| Age | Commit message (Collapse) | Author | Files | Lines |
|---|
|
Refactor both policy and policy-dpo nodes so they share the same code
for contract & acl lookup and for tracing.
This should help to implement new policy schemes.
Type: refactor
Change-Id: If5704bda708838eb01516dd39473d9bf248cfdf6
Signed-off-by: Benoît Ganne <bganne@cisco.com>
|
|
Type: fix
Fixes: cfc7a107e6cb8be6e7c53a08e23a146c431c8e90
Change-Id: I341cbc94271ab89c3c643756a9c04b790cef8591
Signed-off-by: Benoît Ganne <bganne@cisco.com>
|
|
Change gbp-ext-itf API to create anonymous ext-itf through the same API
as non-anonymous instead of a new API
Type: refactor
Change-Id: I381ff2a5bcd55276793df78ca891334c28946cd0
Signed-off-by: Benoît Ganne <bganne@cisco.com>
|
|
Type: feature
Change-Id: Ice8fc0da6450d2aa8ba63ca1277393ac3605aa2c
Signed-off-by: Neale Ranns <nranns@cisco.com>
|
|
Type: feature
Change-Id: I04be003bd86f828ec387dd0309bebcbf0a041e3a
Signed-off-by: Neale Ranns <nranns@cisco.com>
|
|
An anonymous l3-out subnet is a locally attached l3-out subnet, and
differs from regular l3-out subnets in the way adjacencies are managed.
It is required for the anonymous l3-out external interfaces to correctly
classify locally attached l3-out hosts.
Type: feature
Change-Id: Ie7bc88b1f22abc4d0b46db5f3cfbf208bc53ba5f
Signed-off-by: Benoît Ganne <bganne@cisco.com>
|
|
So far, GBP l3-out packets classification & policy relied on programmed
EP. All traffic to/from l3-out must go through a known EP.
This patch introduces a new feature where l3-out next-hops are only
known by their subnets (l3-out prefixes). As there are no longer known
EPs to program, an interface must be configured as external anonymous
l3-out. Packets classification & policy on this interface will rely on
the external subnets programmed in the BD VRF.
Note that contrary to all other interfaces in a GBP BD, external
anonymous l3-out interfaces have BD L2 learning turned on and rely on
ARP/ND.
Type: feature
Change-Id: Ieedb29dff4e967d08c4301e82d06bff450a63e5f
Signed-off-by: Benoît Ganne <bganne@cisco.com>
|
|
Disable L2 BD learning for each GBP interface instead of at the bridge
level. This does not change the current behavior (learning is disabled
for all GBP interfaces) but enables turning it on selectively for future
features such as anonymous l3-out.
Type: refactor
Change-Id: Id88644277941d703600acf97d49cbc3332ae3f68
Signed-off-by: Benoît Ganne <bganne@cisco.com>
|
|
Type: feature
Change-Id: I01772cfc3a0118a5c49bf346339788824e6931b2
Signed-off-by: Neale Ranns <nranns@cisco.com>
|
|
During packet classification, make sure packets coming from an EP also
matches this specific EP IP address and vice-versa. This prevents and EP
to send a packet on behalf of another EP.
Type: fix
Change-Id: I30287644ec73b90d9b6913952a82b2baedf6a5ff
Signed-off-by: Benoît Ganne <bganne@cisco.com>
|
|
format_vl_api_prefix_t returns a dict with keys 'address' and 'address_length',
but other format_vl_api_prefix functions return a dict with 'prefix', and 'len'.
Refactor all format_vl_api_prefix_t to return consistent keys 'address' and 'len'.
Type: refactor
Change-Id: I5f9558fc2da8742a303266e011102f5b2db80aad
Signed-off-by: Paul Vinciguerra <pvinci@vinciconsulting.com>
|
|
Type: feature
Change-Id: Id487fe46194d0a89bd5ac53a9f4ff78b5ff6de60
Signed-off-by: Mohsin Kazmi <sykazmi@cisco.com>
|
|
Fix GBP LPM packet classification in the presence of a VLAN header.
Change-Id: I2ff63b34f7475d696b10b5a245ff802bbb1ff01a
Signed-off-by: Benoît Ganne <bganne@cisco.com>
|
|
If we fail to classify the packet based on LPM we must not classify it
based on the EP sclass.
