summaryrefslogtreecommitdiffstats
path: root/src/plugins/gbp
AgeCommit message (Collapse)AuthorFilesLines
2018-11-20vom: Add support for redirect contracts in gbpMohsin Kazmi3-1/+6
Change-Id: I18543785166811ddbd628d19065d3dfad3f948e9 Signed-off-by: Mohsin Kazmi <sykazmi@cisco.com>
2018-11-15GBP: redirect contractsNeale Ranns19-561/+2013
Change-Id: I463b153de93cfec29a9c15e8e84e41f6003d4c5f Signed-off-by: Neale Ranns <nranns@cisco.com>
2018-11-14Remove c-11 memcpy checks from perf-critical codeDave Barach1-1/+1
Change-Id: Id4f37f5d4a03160572954a416efa1ef9b3d79ad1 Signed-off-by: Dave Barach <dave@barachs.net>
2018-11-13L2 feautre bitmaps output verbose/non-verbose modeNeale Ranns1-2/+2
Change-Id: I15ff191ee8724a3354c074db590472db05e0652e Signed-off-by: Neale Ranns <nranns@cisco.com>
2018-11-09GBP: Fix error-strings array in gbp-vxlan4Neale Ranns1-1/+1
Change-Id: I36c2fa33cdc1db9a6af9b48c99e281abd8af1b6e Signed-off-by: Neale Ranns <nranns@cisco.com>
2018-11-08GBP: fix for coverity found errorsNeale Ranns2-6/+8
Change-Id: Id69678adb578b323ae18034d1b1fddb7417bcc08 Signed-off-by: Neale Ranns <nranns@cisco.com>
2018-11-07GBP: Endpoints with VLAN tags and birdges that don't learnNeale Ranns5-17/+77
Change-Id: I20192f3a8f4f01f47e775746f6fde7c685f185ee Signed-off-by: Neale Ranns <nranns@cisco.com>
2018-11-07GBP Endpoint LearningNeale Ranns26-568/+5485
Learning GBP endpoints over vxlan-gbp tunnels Change-Id: I1db9fda5a16802d9ad8b4efd4e475614f3b21502 Signed-off-by: Neale Ranns <neale.ranns@cisco.com>
2018-10-23c11 safe string handling supportDave Barach4-8/+8
Change-Id: Ied34720ca5a6e6e717eea4e86003e854031b6eab Signed-off-by: Dave Barach <dave@barachs.net>
2018-09-24Trivial: Clean up some typos.Paul Vinciguerra5-9/+9
Change-Id: I085615fde1f966490f30ed5d32017b8b088cfd59 Signed-off-by: Paul Vinciguerra <pvinci@vinciconsulting.com>
2018-09-11GBP Endpoint UpdatesNeale Ranns9-303/+577
- common types on the API - endpoints keyed in various ways for DP lookup - conparison functions for VPP IP address types Change-Id: If7ec0bbc5cea71fd0983fe78987d147ec1bd7ec8 Signed-off-by: Neale Ranns <neale.ranns@cisco.com>
2018-09-10vxlan-gbp: Add support for vxlan gbpMohsin Kazmi9-35/+35
This patch implements vxlan with extension of group based policy support. Change-Id: I70405bf7332c02867286da8958d9652837edd3c2 Signed-off-by: Mohsin Kazmi <sykazmi@cisco.com>
2018-09-08L2 BVI/FIB: Update L2 FIB table when BVI's MAC changesNeale Ranns4-0/+8
also some moving of l2 headers to reduce dependencies Change-Id: I7a700a411a91451ef13fd65f9c90de2432b793bb Signed-off-by: Neale Ranns <nranns@cisco.com>
2018-08-27cmake: Fix plugins .h includesMohsin Kazmi1-0/+5
Change-Id: I90600d000afb02e8969f3c01bcf9e4b5c10a7d39 Signed-off-by: Mohsin Kazmi <sykazmi@cisco.com>
2018-08-25cmake: improve add_vpp_plugin macroDamjan Marion1-2/+5
Change-Id: Iffd5c45ab242a919592a1f686f7f880936b68a1a Signed-off-by: Damjan Marion <damarion@cisco.com>
2018-08-17CMake as an alternative to autotools (experimental)Damjan Marion1-0/+27
Change-Id: Ibc59323e849810531dd0963e85493efad3b86857 Signed-off-by: Damjan Marion <damarion@cisco.com>
2018-07-30FIB: return entry prefix by const reference to avoid the copyNeale Ranns1-5/+5
Change-Id: I09b8406168df4b6b28df3ede24ee839681be0195 Signed-off-by: Neale Ranns <neale.ranns@cisco.com>
