Age | Commit message (Collapse) | Author | Files | Lines |
|
Change-Id: I8cbd1eac80ae4aeb173d02786e9ccf3b4877304d
Signed-off-by: Damjan Marion <damarion@cisco.com>
|
|
Scan IPv4 and IPv6 neigbor pool entries once a minute to keep them
up to date. The neighbor of an entry is probed if its time-stamp
is older than 1 minute. If the neighbor respond, its time-stamp
will be updated. If there is no response from a neighbor, its
entry will be deleted when the time-stamp of the entry become more
than 4 minutes old. Static neighbor entries are not probed nor
deleted.
Implemented CLI and API to enable and disable priodic scan of IPv4,
IPv6 or both types of IP neighbors. CLI is "ip scan-neighbor" and
API is "ip_scan_neighbor_enable_disable". Other IP neighbor scan
parameters can also be changed from their defaults via the CLI/API.
Change-Id: Id1a0a934ace15d03db845aa698bcbb9cdabebfcd
Signed-off-by: John Lo <loj@cisco.com>
|
|
Change-Id: Ibea4a96bdec5e368301a03d8b11a0712fa0265e0
Signed-off-by: Damjan Marion <damarion@cisco.com>
|
|
Change-Id: I9363cf54b73f7cfd8622af6f1cb250438ea0d3b6
Signed-off-by: Ole Troan <ot@cisco.com>
|
|
Use device-input and interface-output feautre arcs to collect unicast, multicast
and broadcast states for RX and TX resp. Since these feature arcs are present only
for 'physical' interfaces (i.e. not su-interfaces) counter collection is supported
only on parent interface types.
Change-Id: I915c235e336b0fc3a3c3de918f95dd674e4e0e4e
Signed-off-by: Neale Ranns <nranns@cisco.com>
Signed-off-by: Mohsin Kazmi <sykazmi@cisco.com>
|
|
Add bonding driver to support creation of bond interface which composes of
multiple slave interfaces. The slave interfaces could be physical interfaces,
or just any virtual interfaces. For example, memif interfaces.
The syntax to create a bond interface is
create bond mode <lacp | xor | acitve-backup | broadcast | round-robin>
To enslave an interface to the bond interface,
enslave interface TenGigabitEthernet6/0/0 to BondEthernet0
Please see src/plugins/lacp/lacp_doc.md for more examples and additional
options.
LACP is a control plane protocol which manages and monitors the status of
the slave interfaces. The protocol is part of 802.3ad standard. This patch
implements LACPv1. LACPv2 is not supported.
To enable LACP on the bond interface, specify "mode lacp" when the bond
interface is created. The syntax to enslave a slave interface is the same as
other bonding modes.
Change-Id: I06581d3b87635972f9f0e1ec50b67560fc13e26c
Signed-off-by: Steven <sluong@cisco.com>
|
|
The interpose source allows the source/provider to insert/interpose
a DPO in the forwarding chain of the FIB entry ahead of the forwarding
provided by the next best source. For example if the API source (i.e
the 'control plane') has provided an adjacency for forwarding, then
an interpose source (e.g. a monitoring service) couold interpose a
replicatte DPO to copy the traffic to another location AND forward
using the API's adjacency.
To use the interose feature an existing source (i.e FIB_SOURCE_PLUGIN_HI)
cn specifiy as a flag FIB_ENTRY_FLAG_INTERPOSE and provide a DPO to
interpose. One might also consider using interpose in conjunction with
FIB_ENTRY_FLAG_COVER_INHERIT to ensure the interpose object affects
all prefixes in the sub-tree.
