Age | Commit message (Collapse) | Author | Files | Lines |
|
gcc8 introduced a new warning (Wstringop-truncation) which in our case
is being treated as error.
Disabling the warning globally might introduce bugs related to string
truncation which are not desired by the developer (e.g. bug).
Instead, this patch disables the warning only for those occurences
which have been verified to be non-bugs but the desired behaviour as per
developer will.
Change-Id: I0f04ff6b4fad44061e80a65af633fd7e0148a0c5
Signed-off-by: Marco Varlese <marco.varlese@suse.com>
(cherry picked from commit 99d7a72cbcad959e805e8e8b5efb112e9def69c2)
|
|
some IGMP hashse use only a u32 key, which is not stored in the object, so don't use memory based hash
Change-Id: Iaa4eddf568ea0164bc2a812da4cc502f1811b93c
Signed-off-by: Neale Ranns <nranns@cisco.com>
|
|
Change-Id: Iaeb52d94cb6da63ee93af7c1cf2dade6046cba1d
Signed-off-by: Neale Ranns <nranns@cisco.com>
|
|
- hash is great. But it is a bit too slow for the DP. Use direct array indexing
to quickly retrieve the slave interface.
- the algorithm used by flow hash is great. But it is a bit too slow for the DP.
Use l2_hash_hash() extracted from lb_hash.h which ECMP is using. It makes use
of intrinsic crc32 instruction set.
- shortcut modulo arithmetic when the operand is 2**x (where x up to 4) to
avoid division instruction.
- special case for link count == 1 in bond_tx_fn()
- use clib_mem_unaligned to access data for the packet to avoid alignment error
- Fix some typos for packet tracing.
Change-Id: I8eae3ad497061c5473aa675ba894ee0211120d25
Signed-off-by: Steven <sluong@cisco.com>
(cherry picked from commit 0d88301a576191a0e330e539cf1dcb3837ee1bf6)
|
|
Object sizes must evenly divide alignment requests, or vice
versa. Otherwise, only the first object will be aligned as
requested.
Three choices: add CLIB_CACHE_LINE_ALIGN_MARK(align_me) at
the end of structures, manually pad to an even divisor or multiple of
the alignment request, or use plain vectors/pools.
static assert for enforcement.
Change-Id: I41aa6ff1a58267301d32aaf4b9cd24678ac1c147
Signed-off-by: Dave Barach <dbarach@cisco.com>
|
|
[VPP-1251]
Problem:
When the bond subinterface is removed, it was observed that we lost the lacp
partner. Show hardware shows rx counter goes up, but show interface does not
for the slave interfaces.
Cause:
We reset the interface promiscuous mode when the bond subinterface is deleted.
This causes dpdk not to accept any packet. Leave the interface in promiscuous
mode fixes the problem.
Other fixes:
There are few places we use hw_if_index as if they are sw_if_index. But they
don't necessarily have the same value. As soon as a subinterface is created,
they start to diverge. The fix is to use the correct API for the hw_if_index
and sw_if_index.
Change-Id: I1e6b8bca0a4aae396d217a141271cbf968500c91
Signed-off-by: Steven <sluong@cisco.com>
|
|
We should be sending LACP PDU every second if the partner has LACP_TIMEOUT flag
set which means it will time us out in 3 seconds.
Add interface name for lacp trace
Change-Id: If7d816c062d03e80cc0dd7d10dba0b76ace0664a
Signed-off-by: Steven <sluong@cisco.com>
|
|
in more than one C file
Including the exports.h from multiple .c files belonging to a single plugin results in an error.
Fix that by making all the exported function pointers static, so every place
which includes the exports.h gets its own copy of function pointers.
This will also require to call separately the acl_plugin_exports_init() per file
to initialize them.
Change-Id: Icb70695efa23579c46c716944838766cebc8573e
Signed-off-by: Andrew Yourtchenko <ayourtch@gmail.com>
|
|
https://gerrit.fd.io/r/#/c/7701/ accidentally removed 3 lines of code in
dpdk/device/init.c which were added by https://gerrit.fd.io/r/#/c/7826/
case VNET_DPDK_PMD_VHOST_ETHER:
xd->port_type = VNET_DPDK_PORT_TYPE_VHOST_ETHER;
break;
Those lines were needed to recognize vhost-user interface which is created
via vdev command in dpdk and display VhostEthernet. Without them,
UnknownEthernet is displayed.
