summaryrefslogtreecommitdiffstats
path: root/src/vat
AgeCommit message (Collapse)AuthorFilesLines
2017-10-28session: rules tablesFlorin Coras1-3/+96
This introduces 5-tuple lookup tables that may be used to implement custom session layer actions at connection establishment time (session layer perspective). The rules table build mask-match-action lookup trees that for a given 5-tuple key return the action for the first longest match. If rules overlap, ordering is established by tuple longest match with the following descending priority: remote ip, local ip, remote port, local port. At this time, the only match action supported is to forward packets to the application identified by the action. Change-Id: Icbade6fac720fa3979820d50cd7d6137f8b635c3 Signed-off-by: Florin Coras <fcoras@cisco.com>
2017-10-26session: swap appns secret to host byte orderFlorin Coras1-1/+1
Change-Id: I355433e0f07b328c441ed642705b31ca5157fabe Signed-off-by: Florin Coras <fcoras@cisco.com>
2017-10-26Allow IPsec interface to have SAs resetMatthew Smith1-0/+54
Make it easier to integrate with external IKE daemon. IPsec interfaces can have one or both SAs replaced after creation. This allows for the possibility of setting a new child SA on an interface when rekeying occurs. It also allows for the possibility of creating an interface ahead of time and updating the SA when parameters that are negotiated during IKE exchange become known. Change-Id: I0a31afdcc2bdff7098a924a51abbc58bdab2bd08 Signed-off-by: Matthew Smith <mgsmith@netgate.com>
2017-10-24Add extern to *_main global variable declarations in header files.Dave Wallace1-1/+1
- Global variables declared in header files without the use of the 'extern' keword will result in multiple instances of the variable to be created by the compiler -- one for each different source file in which the the header file is included. This results in wasted memory allocated in the BSS segments as well as potentially introducing bugs in the application. Change-Id: I6ef1790b60a0bd9dd3994f8510723decf258b0cc Signed-off-by: Dave Wallace <dwallacelf@gmail.com>
2017-10-20Add reverse DNS (ip to name) resolutionDave Barach1-3/+76
Change-Id: Ic531d820b1846ff7363e5c396ac0b1176e87b401 Signed-off-by: Dave Barach <dave@barachs.net>
2017-10-19Remove unused 'not_last' parameter from ip_add_del_routeMarek Gradzki1-4/+0
Vat supports setting value for the parameter, but 'not_last' is ignored by ip_add_del_route handler, so can be removed. This patch - updates ip.api, - removes vat handlers - updates vpp_papi_provider.py (also mpls_route_add_del with unused not_last) Change-Id: Ife15de123db4bc8247103a29b90bce1988e46534 Signed-off-by: Marek Gradzki <mgradzki@cisco.com>
2017-10-18CSIT-844: fix binary api rx pthread heap push/popDave Barach2-1/+14
We need to push/pop the rx pthread's heap without affecting other thread(s). Search clib_per_cpu_mheaps, locate an unused slot. Duplicate the main thread heap pointer in that slot, and set __os_thread_index appropriately. Miscellaneous cleanups. Print exec_inband results as a vector, instead of as a format string. Don't bail out of vpp_api_test with results pending, e.g. at the end of a vpp_api_test script. Even though vpp will eventuallly garbage-collect them, We don't want to leave allocated reply messages lurking in the api message allocation rings... Change-Id: I0e8a25d1ff0d3700249dc330d079db16c2fcbc55 Signed-off-by: Dave Barach <dave@barachs.net>
2017-10-17VPP-1032: fix coverity warningsDave Barach1-7/+7
Change-Id: Ic3a0c51e5408921051deaf2e50372d9654574b27 Signed-off-by: Dave Barach <dave@barachs.net>
2017-10-15Revert "Enforce FIB table creation before use"Florin Coras1-3/+19
This reverts commit f9342023c19887da656133e2688a90d70383b0c5. Reverting to unblock master. No idea why jjb +1ed this patch! On closer inspection it looks like it -1ed it and subsequently changed opinion. CSIT tests should be fixed before re-merging. Change-Id: I26608912a962c52083073e16c7c9d2cc44a3cc8d Signed-off-by: Florin Coras <fcoras@cisco.com>