Change-Id: I8b2737b985f8f7c08123406d0491881def347b52
Signed-off-by: Neale Ranns <nranns@cisco.com>
|
|
Change-Id: Ice041610c23563ead13019216516aff23b7775b9
Signed-off-by: Matus Fabian <matfabia@cisco.com>
|
|
Change-Id: Ie5a50def4ec1e4a3b3404a8b6ab9ec248bc16744
Signed-off-by: Neale Ranns <nranns@cisco.com>
|
|
Change-Id: I4b5b60e7c6f618bb935eab1e96a2e79bbb14f58f
Signed-off-by: Juraj Sloboda <jsloboda@cisco.com>
|
|
Change-Id: I0b1237db541b752393483496ea19dec55799454e
Signed-off-by: Jon Loeliger <jdl@netgate.com>
|
|
Change-Id: I166301c9e2388bae5f70ec0179d663a2703e27f5
Signed-off-by: Ole Troan <ot@cisco.com>
|
|
Change-Id: I8f6fdbbeef2ac7e9fe5d87490ae5cba6e9a0b294
Signed-off-by: Neale Ranns <nranns@cisco.com>
|
|
Add a binary API and debug cli to enable/disable cdp. cdp is disabled
by default.
Change-Id: I307c7e38dfda38e36ff3325f65de7036c34d89b1
Signed-off-by: Dave Barach <dave@barachs.net>
|
|
- add infra for pluggable tls "engines"
- makes mbedtls specific code a plugin
Change-Id: I2c5b099e2b69d2be0038e3ef02b208ff907727e7
Signed-off-by: Florin Coras <fcoras@cisco.com>
|
|
- IPv6 link local table is a per-SW interface array of IPv6 unicast FIBs
- the per-interface ocst is sizeof(fib_table_t) which is small,
w.r.t. the cost of an interface
- FE80::/10 in the 'global' table points to a DPO that performs a lookup in the
input interface's LL fib.
Change-Id: Ice834b25ebeeacb2e929d7c864d7ec8c09918cbe
Signed-off-by: Neale Ranns <neale.ranns@cisco.com>
|
|
It consists of two main parts. First, add an application transport type
whereby applications can offer transport to other applications. For
instance, a tls app can offer transport services to other applications.
And second, a tls transport app that leverages the mbedtls library for
tls protocol implementation.
Change-Id: I616996c6e6539a9e2368fab8a1ac874d7c5d9838
Signed-off-by: Florin Coras <fcoras@cisco.com>
|
|
This patch adds an API to add a sub-connection following a SRC/DST IP
mapping as required by the RFC4960.
At the same time, it changes the way the next available sub-connection
is being calculated: rather than having an index in the parent
connection which is prone to many issues at run-time, the next available
sub-connection is being calculated by looking at the state of the set
sub-connections and if marked as DOWN it means that is an available slot
to be used.
Change-Id: I662be6a247bfbbe8bf9aaf3f485183c07ef862fe
Signed-off-by: Marco Varlese <marco.varlese@suse.com>
|
|
Change-Id: Ieb6b7a75fa23c8142ae15f42cd3a703253f39e10
Signed-off-by: Dave Barach <dave@barachs.net>
|
|
For implementation of MACIP ACLs enhancement (VPP-1088), an outbound
classifier-based ACL would be needed. There was an existing incomplete
code for outbound ACLs, it looked almost exact copy of input ACLs, minus
the various enhancements, trying to sync that code seemed error-prone
and cumbersome to maintain in the longer run.
This change refactors the input+output ACLs processing into a unified
routine (thus any changes will have effect on both), and also adds
the API to set the output interface ACL, with the same format
and semantics as the existing input one (except working on output
ACL of course).
WARNING: IP outbound ACL in L3 mode clobbers the ip.* fields
in the vnet_buffer_opaque_t, since the code is using l2_classify.*
The net_buffer (p0)->ip.save_rewrite_length is rescued into
l2_classify.pad.l2_len, and used to rewind the header in case of
drop, so that ipX_drop prints something sensible.
Change-Id: I62f814f1e3650e504474a3a5359edb8a0a8836ed
Signed-off-by: Andrew Yourtchenko <ayourtch@gmail.com>
|
|
Change-Id: Ic5dcadd13c88b8a5e7896dab82404509c081614a
Signed-off-by: Klement Sekera <ksekera@cisco.com>
|
|
This consolidates builtin apps under session-apps folder. It also
removes duplicate builtin echo server/client implementations.