Change-Id: I6d7ee6aecc6a415fbb7308595d515649475bcd5f
Signed-off-by: Steven <sluong@cisco.com>
(cherry picked from commit 684d08c7e5378af5310346e9219a79ef1d901084)
|
|
Change-Id: I994649761fe2e66e12ae0e49a84fb1d0a966ddfb
Signed-off-by: Neale Ranns <nranns@cisco.com>
(cherry picked from commit 756cd9441752fc8f84104c9ee19099506ba89f85)
|
|
It is a relatively rarely used low level command for code that didn't change,
but due to infra changes it did not survive. Having it working may be very
useful for corner-case debugging. So, fix it for working with
the acl-as-a-service infra.
Change-Id: I11b60e0c78591cc340b043ec240f0311ea1eb2f9
Signed-off-by: Andrew Yourtchenko <ayourtch@gmail.com>
|
|
Change-Id: I6400b77de388c01e85209e5dc5f11ccafb79a459
Signed-off-by: Radu Nicolau <radu.nicolau@intel.com>
(cherry picked from commit 5aaea1186e4464c0bcbd165ead4b1782a35bb056)
|
|
Change-Id: Id5a2a90d81cc9cb87cb6fb89ac2f4ca3cbcb51e2
Signed-off-by: Juraj Sloboda <jsloboda@cisco.com>
(cherry picked from commit 9341e34b500ce7c68fc6857a24ee7b67cac121b1)
|
|
only in lookup context 0
In process of extracting the matching out of the ACL plugin internals,
a couple of pieces setting the miscellaneout fields in the 5tuple structure
did not make it, so they are initialized to zeroes. Move the assignments
to the right place to make both traffic acls and acl-as-a-service working.
Change-Id: I66a7540a13b05113b599f0541999a18fad60385d
Signed-off-by: Andrew Yourtchenko <ayourtch@gmail.com>
|
|
using the inline functions
The acl_main struct, which is defined in the acl_plugin, is not visible when
the ACL plugin inline code is being compiled within the context of other plugins.
Fix that by using the global pointer variable, which exists in both the ACL plugin
context and is set in the context of the external plugins using ACL plugin.
Change-Id: Iaa74dd8cf36ff5442a06a25c5c968722116bddf8
Signed-off-by: Andrew Yourtchenko <ayourtch@gmail.com>
|
|
The users of ACL lookup contexts might not check the data they supply,
so do it on their behalf in this function, and return an error if
an ACL does not exist or if they attempt to apply the same ACL twice.
Change-Id: I89d871e60f267ce643f88574c83baf9cd0a2d7b3
Signed-off-by: Andrew Yourtchenko <ayourtch@gmail.com>
|
|
Change-Id: I71660eb327124179ff200763c4743cc81dc6e1c6
Signed-off-by: Matus Fabian <matfabia@cisco.com>
(cherry picked from commit f13a8787365300d757eca4624c8f8a6b7c49392b)
|
|
Change-Id: Id775efb2e85d850e510d00f1b48bb711a3342397
Signed-off-by: Damjan Marion <damarion@cisco.com>
|
|
Change-Id: Ibcffee7d20dbb79720199bcd82d2353f39d5544f
Signed-off-by: Chris Luke <chrisy@flirble.org>
|
|
Change-Id: I65306fb1f8e39221dd1d8c00737a7fb1c0129ba8
Signed-off-by: Damjan Marion <damarion@cisco.com>
|
|
Change-Id: Ia99490180683e8649784f7d9d18c509c3ca78438
Signed-off-by: Neale Ranns <nranns@cisco.com>
|
|
Change-Id: I32b30210c2f1aec10a1b614d04f427662326a3d2
Signed-off-by: Matus Fabian <matfabia@cisco.com>
|
|
Change-Id: Ifb4d23059b7989c32a52eaf0c25c275b35e83010
Signed-off-by: Matus Fabian <matfabia@cisco.com>
|
|
dpdk-input was dropping packets with bad ip-checksum on l2 interfaces
Change-Id: Ife5b52766bb71e878b1da6e94ae7b8a1e59fc478
Signed-off-by: Eyal Bari <ebari@cisco.com>
|
|
(re-)applied
There were several discussions in which users would expect the sessions to be deleted
if the new policy after the change does not permit them.
There is no right or wrong answer to this question - it is a policy decision.
This patch implements an idea to approach this. It uses a per-interface-per-direction counter to designate
a "policy epoch" - a period of unchanging rulesets. The moment one removes or adds an ACL applied to
an interface, this counter increments.
The newly created connections inherit the current policy epoch in a given direction.
Likewise, this counter increments if anyone updates an ACL applied to an interface.
There is also a new (so far hidden) CLI "set acl-plugin reclassify-sessions [0|1]"
(with default being 0) which allows to enable the checking of the existing sessions
against the current policy epoch in a given direction.