2018-07-19Remove unused argument to vlib_feature_nextDamjan Marion1-2/+1
Change-Id: Ieb8b53977fc8484c19780941e232ee072b667de3 Signed-off-by: Damjan Marion <damarion@cisco.com>
2018-07-19gbp: Add support for ACLMohsin Kazmi6-58/+178
Change-Id: I7513c41307e62068ab5d9739cac393675c6066f8 Signed-off-by: Mohsin Kazmi <sykazmi@cisco.com>
2018-06-05bond: send gratuitous arp when the active slave went down in active-backup modeSteven1-4/+2
- Modify the API send_ip6_na and send_ip4_garp to take sw_if_index instead of vnet_hw_interface_t and add call to build_ethernet_rewrite to support subinterface/vlan - Add code to bonding driver to send an event to bond_process when the first interface becomes active or when the active interface is down - Create a bond_process to walk the interface and the corresponding subinterfaces to send garp/ip6_na when an event is received. - Minor cleanup in bonding/node.c Note: dpdk bonding driver does not send garp/ip6_na for subinterfaces. There is no attempt to fix it here. But the infra is now done and should be easy to add the support. Change-Id: If3ecc4cd0fb3051330f7fa11ca0dab3e18557ce1 Signed-off-by: Steven <sluong@cisco.com>
2018-04-25GBPv6: NAT66 actions for GBPNeale Ranns1-1/+12
Change-Id: I379150a88f2d53d6281be41e8bad6fc4f4e88a71 Signed-off-by: Neale Ranns <neale.ranns@cisco.com>
2018-04-13GBP V2Neale Ranns24-884/+3709
update the GBP plugin to implement the full NAT feature set of opflex agent Change-Id: Ic06a039c889445ed0b9087fa1f292634192b0f8d Signed-off-by: Neale Ranns <neale.ranns@cisco.com>
2018-03-22gbp: Add the next node lookupMohsin Kazmi1-0/+5
Change-Id: Ia0f659b810f2c79b1a6c98ce566a86ce413c7448 Signed-off-by: Mohsin Kazmi <sykazmi@cisco.com>
2018-03-07GBP: fix the runs before statement against the ACL nodeNeale Ranns1-2/+2
Change-Id: I0ff13962ab6855663b9aec31c95e4a88cc809ff0 Signed-off-by: Neale Ranns <neale.ranns@cisco.com>
2018-02-09GBP pluginNeale Ranns6-0/+1334
Group Base Policy (GBP) defines: - endpoints: typically a VM or container that is connected to the virtual switch/router (i.e. to VPP) - endpoint-group: (EPG) a collection of endpoints - policy: rules determining which traffic can pass between EPGs a.k.a a 'contract' Here, policy is implemented via an ACL. EPG classification for transit packets is determined by: - source EPG: from the packet's input interface - destination EPG: from the packet's destination IP address. Change-Id: I7b983844826b5fc3d49e21353ebda9df9b224e25 Signed-off-by: Neale Ranns <neale.ranns@cisco.com>
">.add_payload(Dot1Q(vlan=vlan) / payload) packet.payload.type = inner_type packet.payload.vlan = vlan packet.type = tag_type return packet def _remove_tag(self, packet, vlan=None, tag_type=None): if tag_type: self.test.instance().assertEqual(packet.type, tag_type) payload = packet.payload if vlan: self.test.instance().assertEqual(payload.vlan, vlan) inner_type = payload.type payload = payload.payload packet.remove_payload() packet.add_payload(payload) packet.type = inner_type return packet def add_dot1q_layer(self, packet, vlan): return self._add_tag(packet, vlan, self.DOT1Q_TYPE) def add_dot1ad_layer(self, packet, outer, inner): p = self._add_tag(packet, inner, self.DOT1Q_TYPE) return