summaryrefslogtreecommitdiffstats
path: root/src/plugins/gbp
AgeCommit message (Collapse)AuthorFilesLines
2019-07-08gbp: refactor policy nodesBenoît Ganne8-406/+301
Refactor both policy and policy-dpo nodes so they share the same code for contract & acl lookup and for tracing. This should help to implement new policy schemes. Type: refactor Change-Id: If5704bda708838eb01516dd39473d9bf248cfdf6 Signed-off-by: Benoît Ganne <bganne@cisco.com>
2019-07-05gbp: use bd index at ext-itf creation instead of bd idBenoît Ganne1-1/+3
Type: fix Fixes: cfc7a107e6cb8be6e7c53a08e23a146c431c8e90 Change-Id: I341cbc94271ab89c3c643756a9c04b790cef8591 Signed-off-by: Benoît Ganne <bganne@cisco.com>
2019-07-05gbp: update gbp-ext-itf APIBenoît Ganne5-107/+49
Change gbp-ext-itf API to create anonymous ext-itf through the same API as non-anonymous instead of a new API Type: refactor Change-Id: I381ff2a5bcd55276793df78ca891334c28946cd0 Signed-off-by: Benoît Ganne <bganne@cisco.com>
2019-07-03gbp: Consider data-plane learnt source better than control-planeNeale Ranns3-4/+16
Type: feature Change-Id: Ice8fc0da6450d2aa8ba63ca1277393ac3605aa2c Signed-off-by: Neale Ranns <nranns@cisco.com>
2019-07-03gbp: improve contract formattingNeale Ranns1-8/+12
Type: feature Change-Id: I04be003bd86f828ec387dd0309bebcbf0a041e3a Signed-off-by: Neale Ranns <nranns@cisco.com>
2019-07-02gbp: add anonymous l3-out subnetsBenoît Ganne4-22/+63
An anonymous l3-out subnet is a locally attached l3-out subnet, and differs from regular l3-out subnets in the way adjacencies are managed. It is required for the anonymous l3-out external interfaces to correctly classify locally attached l3-out hosts. Type: feature Change-Id: Ie7bc88b1f22abc4d0b46db5f3cfbf208bc53ba5f Signed-off-by: Benoît Ganne <bganne@cisco.com>
2019-07-02gbp: add anonymous l3-out external interfacesBenoît Ganne12-156/+481
So far, GBP l3-out packets classification & policy relied on programmed EP. All traffic to/from l3-out must go through a known EP. This patch introduces a new feature where l3-out next-hops are only known by their subnets (l3-out prefixes). As there are no longer known EPs to program, an interface must be configured as external anonymous l3-out. Packets classification & policy on this interface will rely on the external subnets programmed in the BD VRF. Note that contrary to all other interfaces in a GBP BD, external anonymous l3-out interfaces have BD L2 learning turned on and rely on ARP/ND. Type: feature Change-Id: Ieedb29dff4e967d08c4301e82d06bff450a63e5f Signed-off-by: Benoît Ganne <bganne@cisco.com>
2019-07-02gbp: disable L2 BD learning per-interfaceBenoît Ganne4-37/+51
Disable L2 BD learning for each GBP interface instead of at the bridge level. This does not change the current behavior (learning is disabled for all GBP interfaces) but enables turning it on selectively for future features such as anonymous l3-out. Type: refactor Change-Id: Id88644277941d703600acf97d49cbc3332ae3f68 Signed-off-by: Benoît Ganne <bganne@cisco.com>
2019-07-01gbp: VRF scoped contractsNeale Ranns15-36/+148
Type: feature Change-Id: I01772cfc3a0118a5c49bf346339788824e6931b2 Signed-off-by: Neale Ranns <nranns@cisco.com>