2017-10-14Add API call to set keys on IPsec tunnel intfMatthew Smith1-0/+77
There was already a CLI command and a libvnet function to set the keys on an existing IPsec tunnel interface. Expose this via the API. Change-Id: I226a9616f680fc022f04447177a2e8232690657f Signed-off-by: Matthew Smith <mgsmith@netgate.com>
2017-10-13Enforce FIB table creation before useNeale Ranns1-19/+3
last i the serise of the use of the FIB table create/delete API. VPP now forces the tables to have been explicitly creted before they are used. Change-Id: Ifde3b1bbb76697a01ab71bce4f5264e6d1725467 Signed-off-by: Neale Ranns <nranns@cisco.com>
2017-10-13VPP-1027: DNS name resolverDave Barach1-5/+172
This patch is a plausible first-cut, suitable for initial testing by vcl (host stack client library). Main features; - recursive name resolution - multiple ip4/ip6 name servers - cache size limit enforcement - currently limited to 65K - ttl / aging - static mapping support - show / clear / debug CLI commands Binary APIs provided for the following: - add/delete name servers - enable/disable the name cache - resolve a name To Do list: - Respond to ip4/ip6 client DNS requests (vs. binary API requests) - Perf / scale tuning - map pending transaction ids to pool indices, so the cache can (greatly) exceed 65K entries - Security improvements - Use unpredictable dns transaction IDs, related to previous item - Make sure that response-packet src ip addresses match the server - Add binary APIs - deliver raw response data to clients - control recursive name resolution - Documentation Change-Id: I48c373d5c05d7108ccd814d4055caf8c75ca10b7 Signed-off-by: Dave Barach <dave@barachs.net>
2017-10-12LLDP: Add Management Address TLVSteve Shin1-2/+19
- Management Address TLV is added as per IEEE Std 802.1AB-2009. - Support of management ipv4/ipv6 addresses and OID. Change-Id: I57c14741774390809ce5a829cc087947424432c7 Signed-off-by: Steve Shin <jonshin@cisco.com>
2017-10-10session: add support for application namespacingFlorin Coras1-3/+55
Applications are now provided the option to select the namespace they are to be attached to and the scope of their attachement. Application namespaces are meant to: 1) constrain the scope of communication through the network by association with source interfaces and/or fib tables that provide the source ips to be used and limit the scope of routing 2) provide a namespace local scope to session layer communication, as opposed to the global scope provided by 1). That is, sessions can be established without assistance from transport and network layers. Albeit, zero/local-host ip addresses must still be provided in session establishment messages due to existing application idiosyncrasies. This mode of communication uses shared-memory fifos (cut-through sessions) exclusively. If applications request no namespace, they are assigned to the default one, which at its turn uses the default fib. Applications can request access to both local and global scopes for a namespace. If no scope is specified, session layer defaults to the global one. When a sw_if_index is provided for a namespace, zero-ip (INADDR_ANY) binds are converted to binds to the requested interface. Change-Id: Ia0f660bbf7eec7f89673f75b4821fc7c3d58e3d1 Signed-off-by: Florin Coras <fcoras@cisco.com>
2017-10-10punt and drop features:Neale Ranns1-4/+4
- new IPv4 and IPv6 feature arcs on the punt and drop nodes - new features: - redirect punted traffic to an interface and nexthop - police punted traffic. Change-Id: I53be8bf4e06545add8a3619e462de5ffedd0a95c Signed-off-by: Neale Ranns <nranns@cisco.com>
2017-10-06Initial GENEVE TUNNEL implementation and tests.Marco Varlese1-0/+377