Change-Id: Ie234e0c87bd44976c3c57c818359c93f7d99ab84
Signed-off-by: Benoît Ganne <bganne@cisco.com>
|
|
Change-Id: I0f631da9d13df2d9c32bad879b2a6034cb847378
Signed-off-by: Benoît Ganne <bganne@cisco.com>
|
|
The vlib init function subsystem now supports a mix of procedural and
formally-specified ordering constraints. We should eliminate procedural
knowledge wherever possible.
The following schemes are *roughly* equivalent:
static clib_error_t *init_runs_first (vlib_main_t *vm)
{
clib_error_t *error;
... do some stuff...
if ((error = vlib_call_init_function (init_runs_next)))
return error;
...
}
VLIB_INIT_FUNCTION (init_runs_first);
and
static clib_error_t *init_runs_first (vlib_main_t *vm)
{
... do some stuff...
}
VLIB_INIT_FUNCTION (init_runs_first) =
{
.runs_before = VLIB_INITS("init_runs_next"),
};
The first form will [most likely] call "init_runs_next" on the
spot. The second form means that "init_runs_first" runs before
"init_runs_next," possibly much earlier in the sequence.
Please DO NOT construct sets of init functions where A before B
actually means A *right before* B. It's not necessary - simply combine
A and B - and it leads to hugely annoying debugging exercises when
trying to switch from ad-hoc procedural ordering constraints to formal
ordering constraints.
Change-Id: I5e4353503bf43b4acb11a45fb33c79a5ade8426c
Signed-off-by: Dave Barach <dave@barachs.net>
|
|
- Make plugin descriptions more consistent
so the output of "show plugin" can be
used in the wiki.
Change-Id: I4c6feb11e7dcc5a4cf0848eed37f1d3b035c7dda
Signed-off-by: Dave Wallace <dwallacelf@gmail.com>
|
|
Some GBP debug cli short help and commands were not in sync anymore with
GBP API.
Change-Id: I224bec51fbacd8a3685b70d4e7a52b5803fd3ad4
Signed-off-by: Benoît Ganne <bganne@cisco.com>
|
|
Change-Id: I51f61a399e3eace93011f9431cbd7968e9be627c
Signed-off-by: Mohsin Kazmi <sykazmi@cisco.com>
|
|
Change-Id: Ib436512a26e53f70f7b5e47bf34224ab73e5244e
Signed-off-by: Neale Ranns <nranns@cisco.com>
|
|
Change-Id: Ic6e23f497fd91dcb1441f9f4d88a182712e69d3f
Signed-off-by: Neale Ranns <nranns@cisco.com>
|
|
Change-Id: I5b18cb84bec88f5514cacd2df61b5ce3c70abd77
Signed-off-by: Mohsin Kazmi <sykazmi@cisco.com>
|
|
Change-Id: I28bb9e3d3ea3a99a9e24801ef5241a0099186108
Signed-off-by: Neale Ranns <nranns@cisco.com>
|
|
Add flags for unknown unicast drop, multicast and broadcast
drop and arp unicast.
Change-Id: I1203137510b8bee0a20ecfe5f2efad8043d4bac6
Signed-off-by: Mohsin Kazmi <sykazmi@cisco.com>
|
|
packets should not egress on an iVXLAN tunnel if they
arrived on one.
Change-Id: I9adca30252364b4878f99e254aebc73b70a5d4d6
Signed-off-by: Neale Ranns <nranns@cisco.com>
|
|
A punt/exception path that provides:
1) clients that use the infra
2) clients can create punt reasons
3) clients can register to recieve packets that are punted
for a given reason to be sent to the desired node.