Change-Id: I75ed879399c5aa9b75b1eb38b33aedf69dd8df3f
Signed-off-by: Florin Coras <fcoras@cisco.com>
|
|
== CONTENT ==
* SCTP chunks definition as per RFC4960;
* Helper functions to set/get values to/from the corresponding chunks;
* Hooks to the session/application layers;
* Complete state-machine handling;
* Implementation for unexpected chunk received in a certain
state (state-machine error handling)
* Support for 1-single connection;
* Sample application to test receive/transmit data-path;
* Test to validate SCTP stack;
Change-Id: I1b55c455ab400be9513f4e094dadfc3181d2ebc9
Signed-off-by: Marco Varlese <marco.varlese@suse.com>
|
|
DISCOVER message sent.
According to RFC2131:
In the case of a client using DHCP for initial configuration (before
the client's TCP/IP software has been completely configured), DHCP
requires creative use of the client's TCP/IP software and liberal
interpretation of RFC 1122. The TCP/IP software SHOULD accept and
forward to the IP layer any IP packets delivered to the client's
hardware address before the IP address is configured; DHCP servers
and BOOTP relay agents may not be able to deliver DHCP messages to
clients that cannot accept hardware unicast datagrams before the
TCP/IP software is configured.
To work around some clients that cannot accept IP unicast datagrams
before the TCP/IP software is configured as discussed in the previous
paragraph, DHCP uses the 'flags' field [21]. The leftmost bit is
defined as the BROADCAST (B) flag. The semantics of this flag are
discussed in section 4.1 of this document. The remaining bits of the
flags field are reserved for future use. They MUST be set to zero by
clients and ignored by servers and relay agents. Figure 2 gives the
format of the 'flags' field.
this changes means VPP conforms to the:
"SHOULD accept and forward to the IP layer any IP packets delivered
to the client's hardware address before the IP address is configured"
with the caveat that VPP allows DHCP packets destined to the stanard client
DHCP port to be delivered. With this enhancement the control-plane is now
able to choose the setting of the broadcast flag.
Change-Id: Ia4eb2c9bb1e30c29f9192facc645e9533641955a
Signed-off-by: Neale Ranns <nranns@cisco.com>
|
|
Change-Id: Icde296e956eb89ea3a17d547f04a833916ec6440
Signed-off-by: Florin Coras <fcoras@cisco.com>
|
|
- rename l2_bridged to is_dvr. Including on the ip.api
this was new in the 18.01 release so no compatability issues.
- steal the free space in vnet_buffer_opaque_t for use with flags.
- run the ipX-output feature arc from the DVR DPO
Change-Id: I040e5976d1dbe076fcdda3a40a7804f56337ce3f
Signed-off-by: Neale Ranns <nranns@cisco.com>
|
|
Change-Id: Iacfbaaa91ea8bd92790dec9fce567063bdbc5d64
Signed-off-by: Pablo Camarillo <pcamaril@cisco.com>
|
|
Change-Id: Ifa9966a27586a1a65038d069cf4a1e6e21a72d45
Signed-off-by: Florin Coras <fcoras@cisco.com>
|
|
as decsribed in section 2.2
ihttps://tools.ietf.org/html/draft-ietf-bier-mpls-encapsulation-10
with BIFT encoding from:
https://tools.ietf.org/html/draft-wijnandsxu-bier-non-mpls-bift-encoding-00
changes:
1 - introduce the new BIFT lookup table. BIER tables that have an associated
MPLS label are added to the MPLS-FIB. Those that don't are added to the
BIER table
2 - BIER routes that have no associated output MPLS label will add a BIFT label.
3 - The BIER FMask has a path-list as a member to resolve via any possible path.