Notes on this first implementation: * First version of the implementation does NOT support GENEVE OPTIONS HEADER: it isn't well understood what the purpose of the OPTIONS will be and/or what content would be placed in the variable option data; Once the IETF work will evolve and further information will be available it could be possible to modify the frame rewrite to contemplate the actual GENEVE OPTIONS. Change-Id: Iddfe6f408cc45bb0800f00ce6a3e302e48a4ed52 Signed-off-by: Marco Varlese <marco.varlese@suse.com>
2017-10-04[aarch64] Fixes CLI crashes on dpaa2 platform.Christophe Fontaine1-1/+1
- always use 'va_args' as pointer in all format_* functions - u32 for all 'indent' params as it's declaration was inconsistent Change-Id: Ic5799309a6b104c9b50fec309cba789c8da99e79 Signed-off-by: Christophe Fontaine <christophe.fontaine@enea.com>
2017-10-04Add API support to dump IPsec SAsMatthew Smith1-0/+117
Add an API request message type to dump IPsec SAs. Either all IPsec SAs can be dumped or it can be limited to a single SA ID (numeric ID set at creation time - not an index). Add a handler for incoming messages with the new request type. Add an API response message type containing the data for an IPsec SA. Add VAT support for new message type. Change-Id: Id7828d000efc637dee7f988a87d3f707a8b466b7 Signed-off-by: Matthew Smith <mgsmith@netgate.com>
2017-10-03Repair vlib API socket serverDave Barach3-125/+297
- Teach vpp_api_test to send/receive API messages over sockets - Add memfd-based shared memory - Add api messages to create memfd-based shared memory segments - vpp_api_test supports both socket and shared memory segment connections - vpp_api_test pivot from socket to shared memory API messaging - add socket client support to libvlibclient.so - dead client reaper sends ping messages, container-friendly - dead client reaper falls back to kill (<pid>, 0) live checking if e.g. a python app goes silent for tens of seconds - handle ping messages in python client support code - teach show api ring about pairwise shared-memory segments - fix ip probing of already resolved destinations (VPP-998) We'll need this work to implement proper host-stack client isolation Change-Id: Ic23b65f75c854d0393d9a2e9d6b122a9551be769 Signed-off-by: Dave Barach <dave@barachs.net> Signed-off-by: Dave Wallace <dwallacelf@gmail.com> Signed-off-by: Florin Coras <fcoras@cisco.com>
2017-09-27LISP: add API handlers for set/get transport protocolFilip Tehlar1-0/+132
Change-Id: Ib675164c475edcdbe3013df7b847adf5e050c53f Signed-off-by: Filip Tehlar <ftehlar@cisco.com>
2017-09-25Fix usage string for vatJerome Tollet1-1/+2
Change-Id: Idad65cbb3765500a66f1097126076a2c5fdb4f1b Signed-off-by: Jerome Tollet <jtollet@cisco.com>
2017-09-19LISP: support for neighbor discoveryFilip Tehlar1-0/+233
Change-Id: I0f1a051dd3b5786dc7c457bc6fc7ce4fcd0f530c Signed-off-by: Filip Tehlar <ftehlar@cisco.com>
2017-09-15Update of free text tag patch for BDJerome Tollet1-3/+20
Change-Id: Ia886ff2bfa2cf33ffbaa35ec89494d4300ec2769 Signed-off-by: Jerome Tollet <jtollet@cisco.com>
2017-08-17TCP source address automationDave Barach1-3/+73
- v6 support - Non-default VRF ID collection - Break up ip source address list into CLI + API-friendly functions - Automate proxy arp / proxy nd configuration - Automate local adjacency insertion - Binary API support Change-Id: Iede31184f65cc1ec8c414447d2d60a1334e3fe15 Signed-off-by: Dave Barach <dave@barachs.net>
2017-08-14FIB table add/delete API onlyNeale Ranns1-0/+104
commit only the addition of the .api definition and their invocation through VAT so CSIT can use it Change-Id: Id510f14b1ce007fe5e92120507ea34100652fc64 Signed-off-by: Neale Ranns <nranns@cisco.com>
2017-08-11Dedicated SW Interface EventNeale Ranns1-11/+6
Change-Id: I06a10a4291e61aec3f1396d2514ed6fe3901897a Signed-off-by: Neale Ranns <neale.ranns@cisco.com> Signed-off-by: Marek Gradzki <mgradzki@cisco.com>
2017-08-08L2 over MPLSNeale Ranns1-8/+9
