summaryrefslogtreecommitdiffstats
path: root/src/plugins/gbp/gbp_contract.c
AgeCommit message (Collapse)AuthorFilesLines
2019-09-23gbp: fix contract rule handlingBenoît Ganne1-1/+9
Fix a memory leak when removing old GBP contract rules and make sure a GBP contract rule exists when matching the corresponding ACL rule. Type: fix Fixes: 13a08cc098 Change-Id: Iba67d573e69280ad998488a7a3d3462341c68ea4 Signed-off-by: Benoît Ganne <bganne@cisco.com>
2019-07-09gbp: Ownership of dynamically created vxlan-gbp tunnels managed via gbp_itfNeale Ranns1-1/+4
Type: fix This solves the ownership of vxlan-gbp tunnels. When the last reference of these goes away they need to be deleted. Currently there are two owners; gbp_itf via gef_itf and the lock held by the gbp_endpoint_location_t. The problem is that the loc removes its reference whilst the fwd still holds the gbp_itf, and things go wrong. This change moves the lifecycle management of the vxlan-gbp tunnel to the gbp_itf. When the last lock of the gbp_itf goes, so does the tunnel. now both the EP's loc and fwd can hold a lock on the gbp_itf and it's only removed when required. The other change is the management of the 'user' of the gbp_itf. Since each user can enable and disable different features, it's the job of the gbp_itf to apply the combined set. determining a unique 'uesr' from the caller was near impossible, so I moved that to the gbp_itf, and return the allocated user, hence the 'handle' that encodes both user and interface. The hash table maps from sw_if_index to pool index. Change-Id: I4c7bf4c0e5dcf33d1c545f262365e69151febcf4 Signed-off-by: Neale Ranns <nranns@cisco.com>
2019-07-08gbp: refactor policy nodesBenoît Ganne1-0/+7
Refactor both policy and policy-dpo nodes so they share the same code for contract & acl lookup and for tracing. This should help to implement new policy schemes. Type: refactor Change-Id: If5704bda708838eb01516dd39473d9bf248cfdf6 Signed-off-by: Benoît Ganne <bganne@cisco.com>
2019-07-03gbp: improve contract formattingNeale Ranns1-8/+12
Type: feature Change-Id: I04be003bd86f828ec387dd0309bebcbf0a041e3a Signed-off-by: Neale Ranns <nranns@cisco.com>
2019-07-01gbp: VRF scoped contractsNeale Ranns1-12/+17
Type: feature Change-Id: I01772cfc3a0118a5c49bf346339788824e6931b2 Signed-off-by: Neale Ranns <nranns@cisco.com>
2019-04-04GBP: Counters per-contractNeale Ranns1-3/+31
Change-Id: I28bb9e3d3ea3a99a9e24801ef5241a0099186108 Signed-off-by: Neale Ranns <nranns@cisco.com>
2019-03-12GBP: contracts API fixed length of allowed ethertypesNeale Ranns1-6/+40
VAPI does not handle two VLAs in one struct. Change-Id: I259c998bef4398ead2bbb9e788350d50c2f05694 Signed-off-by: Neale Ranns <nranns@cisco.com>
2019-03-06GBP: use sclass in the DP for policyNeale Ranns1-16/+16
Change-Id: I154e18f22ec7708127b8ade98e80546ab1dcd05b Signed-off-by: Neale Ranns <nranns@cisco.com>
2018-12-21GBP: add allowed ethertypes to contractsNeale Ranns1-2/+15
Change-Id: I74782d3b9b71a071bb500c34866a017b8ee15767 Signed-off-by: Neale Ranns <nranns@cisco.com>
2018-11-29gbp: Add support for flow hash profileMohsin Kazmi1-6/+25
Change-Id: Ibea87f21b3403045cc0d865903b94396fe670e79 Signed-off-by: Mohsin Kazmi <sykazmi@cisco.com>
2018-11-15GBP: redirect contractsNeale Ranns1-41/+531
Change-Id: I463b153de93cfec29a9c15e8e84e41f6003d4c5f Signed-off-by: Neale Ranns <nranns@cisco.com>
2018-09-10vxlan-gbp: Add support for vxlan gbpMohsin Kazmi1-6/+6
This patch implements vxlan with extension of group based policy support. Change-Id: I70405bf7332c02867286da8958d9652837edd3c2 Signed-off-by: Mohsin Kazmi <sykazmi@cisco.com>
2018-07-19gbp: Add support for ACLMohsin Kazmi1-10/+55
Change-Id: I7513c41307e62068ab5d9739cac393675c6066f8 Signed-off-by: Mohsin Kazmi <sykazmi@cisco.com>
2018-04-13GBP V2Neale Ranns1-0/+163
update the GBP plugin to implement the full NAT feature set of opflex agent Change-Id: Ic06a039c889445ed0b9087fa1f292634192b0f8d Signed-off-by: Neale Ranns <neale.ranns@cisco.com>