Change-Id: I1fd4d9dbd074f0e855c16e9329b81460ebe1efce
Signed-off-by: Neale Ranns <nranns@cisco.com>
|
|
Change-Id: Ic8b193e93ce18ca82b294816aa7ee0ef31d64bc2
Signed-off-by: Pierre Pfister <ppfister@cisco.com>
Signed-off-by: Hongjun Ni <hongjun.ni@intel.com>
|
|
virtio backend stays in vnet/devices/virtio
Change-Id: Idbf04f1c645a809ed408670ba330662859fe9309
Signed-off-by: Damjan Marion <damarion@cisco.com>
|
|
Change-Id: Ib091875f77ea99421aec0947fd17833c4e6d2ec2
Signed-off-by: Damjan Marion <damarion@cisco.com>
|
|
Change-Id: Ided667356d5c6fb9648eb34685aabd6b16a598b7
Signed-off-by: Damjan Marion <damarion@cisco.com>
Signed-off-by: Steven Luong <sluong@cisco.com>
|
|
Change-Id: Iec5804d768485f4015bbf732d8d19ef2f24e6939
Signed-off-by: “mukeshyadav1984” <mukyadav@cisco.com>
|
|
Change-Id: I0a6d1257e391c3b6f7da6498bd5f7d4c545d17e9
Signed-off-by: Damjan Marion <damarion@cisco.com>
|
|
- makes the VAPI generated file more consumable.
- VOM build times improve.
Change-Id: I838488930bd23a0d3818adfdffdbca3eead382df
Signed-off-by: Neale Ranns <neale.ranns@cisco.com>
|
|
Change-Id: I77c1da7ba3770637a3414226f7ade229b8b0d216
Signed-off-by: Florin Coras <fcoras@cisco.com>
|
|
- see draft-ietf-bier-mpls-encapsulation-10
- midpoint, head and tail functions
- supported payload protocols; IPv4 and IPv6 only.
Change-Id: I59d7363bb6fdfdce8e4016a68a9c8f5a5e5791cb
Signed-off-by: Neale Ranns <nranns@cisco.com>
|
|
A UDP-encap object that particiapates in the FIB graph and contributes
DPO to teh output chain. It thereofre resembles a tunnel but without the
interface. FIB paths (and henace routes) can then be created to egress
through the UDP-encap. Said routes can have MPLS labels, hence this also
allows MPLSoUPD.
Encap is uni-directional. For decap, one still registers with the UDP port
dispatcher.
Change-Id: I23bd345523b20789a1de1b02022ea1148ca50797
Signed-off-by: Neale Ranns <nranns@cisco.com>
|
|
Change-Id: I6eb0681cc2595f81ac3bf5ffa3e9b2adfff04a36
Signed-off-by: Dave Barach <dave@barachs.net>
|
|
Change-Id: I0b437ac5fecc81c7762d9cad0f33e977fcf3aa27
Signed-off-by: Neale Ranns <nranns@cisco.com>
|
|
This introduces 5-tuple lookup tables that may be used to implement
custom session layer actions at connection establishment time (session
layer perspective).
The rules table build mask-match-action lookup trees that for a given
5-tuple key return the action for the first longest match. If rules
overlap, ordering is established by tuple longest match with the
following descending priority: remote ip, local ip, remote port, local
port.
At this time, the only match action supported is to forward packets to
the application identified by the action.
Change-Id: Icbade6fac720fa3979820d50cd7d6137f8b635c3
Signed-off-by: Florin Coras <fcoras@cisco.com>
|
|
Change-Id: I4164c4c19c8dbfd73e6ddf94a12056325cc093b9
Signed-off-by: Neale Ranns <nranns@cisco.com>
Signed-off-by: Andrew Yourtchenko <ayourtch@gmail.com>
|
|
Use a proper u16 * vector to capture node indices, since vpp w/
plugins now exceeds 255 graph nodes
Change-Id: Ic48cad676fa3a6116413ddf08c083dd9660783f1
Signed-off-by: Dave Barach <dave@barachs.net>
|
|
Change-Id: I44d5c9df7c49b8d4d5677c6d319033b2da3e6b80
Signed-off-by: Florin Coras <fcoras@cisco.com>
|
|
This patch is a plausible first-cut, suitable for initial testing by
vcl (host stack client library).