2019-06-26gbp: enforce same endpoint mac and ip srcBenoît Ganne1-6/+15
During packet classification, make sure packets coming from an EP also matches this specific EP IP address and vice-versa. This prevents and EP to send a packet on behalf of another EP. Type: fix Change-Id: I30287644ec73b90d9b6913952a82b2baedf6a5ff Signed-off-by: Benoît Ganne <bganne@cisco.com>
2019-06-26api: refactor format_vl_api_prefix_t return keysPaul Vinciguerra1-1/+1
format_vl_api_prefix_t returns a dict with keys 'address' and 'address_length', but other format_vl_api_prefix functions return a dict with 'prefix', and 'len'. Refactor all format_vl_api_prefix_t to return consistent keys 'address' and 'len'. Type: refactor Change-Id: I5f9558fc2da8742a303266e011102f5b2db80aad Signed-off-by: Paul Vinciguerra <pvinci@vinciconsulting.com>
2019-06-19gbp: Add support for arp unicast forward in gbp bridge domainMohsin Kazmi1-1/+8
Type: feature Change-Id: Id487fe46194d0a89bd5ac53a9f4ff78b5ff6de60 Signed-off-by: Mohsin Kazmi <sykazmi@cisco.com>
2019-06-06gbp: fix lpm classification with vlanBenoît Ganne1-50/+12
Fix GBP LPM packet classification in the presence of a VLAN header. Change-Id: I2ff63b34f7475d696b10b5a245ff802bbb1ff01a Signed-off-by: Benoît Ganne <bganne@cisco.com>
2019-06-06gbp: do not classify unknown packet as EP packetsBenoît Ganne1-0/+4
If we fail to classify the packet based on LPM we must not classify it based on the EP sclass. Change-Id: Ie234e0c87bd44976c3c57c818359c93f7d99ab84 Signed-off-by: Benoît Ganne <bganne@cisco.com>
2019-06-03GBP: add subnet cli commandBenoît Ganne1-2/+85
Change-Id: I0f631da9d13df2d9c32bad879b2a6034cb847378 Signed-off-by: Benoît Ganne <bganne@cisco.com>
2019-05-16init / exit function orderingDave Barach1-8/+7
The vlib init function subsystem now supports a mix of procedural and formally-specified ordering constraints. We should eliminate procedural knowledge wherever possible. The following schemes are *roughly* equivalent: static clib_error_t *init_runs_first (vlib_main_t *vm) { clib_error_t *error; ... do some stuff... if ((error = vlib_call_init_function (init_runs_next))) return error; ... } VLIB_INIT_FUNCTION (init_runs_first); and static clib_error_t *init_runs_first (vlib_main_t *vm) { ... do some stuff... } VLIB_INIT_FUNCTION (init_runs_first) = { .runs_before = VLIB_INITS("init_runs_next"), }; The first form will [most likely] call "init_runs_next" on the spot. The second form means that "init_runs_first" runs before "init_runs_next," possibly much earlier in the sequence. Please DO NOT construct sets of init functions where A before B actually means A *right before* B. It's not necessary - simply combine A and B - and it leads to hugely annoying debugging exercises when trying to switch from ad-hoc procedural ordering constraints to formal ordering constraints. Change-Id: I5e4353503bf43b4acb11a45fb33c79a5ade8426c Signed-off-by: Dave Barach <dave@barachs.net>
2019-05-03plugins: clean up plugin descriptionsDave Wallace1-1/+1
- Make plugin descriptions more consistent so the output of "show plugin" can be used in the wiki. Change-Id: I4c6feb11e7dcc5a4cf0848eed37f1d3b035c7dda Signed-off-by: Dave Wallace <dwallacelf@gmail.com>