The session is not verified unless there is traffic hitting that session
*in the direction of the policy creation* - if the epoch has changed,
the session is deleted and within the same processing cycle is evaluated
against the ACL rule base and recreated - thus, it should allow traffic-driven
session state refresh without affecting the connectivity for the existing sessions.
If the packet is coming in the direction opposite to which the session was initially
created, the state adjustment is never done, because doing so generically
is not really possible without diving too deep into the special cases,
which may or may not work.
Change-Id: I9e90426492d4bd474b5e89ea8dfb75a7c9de2646
Signed-off-by: Andrew Yourtchenko <ayourtch@gmail.com>
|
|
Coverity has started whining about uint32_t missing in this .h
Change-Id: I57992121c0593d6a0ada35917802d0300cf91259
Signed-off-by: Chris Luke <chrisy@flirble.org>
|
|
Do fast-rate if we are not yet synchronized with the partner.
Stop sending LACP updates as a flash in the worker thread. Just expire the
timer and let the lacp_process handle sending LACP PDU.
Change-Id: I8b36fe74e752e7f45bd4a8d70512c0341cc197a1
Signed-off-by: Steven <sluong@cisco.com>
|
|
xd->flags is set incorrectly when a slave link is down in bonded interface mode.
This can result in VPP crash when data traffic flows to the interface.
Change-Id: Ideb9f5231db1211e8452c52fde646d681310c951
Signed-off-by: Steve Shin <jonshin@cisco.com>
|
|
Static mapping is not deleted from resolution vector after address is set on
interface.
Change-Id: Ib7c45ca2e307123d101248c5a1b17d130ac32cd0
Signed-off-by: Matus Fabian <matfabia@cisco.com>
|
|
Change-Id: I9a0105aa2373bd4db218851b1bbee50c6b6dfc7d
Signed-off-by: Damjan Marion <damarion@cisco.com>
|
|
worker (VPP-1213)
Change-Id: I8e0c7ed2ff462b9ab59c233f56be262ec03c29ff
Signed-off-by: Matus Fabian <matfabia@cisco.com>
|
|
- autosize the ACL plugin heap size based on the number of workers
- for manual heap size setting, use the proper types (uword),
and proper format/unformat functions (unformat_memory_size)
Change-Id: I7c46134e949862a0abc9087d7232402fc5a95ad8
Signed-off-by: Andrew Yourtchenko <ayourtch@gmail.com>
|
|
private header size allows to reserve firs X bytes of payload to be
considered as private metadata. For now we just support value 0
but adding this field to address future needs without changing protocol
version.
Change-Id: Id77336584c0194a303b20210aff584c7372cba01
Signed-off-by: Damjan Marion <damarion@cisco.com>
|
|
Changes the source of the l3 offset to a more
proper one, same as I5d9f41599ba8d8eb14ce2d9d523f82ea6e0fd10d.
Change-Id: I5ff05d7d89507ecb378a2bd62f5b149189ca9e99
Signed-off-by: Szymon Sliwa <szs@semihalf.com>
|
|
until it is needed
Registering ACL plugin user module within the "ACL as a service" infra during the plugin init
causes an unnecesary ACL heap allocation and prevents the changing of the ACL heap size
from the startup config.
Defer this registration until just before it is needed - i.e. when applying an ACL to
an interface.
Change-Id: Ied79967596b3b76d6630f136c998e59f8cdad962
Signed-off-by: Andrew Yourtchenko <ayourtch@gmail.com>
|
|
Change-Id: If168a9c54baaa516ecbe78de2141f11c17aa2f53
Signed-off-by: Damjan Marion <damarion@cisco.com>
|
|
When a user session is allocated/reused, only increase
one of the session counters for that user if the counters
are below the per-user limit.
THis addresses a SEGV that arises after the following
sequence of events:
- an outside interface IP address is put in a pool
- a user exceeds the number of per-user translations by
an amount greater than the number of per-user translations
(nsessions + nstaticsessions > 100 + 100)
- the outside interface IP address is deleted and then added
again (observed when using DHCP client, likely happens if
address changed via CLI, API also)
- the user sends more packets that should be translated
When nsessions is > the per-user limit,
nat_session_alloc_or_recycle() reclaims the oldest existing
user session. When an outside address is deleted, the
corresponding user sessions are deleted. If the counters were
far above the per-user limit, the deletions wouldn't result
in the counters dropping back below the limit. So no session
could be reclaimed -> SEGV.