Main features;
- recursive name resolution
- multiple ip4/ip6 name servers
- cache size limit enforcement
- currently limited to 65K
- ttl / aging
- static mapping support
- show / clear / debug CLI commands
Binary APIs provided for the following:
- add/delete name servers
- enable/disable the name cache
- resolve a name
To Do list:
- Respond to ip4/ip6 client DNS requests (vs. binary API requests)
- Perf / scale tuning
- map pending transaction ids to pool indices, so the cache
can (greatly) exceed 65K entries
- Security improvements
- Use unpredictable dns transaction IDs, related to previous item
- Make sure that response-packet src ip addresses match the server
- Add binary APIs
- deliver raw response data to clients
- control recursive name resolution
- Documentation
Change-Id: I48c373d5c05d7108ccd814d4055caf8c75ca10b7
Signed-off-by: Dave Barach <dave@barachs.net>
|
|
Applications are now provided the option to select the namespace they
are to be attached to and the scope of their attachement. Application
namespaces are meant to:
1) constrain the scope of communication through the network by
association with source interfaces and/or fib tables that provide the
source ips to be used and limit the scope of routing
2) provide a namespace local scope to session layer communication, as
opposed to the global scope provided by 1). That is, sessions can be
established without assistance from transport and network layers.
Albeit, zero/local-host ip addresses must still be provided in session
establishment messages due to existing application idiosyncrasies. This
mode of communication uses shared-memory fifos (cut-through sessions)
exclusively.
If applications request no namespace, they are assigned to the default
one, which at its turn uses the default fib. Applications can request
access to both local and global scopes for a namespace. If no scope is
specified, session layer defaults to the global one.
When a sw_if_index is provided for a namespace, zero-ip (INADDR_ANY)
binds are converted to binds to the requested interface.
Change-Id: Ia0f660bbf7eec7f89673f75b4821fc7c3d58e3d1
Signed-off-by: Florin Coras <fcoras@cisco.com>
|
|
- new IPv4 and IPv6 feature arcs on the punt and drop nodes
- new features:
- redirect punted traffic to an interface and nexthop
- police punted traffic.
Change-Id: I53be8bf4e06545add8a3619e462de5ffedd0a95c
Signed-off-by: Neale Ranns <nranns@cisco.com>
|
|
Notes on this first implementation:
* First version of the implementation does NOT support GENEVE OPTIONS
HEADER: it isn't well understood what the purpose of the OPTIONS will be and/or
what content would be placed in the variable option data;
Once the IETF work will evolve and further information will be available
it could be possible to modify the frame rewrite to contemplate the
actual GENEVE OPTIONS.
Change-Id: Iddfe6f408cc45bb0800f00ce6a3e302e48a4ed52
Signed-off-by: Marco Varlese <marco.varlese@suse.com>
|
|
This patch reworks the DPDK ipsec implementation including the cryptodev
management as well as replacing new cli commands for better usability.
For the data path:
- The dpdk-esp-encrypt-post node is not necessary anymore.
- IPv4 packets in the decrypt path are sent to ip4-input-no-checksum instead
of ip4-input.
The DPDK cryptodev cli commands are replaced by the following new commands:
- show dpdk crypto devices
- show dpdk crypto placement [verbose]
- set dpdk crypto placement (<device> <thread> | auto)
- clear dpdk crypto placement <device> [<thread>]
- show dpdk crypto pools
Change-Id: I47324517ede82d3e6e0e9f9c71c1a3433714b27b
Signed-off-by: Sergio Gonzalez Monroy <sergio.gonzalez.monroy@intel.com>
|