2019-04-18GBP: update cli to reflect API changesBenoît Ganne3-10/+7
Some GBP debug cli short help and commands were not in sync anymore with GBP API. Change-Id: I224bec51fbacd8a3685b70d4e7a52b5803fd3ad4 Signed-off-by: Benoît Ganne <bganne@cisco.com>
2019-04-16gbp: Add support for allow sclass/dclass 1Mohsin Kazmi3-5/+36
Change-Id: I51f61a399e3eace93011f9431cbd7968e9be627c Signed-off-by: Mohsin Kazmi <sykazmi@cisco.com>
2019-04-08GBP: drop and contract countersNeale Ranns2-16/+126
Change-Id: Ib436512a26e53f70f7b5e47bf34224ab73e5244e Signed-off-by: Neale Ranns <nranns@cisco.com>
2019-04-07GBP: coverity uninitialised variable warningNeale Ranns1-1/+1
Change-Id: Ic6e23f497fd91dcb1441f9f4d88a182712e69d3f Signed-off-by: Neale Ranns <nranns@cisco.com>
2019-04-06gbp: Add gbp bd flags unit testMohsin Kazmi1-0/+6
Change-Id: I5b18cb84bec88f5514cacd2df61b5ce3c70abd77 Signed-off-by: Mohsin Kazmi <sykazmi@cisco.com>
2019-04-04GBP: Counters per-contractNeale Ranns4-13/+62
Change-Id: I28bb9e3d3ea3a99a9e24801ef5241a0099186108 Signed-off-by: Neale Ranns <nranns@cisco.com>
2019-04-04gbp: Add bd flagsMohsin Kazmi4-11/+38
Add flags for unknown unicast drop, multicast and broadcast drop and arp unicast. Change-Id: I1203137510b8bee0a20ecfe5f2efad8043d4bac6 Signed-off-by: Mohsin Kazmi <sykazmi@cisco.com>
2019-04-03GBP: iVXLAN reflection checkNeale Ranns2-12/+42
packets should not egress on an iVXLAN tunnel if they arrived on one. Change-Id: I9adca30252364b4878f99e254aebc73b70a5d4d6 Signed-off-by: Neale Ranns <nranns@cisco.com>
2019-03-28Punt InfraNeale Ranns1-19/+19
A punt/exception path that provides: 1) clients that use the infra 2) clients can create punt reasons 3) clients can register to recieve packets that are punted for a given reason to be sent to the desired node. 4) nodes which punt packets fill in the {reason,protocol} of the buffere (in the meta-data) and send to the new node "punt-dispatch" 5) punt-dispatch sends packets to the registered nodes or drops Change-Id: Ia4f144337f1387cbe585b4f375d0842aefffcde5 Signed-off-by: Neale Ranns <nranns@cisco.com>
2019-03-27GBP: fixes for l3-out routingNeale Ranns2-8/+16
Change-Id: I4d73b712da911588d511a8401b73cdc3c66346fe Signed-off-by: Neale Ranns <nranns@cisco.com>
2019-03-14GBP: coverity legit bugNeale Ranns1-0/+1
Change-Id: Ia7d98842669c605052371c2bf6a016e4b4f7dc8f Signed-off-by: Neale Ranns <nranns@cisco.com>
2019-03-14GBP: update semantics for subnetsNeale Ranns1-13/+23
Change-Id: I895c03b365619e6c66613242f4a97c79ce579879 Signed-off-by: Neale Ranns <nranns@cisco.com>
2019-03-14GBP: get source address from ARP packets for LPM classificationNeale Ranns1-43/+69
Change-Id: I1370c1882f8ba9b709e54e62356d2c57d47d20fc Signed-off-by: Neale Ranns <nranns@cisco.com>
2019-03-12GBP: L3 out fixesNeale Ranns5-25/+129
Change-Id: I0562d597fd45c7ddcb6db42cf17d3ffb569eb140 Signed-off-by: Neale Ranns <nranns@cisco.com>
2019-03-12GBP: custom-dump functionsNeale Ranns5-17/+376
Change-Id: I719882acb59bd069fd88b10989f11085a0c41ae6 Signed-off-by: Neale Ranns <nranns@cisco.com> Signed-off-by: Mohsin Kazmi <sykazmi@cisco.com>