[support for VPWS/VPLS] - switch to using dpo_proto_t rather than fib_protocol_t in fib_paths so that we can describe L2 paths - VLIB nodes to handle pop/push of MPLS labels to L2 Change-Id: Id050d06a11fd2c9c1c81ce5a0654e6c5ae6afa6e Signed-off-by: Neale Ranns <nranns@cisco.com>
2017-08-07LISP: Map-server fallback featureFilip Tehlar1-0/+94
Change-Id: I1356296e1a85b5d532f45ba70572b2184ac3f6fb Signed-off-by: Filip Tehlar <ftehlar@cisco.com>
2017-08-03Add support for API client to receive L2 MAC eventsJohn Lo1-7/+79
Added APIs want_l2_macs_events and l2_macs_event to allow an API client to receive notification events from VPP for MAC learned or aged in L2FIB. Only one API client is allowed for L2 MAC events. The want_l2_macs_events API allow caller to specify MAC learn limit, event scan delay and max number of MACs that can be included in a event message. These parameters should be choosen properly as to not have too many MAC events sent by VPP and overwhelm the API share memory. They can all be left as 0's so VPP will setup reasonable defaults which are: 1000 learn limit, 100 msec scan delay and 100 MACs per event message. If want_l2_macs_events is never called, VPP learning and aging should behave as before except that MAC entries provisioned by API or CLI will not be aged, even if it is not set as static_mac. These non static MACs, however, can be overwritten by MAC learning on a MAC move as a leared MAC. Only learned MACs are subject to aging. Change-Id: Ia3757a80cf8adb2811a089d2eafbd6439461285c Signed-off-by: John Lo <loj@cisco.com>
2017-08-02LISP: make TTL for map register messages configurableFilip Tehlar1-0/+95
Change-Id: I38e1c6a6b033e12ef3f4345a1deff73fa4adbea0 Signed-off-by: Filip Tehlar <ftehlar@cisco.com>
2017-08-01P2P EthernetPavel Kotucek1-5/+12
Change-Id: Idb97e573961b3bc2acdeef77582314590795f8c3 Signed-off-by: Pavel Kotucek <pkotucek@cisco.com>
2017-08-01SPAN/API:enable L2 dumpEyal Bari1-1/+12
Change-Id: Icea1dff33aae35a85ae1a7ed1900a0abb3fe4b6b Signed-off-by: Eyal Bari <ebari@cisco.com>
2017-07-24SPAN:add l2 mirrorEyal Bari1-1/+5
added span feature nodes for l2-input / l2-output Change-Id: Ib6e0ce60d0811901b6edd70209e6a4c4a35cd8ff Signed-off-by: Eyal Bari <ebari@cisco.com>
2017-07-05Add API support for LLDP config/interface setSteve Shin1-3/+92
Add API methods to configure LLDP and set interface to enable/disable. Also add port description TLV for LLDP. Change-Id: Ib959d488c2ab8a0069f143558871f41fcc43a5d3 Signed-off-by: Steve Shin <jonshin@cisco.com>
2017-06-25VPP crash on creating vxlan gpe interface. VPP-875Hongjun Ni1-11/+97
Change-Id: I6b19634ecb03860a7624d9408e09b52e95f47aef Signed-off-by: Hongjun Ni <hongjun.ni@intel.com>
2017-06-16Fix vni/dp_table endianness for gpe iface addition (VPP-882)Florin Coras1-2/+2
Change-Id: I2b78dad740b67fc05b0e2cf9c180809bc0962cd5 Signed-off-by: Florin Coras <fcoras@cisco.com>
2017-06-15Add VAT handlers for LISP-GPE APIFilip Tehlar1-0/+199
Change-Id: Id1139533c41cabef48394b5d79750608e0b74179 Signed-off-by: Filip Tehlar <ftehlar@cisco.com>
2017-06-08LISP: add NSH supportFilip Tehlar1-8/+172
Change-Id: I971c110ed126f1a24a963f9d3b88cf8f8c308816 Signed-off-by: Filip Tehlar <ftehlar@cisco.com>
2017-06-08P2P Ethernet - APIPavel Kotucek1-3/+104
API for P2P Ethernet feature Change-Id: Id0280f42b9ce2428262e79c4dc309595037cd10e Signed-off-by: Pavel Kotucek <pkotucek@cisco.com>
2017-06-05LISP-GPE: return index of newly created fwd entry, VPP-868Filip Tehlar1-1/+33
Change-Id: I4fc45097cb994ab6a59503d9fcfb693d1c7ec442 Signed-off-by: Filip Tehlar <ftehlar@cisco.com>
2017-05-30LISP: L2 ARP handlingFilip Tehlar1-0/+233
Change-Id: I1ec328cda73f7eaf7867cd8a2a17852ee0cd23f1 Signed-off-by: Filip Tehlar <ftehlar@cisco.com>
2017-05-22vhost: migrate to use device infra for worker thread assignment, rx-mode.Steven1-62/+5
