c02867286da8958d9652837edd3c2
Signed-off-by: Mohsin Kazmi <sykazmi@cisco.com>
|
|
Change-Id: I7513c41307e62068ab5d9739cac393675c6066f8
Signed-off-by: Mohsin Kazmi <sykazmi@cisco.com>
|
|
update the GBP plugin to implement the full NAT feature set of opflex agent
Change-Id: Ic06a039c889445ed0b9087fa1f292634192b0f8d
Signed-off-by: Neale Ranns <neale.ranns@cisco.com>
|
|
Group Base Policy (GBP) defines:
- endpoints: typically a VM or container that is connected to the
virtual switch/router (i.e. to VPP)
- endpoint-group: (EPG) a collection of endpoints
- policy: rules determining which traffic can pass between EPGs a.k.a
a 'contract'
Here, policy is implemented via an ACL.
EPG classification for transit packets is determined by:
- source EPG: from the packet's input interface
- destination EPG: from the packet's destination IP address.
Change-Id: I7b983844826b5fc3d49e21353ebda9df9b224e25
Signed-off-by: Neale Ranns <neale.ranns@cisco.com>
|