self._add_tag(p, outer, self.DOT1AD_TYPE) def remove_dot1q_layer(self, packet, vlan=None): return self._remove_tag(packet, vlan, self.DOT1Q_TYPE) def remove_dot1ad_layer(self, packet, outer=None, inner=None): p = self._remove_tag(packet, outer, self.DOT1AD_TYPE) return self._remove_tag(p, inner, self.DOT1Q_TYPE) def set_vtr(self, vtr, push1q=0, tag=None, inner=None, outer=None): self._tag1 = 0 self._tag2 = 0 self._push1q = 0 if (vtr == L2_VTR_OP.L2_PUSH_1 or vtr == L2_VTR_OP.L2_TRANSLATE_1_1 or vtr == L2_VTR_OP.L2_TRANSLATE_2_1): self._tag1 = tag self._push1q = push1q if (vtr == L2_VTR_OP.L2_PUSH_2 or vtr == L2_VTR_OP.L2_TRANSLATE_1_2 or vtr == L2_VTR_OP.L2_TRANSLATE_2_2): self._tag1 = outer self._tag2 = inner self._push1q = push1q self.test.vapi.sw_interface_set_l2_tag_rewrite( self.sw_if_index, vtr, push=self._push1q, tag1=self._tag1, tag2=self._tag2) self._vtr = vtr class VppDot1QSubint(VppSubInterface): @property def vlan(self): """VLAN tag""" return self._vlan def __init__(self, test, parent, sub_id, vlan=None): super(VppDot1QSubint, self).__init__(test, parent, sub_id) if vlan is None: vlan = sub_id self._vlan = vlan r = test.vapi.create_vlan_subif(parent.sw_if_index, vlan) self.set_sw_if_index(r.sw_if_index) def create_arp_req(self): packet = VppPGInterface.create_arp_req(self) return self.add_dot1_layer(packet) def create_ndp_req(self): packet = VppPGInterface.create_ndp_req(self) return self.add_dot1_layer(packet) # called before sending packet def add_dot1_layer(self, packet): return self.add_dot1q_layer(packet, self.vlan) # called on received packet to "reverse" the add call def remove_dot1_layer(self, packet): return self.remove_dot1q_layer(packet, self.vlan) class VppDot1ADSubint(VppSubInterface): @property def outer_vlan(self): """Outer VLAN tag""" return self._outer_vlan @property def inner_vlan(self): """Inner VLAN tag""" return self._inner_vlan def __init__(self, test, parent, sub_id, outer_vlan, inner_vlan): super(VppDot1ADSubint, self).__init__(test, parent, sub_id) r = test.vapi.create_subif(parent.sw_if_index, sub_id, outer_vlan, inner_vlan, dot1ad=1, two_tags=1, exact_match=1) self.set_sw_if_index(r.sw_if_index) self._outer_vlan = outer_vlan self._inner_vlan = inner_vlan def create_arp_req(self): packet = VppPGInterface.create_arp_req(self) return self.add_dot1_layer(packet) def create_ndp_req(self): packet = VppPGInterface.create_ndp_req(self) return self.add_dot1_layer(packet) def add_dot1_layer(self, packet): return self.add_dot1ad_layer(packet, self.outer_vlan, self.inner_vlan) def remove_dot1_layer(self, packet): return self.remove_dot1ad_layer(packet, self.outer_vlan, self.inner_vlan) class VppP2PSubint(VppSubInterface): def __init__(self, test, parent, sub_id, remote_mac): super(VppP2PSubint, self).__init__(test, parent, sub_id) r = test.vapi.create_p2pethernet_subif(parent.sw_if_index, remote_mac, sub_id) self.set_sw_if_index(r.sw_if_index) self.parent_sw_if_index = parent.sw_if_index self.p2p_remote_mac = remote_mac def add_dot1_layer(self, packet): return packet def remove_dot1_layer(self, packet): return packet def create_arp_req(self): packet = VppPGInterface.create_arp_req(self) return packet def create_ndp_req(self): packet = VppPGInterface.create_ndp_req(self) return packet