and add adaptive mode support to receive queue - Migrate vhost to use device infra which does the interface/queue to worker thread assignment. - Retire vhost thread CLI and corresponding code which assigns interface/queue to worker thread. set interface placement should be used instead to customize the interface/queue to worker thread assignment. - Retire vhost interrupt/polling option when creating vhost-user interface. Instead, set interface rx-mode should be used. - Add code in vnet_device_input_unassign_thread to change the node state to interrupt if the last polling interface has left the worker thread for the device of the corresponding interface/queue. - Add adaptive mode support. The node state is set to interrupt initially. When the scheduler detects a burst of traffic, it switches the input node to polling. Then we inform the device that we don't need interrupt notification. When the traffic subsides, the scheduler switches the input node back to interrupt. Then we immediately tell the driver that we want interrupt notification again. - Remove some duplicate code in vlib/main.c Change-Id: Id19bb1b9e50e6521c6464f470f5825c26924d3a8 Signed-off-by: Steven <sluong@cisco.com>
2017-05-22LISP-GPE: add dump call for VNIs in useFilip Tehlar1-0/+75
Change-Id: I394af7c1ac9fd0177ff5d298e4008245df54b436 Signed-off-by: Filip Tehlar <ftehlar@cisco.com>
2017-05-20API: Cleaning up message naming that does not follow the conventionsOle Troan1-55/+59
is_address_reachable - Disabled so deleted cli_request - Renamed to cli vnet_summary_stats_reply - Renamed to vnet_get_summary_stats_reply bridge_domain_sw_if_details - Deleted, incorporated in main message l2_fib_table_entry - Renamed to l2_fib_table_details Change-Id: I93b7e8769a3ba7b4989b3c270270f575f386464f Signed-off-by: Ole Troan <ot@cisco.com> Signed-off-by: Marek Gradzki <mgradzki@cisco.com> Signed-off-by: Ole Troan <ot@cisco.com>
2017-05-15Fix vnet_interface_counters API definitionAloys Augustin1-31/+45
The api specification had u8 as data type, which caused the python binding to fail. Fixes VPP-642 Change-Id: I9ba97959740d44c8f4a12db9356d0d1bcd709a73 Signed-off-by: Aloys Augustin <aloys.augustin@polytechnique.org> Signed-off-by: Ole Troan <ot@cisco.com>
2017-05-09Fix remaining 32-bit compile issuesDamjan Marion1-5/+5
Change-Id: I9664214652229b663c3e3ba7406b4ede96bfb123 Signed-off-by: Damjan Marion <damarion@cisco.com>
2017-05-09API support for IPsec tunnel interface creationMatthew Smith1-0/+134
Change-Id: I8c9f886cb95e92adbe1c646844789ca0a6bb6140 Signed-off-by: Matthew Smith <mgsmith@netgate.com>
2017-05-09Add missing format_ip6_address() functions to plugin_api.Jon Loeliger2-0/+78
Specifically, the ACL plugin needed format_ip6_address() and the ip46 variant as well. Change-Id: Iec35b8acd4cab4bcbc73053dcca2ee91bd9c72cd Signed-off-by: Jon Loeliger <jdl@netgate.com>
2017-04-13LISP: make statistics thread safeFilip Tehlar1-0/+15
Change-Id: I056dc6246f79d887d69ad459a6b8b3092a099baa Signed-off-by: Filip Tehlar <ftehlar@cisco.com>
2017-04-07MPLS McastNeale Ranns1-56/+77
1 - interface-DPO Used in the Data-plane to change a packet's input interface 2 - MPLS multicast FIB entry Same as a unicast entry but it links to a replicate not a load-balance DPO 3 - Multicast MPLS tunnel Update MPLS tunnels to use a FIB path-list to describe the endpoint[s]. Use the path-list to generate the forwarding chain (DPOs) to link to . 4 - Resolve a path via a local label (of an mLDP LSP) For IP multicast entries to use an LSP in the replication list, we need to decribe the 'resolve-via-label' where the label is that of a multicast LSP. 5 - MPLS disposition path sets RPF-ID For a interface-less LSP (i.e. mLDP not RSVP-TE) at the tail of the LSP we still need to perform an RPF check. An MPLS disposition DPO performs the MPLS pop validation checks and sets the RPF-ID in the packet. 6 - RPF check with per-entry RPF-ID An RPF-ID is used instead of a real interface SW if index in the case the IP traffic arrives from an LSP that does not have an associated interface. Change-Id: Ib92e177be919147bafeb599729abf3d1abc2f4b3 Signed-off-by: Neale Ranns <nranns@cisco.com>