2019-03-12GBP: contracts API fixed length of allowed ethertypesNeale Ranns3-16/+45
VAPI does not handle two VLAs in one struct. Change-Id: I259c998bef4398ead2bbb9e788350d50c2f05694 Signed-off-by: Neale Ranns <nranns@cisco.com>
2019-03-08updates now that flags are supported on the APINeale Ranns1-2/+0
Change-Id: I9c45f390a6454c114f12f9c46c3a93fcecffa73f Signed-off-by: Neale Ranns <nranns@cisco.com>
2019-03-06GBP: use sclass in the DP for policyNeale Ranns29-684/+204
Change-Id: I154e18f22ec7708127b8ade98e80546ab1dcd05b Signed-off-by: Neale Ranns <nranns@cisco.com>
2019-03-06GBP: format EPG retention policyNeale Ranns1-1/+12
Change-Id: I17826cfa9a27dc241e07988bf0bbaf9eca9ae525 Signed-off-by: Neale Ranns <nranns@cisco.com>
2019-03-06GBP: learn from ARP and L2 packetsNeale Ranns8-17/+69
Change-Id: I8af7bca566ec7c9bd2b72529d49e04c6e649b44a Signed-off-by: Neale Ranns <nranns@cisco.com>
2019-03-05GBP: format include EPG indexNeale Ranns1-1/+2
Change-Id: I1789a4ea44cfc6a11ad8750074ffcf14c4ab8712 Signed-off-by: Neale Ranns <nranns@cisco.com>
2019-03-05GBP: per-group EP retention policyNeale Ranns8-66/+55
Change-Id: I3ed4e2e92f74f15b07fcd3e7fbc3fa8718d5249d Signed-off-by: Neale Ranns <nranns@cisco.com>
2019-03-04GBP: return appropriate error code if tranport mode subnet has no interfaceNeale Ranns1-0/+3
Change-Id: Ic230b332a01c36454c11d0b6515ec256bd0fd5c6 Signed-off-by: Neale Ranns <nranns@cisco.com>
2019-03-04GBP: fix and print GBP BD flagsNeale Ranns3-4/+26
Change-Id: If3fe2752c9339049123ff4674e3a29449b520374 Signed-off-by: Neale Ranns <nranns@cisco.com>
2019-03-04GBP: fix UT after multi-arch changeNeale Ranns13-1889/+2036
Change-Id: I09c400d71b3c973341fd79fe9b6709592d96822c Signed-off-by: Neale Ranns <nranns@cisco.com>
2019-03-04gbp: migrate old MULTIARCH macros to VLIB_NODE_FNFilip Tehlar13-503/+535
Change-Id: I3b10caa447b796172f787df8fcbb92f2b4dd2803 Signed-off-by: Filip Tehlar <ftehlar@cisco.com>
2019-02-22GBP: include sclass in format EPGNeale Ranns1-1/+2
Change-Id: I6cbc7dafcc59aa67d79c718d88f67d71ee97b4b6 Signed-off-by: Neale Ranns <nranns@cisco.com>
2019-02-22GBP: remove testing assertsNeale Ranns2-2/+0
Change-Id: I27ba13b3501debd4dcbda5df05afdcfc497f608f Signed-off-by: Neale Ranns <nranns@cisco.com>
2019-02-21GBP: BD index not BD IDNeale Ranns1-1/+1
Change-Id: I6da1ea25d688011b7aead1f639dd6a234ca4f20a Signed-off-by: Neale Ranns <nranns@cisco.com>
2019-01-30Use IP and MAC API types for neighborsNeale Ranns1-1/+1
use address_t and mac_address_t for IPv6 and ARP entries and all other API calls in ip.api aprat from the route ones, that will follow in a separate commit Change-Id: I67161737c2184d3f8fc1e79ebd2b55121c5b0191 Signed-off-by: Neale Ranns <nranns@cisco.com>
2019-01-22gbp: fix inlining issueDamjan Marion1-7/+7
Change-Id: Idbbe5996a5749733a904433b57cba7ab63fdbbcb Signed-off-by: Damjan Marion <damarion@cisco.com>
2019-01-22GBP: Sclass to src-epg conversionsNeale Ranns13-23/+564
Change-Id: Ica88268fd6a6ee01da7e9219bb4e81f22ed2fd4b Signed-off-by: Neale Ranns <nranns@cisco.com>
2019-01-11gbp2: Fix typo in conditionMohsin Kazmi1-1/+3
Change-Id: I1b327309586c9234a22cda011953a1940d31e1ba Signed-off-by: Mohsin Kazmi <sykazmi@cisco.com>