Change-Id: I940bafba0fd5385a563e2ce87534688eb9469f12
Signed-off-by: Matthew Smith <mgsmith@netgate.com>
|
|
- allow to optionally specify the specific MACIP ACL index:
'show acl-plugin macip acl [index N]'
- after showing the MACIP ACL, show the sw_if_index of
interface(s) where it is applied.
Also, add some executions of this debug commands
to the MACIP test case for easy verification.
Change-Id: I56cf8272abc20b1b2581b60d528d27a70d186b18
Signed-off-by: Andrew Yourtchenko <ayourtch@gmail.com>
|
|
The functions which get called by other plugins need to set the acl plugin heap,
such that the other plugins do not have to think about it.
Change-Id: I673073f17116ffe444c163bf3dff40821d0c2686
Signed-off-by: Andrew Yourtchenko <ayourtch@gmail.com>
|
|
Change-Id: I3e4bbfe205c86cb0839dd5c542f083dbe6bea881
Signed-off-by: Matus Fabian <matfabia@cisco.com>
|
|
Change-Id: Ic2eddc803f9ba8215e37388a686004830211cf6f
Signed-off-by: Neale Ranns <neale.ranns@cisco.com>
|
|
Change-Id: Iacb32e6e855f7b77108154d956ef27ee141bbde0
Signed-off-by: Dave Barach <dave@barachs.net>
|
|
This reverts commit 378ac0533e5ac8c3121d8f66ba61a8548e55282f.
Change-Id: If34b1c964453adb0e4c44e3eab4f6e306bd9c9e9
Signed-off-by: Damjan Marion <damarion@cisco.com>
|
|
other plugins
This code implements the functionality required for other plugins wishing
to perform ACL lookups in the contexts of their choice, rather than only
in the context of the interface in/out.
The lookups are the stateless ACLs - there is no concept of "direction"
within the context, hence no concept of "connection" either.
The plugins need to include the
The file acl_lookup_context.md has more info.
Change-Id: I91ba97428cc92b24d1517e808dc2fd8e56ea2f8d
Signed-off-by: Andrew Yourtchenko <ayourtch@gmail.com>
|
|
Change-Id: Ia0f659b810f2c79b1a6c98ce566a86ce413c7448
Signed-off-by: Mohsin Kazmi <sykazmi@cisco.com>
|
|
Do not translate packet which go out via nat44-in2out-output and was tranlated
in nat44-out2in before. On way back forward packet to nat44-in2out node.
Change-Id: I934d69856f0178c86ff879bc691c9e074b8485c8
Signed-off-by: Matus Fabian <matfabia@cisco.com>
|
|
In version 1 of the protocol sender was always ring producer and
receiver was consumer. In version 2 slave is always producer,
and in case of master-to-slave rings, slave is responsible for
populating ring with empty buffers.
As this is major change, we need to bump version number.
In addition, descriptor size is reduced to 16 bytes.
This change allows zero-copy-slave operation (to be privided in the separate
patch).
Change-Id: I02115d232f455ffc05c0bd247f7d03f47252cfaf
Signed-off-by: Damjan Marion <damarion@cisco.com>
Signed-off-by: Jakub Grajciar <jgrajcia@cisco.com>
|
|
- Show interface on which given MACIP ACL is applied
- index is added for show acl-plugin macip acl:
ex) show acl-plugin macip acl [index N]
Change-Id: I3e888c8e3267060fe157dfc1bbe3e65371bd858a
Signed-off-by: Steve Shin <jonshin@cisco.com>
|
|
Add bonding driver to support creation of bond interface which composes of
multiple slave interfaces. The slave interfaces could be physical interfaces,
or just any virtual interfaces. For example, memif interfaces.
The syntax to create a bond interface is
create bond mode <lacp | xor | acitve-backup | broadcast | round-robin>
To enslave an interface to the bond interface,
enslave interface TenGigabitEthernet6/0/0 to BondEthernet0
Please see src/plugins/lacp/lacp_doc.md for more examples and additional
options.
LACP is a control plane protocol which manages and monitors the status of
the slave interfaces. The protocol is part of 802.3ad standard. This patch
implements LACPv1. LACPv2 is not supported.
To enable LACP on the bond interface, specify "mode lacp" when the bond
interface is created. The syntax to enslave a slave interface is the same as
other bonding modes.
Change-Id: I06581d3b87635972f9f0e1ec50b67560fc13e26c
Signed-off-by: Steven <sluong@cisco.com>
|
|
Change-Id: If9d7b266c4b49d4e7810ebc7d18fa154532d0322
Signed-off-by: Neale Ranns <nranns@cisco.com>
|