4) nodes which punt packets fill in the {reason,protocol} of the
buffere (in the meta-data) and send to the new node "punt-dispatch"
5) punt-dispatch sends packets to the registered nodes or drops
Change-Id: Ia4f144337f1387cbe585b4f375d0842aefffcde5
Signed-off-by: Neale Ranns <nranns@cisco.com>
|
|
Change-Id: I4d73b712da911588d511a8401b73cdc3c66346fe
Signed-off-by: Neale Ranns <nranns@cisco.com>
|
|
Change-Id: Ia7d98842669c605052371c2bf6a016e4b4f7dc8f
Signed-off-by: Neale Ranns <nranns@cisco.com>
|
|
Change-Id: I895c03b365619e6c66613242f4a97c79ce579879
Signed-off-by: Neale Ranns <nranns@cisco.com>
|
|
Change-Id: I1370c1882f8ba9b709e54e62356d2c57d47d20fc
Signed-off-by: Neale Ranns <nranns@cisco.com>
|
|
Change-Id: I0562d597fd45c7ddcb6db42cf17d3ffb569eb140
Signed-off-by: Neale Ranns <nranns@cisco.com>
|
|
Change-Id: I719882acb59bd069fd88b10989f11085a0c41ae6
Signed-off-by: Neale Ranns <nranns@cisco.com>
Signed-off-by: Mohsin Kazmi <sykazmi@cisco.com>
|
|
VAPI does not handle two VLAs in one struct.
Change-Id: I259c998bef4398ead2bbb9e788350d50c2f05694
Signed-off-by: Neale Ranns <nranns@cisco.com>
|
|
Change-Id: I9c45f390a6454c114f12f9c46c3a93fcecffa73f
Signed-off-by: Neale Ranns <nranns@cisco.com>
|
|
Change-Id: I154e18f22ec7708127b8ade98e80546ab1dcd05b
Signed-off-by: Neale Ranns <nranns@cisco.com>
|
|
Change-Id: I17826cfa9a27dc241e07988bf0bbaf9eca9ae525
Signed-off-by: Neale Ranns <nranns@cisco.com>
|
|
Change-Id: I8af7bca566ec7c9bd2b72529d49e04c6e649b44a
Signed-off-by: Neale Ranns <nranns@cisco.com>
|
|
Change-Id: I1789a4ea44cfc6a11ad8750074ffcf14c4ab8712
Signed-off-by: Neale Ranns <nranns@cisco.com>
|
|
Change-Id: I3ed4e2e92f74f15b07fcd3e7fbc3fa8718d5249d
Signed-off-by: Neale Ranns <nranns@cisco.com>
|
|
Change-Id: Ic230b332a01c36454c11d0b6515ec256bd0fd5c6
Signed-off-by: Neale Ranns <nranns@cisco.com>
|
|
Change-Id: If3fe2752c9339049123ff4674e3a29449b520374
Signed-off-by: Neale Ranns <nranns@cisco.com>
|
|
Change-Id: I09c400d71b3c973341fd79fe9b6709592d96822c
Signed-off-by: Neale Ranns <nranns@cisco.com>
|
|
Change-Id: I3b10caa447b796172f787df8fcbb92f2b4dd2803
Signed-off-by: Filip Tehlar <ftehlar@cisco.com>
|
|
Change-Id: I6cbc7dafcc59aa67d79c718d88f67d71ee97b4b6
Signed-off-by: Neale Ranns <nranns@cisco.com>
|
|
Change-Id: I27ba13b3501debd4dcbda5df05afdcfc497f608f
Signed-off-by: Neale Ranns <nranns@cisco.com>
|
|
Change-Id: I6da1ea25d688011b7aead1f639dd6a234ca4f20a
Signed-off-by: Neale Ranns <nranns@cisco.com>
|
|
use address_t and mac_address_t for IPv6 and ARP entries
and all other API calls in ip.api aprat from the route ones,
that will follow in a separate commit
Change-Id: I67161737c2184d3f8fc1e79ebd2b55121c5b0191
Signed-off-by: Neale Ranns <nranns@cisco.com>
|
|
Change-Id: Idbbe5996a5749733a904433b57cba7ab63fdbbcb
Signed-off-by: Damjan Marion <damarion@cisco.com>
|
|
Change-Id: Ica88268fd6a6ee01da7e9219bb4e81f22ed2fd4b
Signed-off-by: Neale Ranns <nranns@cisco.com>
|
|
Change-Id: I1b327309586c9234a22cda011953a1940d31e1ba
Signed-off-by: Mohsin Kazmi <sykazmi@cisco.com>
|
Benoît Ganne
Neale Ranns
Paul Vinciguerra
Mohsin Kazmi
Dave Barach
Dave Wallace
Filip Tehlar
Damjan Marion