| Age | Commit message (Collapse) | Author | Files | Lines |
|---|
|
This patch is a plausible first-cut, suitable for initial testing by
vcl (host stack client library).
Main features;
- recursive name resolution
- multiple ip4/ip6 name servers
- cache size limit enforcement
- currently limited to 65K
- ttl / aging
- static mapping support
- show / clear / debug CLI commands
Binary APIs provided for the following:
- add/delete name servers
- enable/disable the name cache
- resolve a name
To Do list:
- Respond to ip4/ip6 client DNS requests (vs. binary API requests)
- Perf / scale tuning
- map pending transaction ids to pool indices, so the cache
can (greatly) exceed 65K entries
- Security improvements
- Use unpredictable dns transaction IDs, related to previous item
- Make sure that response-packet src ip addresses match the server
- Add binary APIs
- deliver raw response data to clients
- control recursive name resolution
- Documentation
Change-Id: I48c373d5c05d7108ccd814d4055caf8c75ca10b7
Signed-off-by: Dave Barach <dave@barachs.net>
|
|
Applications are now provided the option to select the namespace they
are to be attached to and the scope of their attachement. Application
namespaces are meant to:
1) constrain the scope of communication through the network by
association with source interfaces and/or fib tables that provide the
source ips to be used and limit the scope of routing
2) provide a namespace local scope to session layer communication, as
opposed to the global scope provided by 1). That is, sessions can be
established without assistance from transport and network layers.
Albeit, zero/local-host ip addresses must still be provided in session
establishment messages due to existing application idiosyncrasies. This
mode of communication uses shared-memory fifos (cut-through sessions)
exclusively.
If applications request no namespace, they are assigned to the default
one, which at its turn uses the default fib. Applications can request
access to both local and global scopes for a namespace. If no scope is
specified, session layer defaults to the global one.
When a sw_if_index is provided for a namespace, zero-ip (INADDR_ANY)
binds are converted to binds to the requested interface.
Change-Id: Ia0f660bbf7eec7f89673f75b4821fc7c3d58e3d1
Signed-off-by: Florin Coras <fcoras@cisco.com>
|
|
- new IPv4 and IPv6 feature arcs on the punt and drop nodes
- new features:
- redirect punted traffic to an interface and nexthop
- police punted traffic.
Change-Id: I53be8bf4e06545add8a3619e462de5ffedd0a95c
Signed-off-by: Neale Ranns <nranns@cisco.com>
|
|
Notes on this first implementation:
* First version of the implementation does NOT support GENEVE OPTIONS
HEADER: it isn't well understood what the purpose of the OPTIONS will be and/or
what content would be placed in the variable option data;
Once the IETF work will evolve and further information will be available
it could be possible to modify the frame rewrite to contemplate the
actual GENEVE OPTIONS.
Change-Id: Iddfe6f408cc45bb0800f00ce6a3e302e48a4ed52
Signed-off-by: Marco Varlese <marco.varlese@suse.com>
|
|
This patch reworks the DPDK ipsec implementation including the cryptodev
management as well as replacing new cli commands for better usability.
For the data path:
- The dpdk-esp-encrypt-post node is not necessary anymore.
- IPv4 packets in the decrypt path are sent to ip4-input-no-checksum instead
of ip4-input.
The DPDK cryptodev cli commands are replaced by the following new commands:
- show dpdk crypto devices
- show dpdk crypto placement [verbose]
- set dpdk crypto placement (<device> <thread> | auto)
- clear dpdk crypto placement <device> [<thread>]
- show dpdk crypto pools
Change-Id: I47324517ede82d3e6e0e9f9c71c1a3433714b27b
Signed-off-by: Sergio Gonzalez Monroy <sergio.gonzalez.monroy@intel.com>
|
|
A distributed virtual router works by attmpeting to switch a packet, but on failing to find a local consumer (i.e. the packet is destined to a locally attached host) then the packet is sent unmodified 'upstream' to where the rest of the 'distributed' router is present. When L3 switching a packet this means the L2 header must not be modifed. This patch adds a 'l2-bridge' object to the L3 FIB which re-injects packets from the L3 path back into the L2 path - use with extreme caution.
Change-Id: I069724eb45956647d7980cbe40a80a788ee6ee82
Signed-off-by: Neale Ranns <nranns@cisco.com>
|
|
Change-Id: Idcd78a21f4f2b6c1223123b5cc50a470ccd57e83
Signed-off-by: Florin Coras <fcoras@cisco.com>
|
|
1) introduce an interface-tx DPO. This is a simple wrapper around a sw_if_index. enhance DPO stacking functions to allow per-instance next-nodes and hence allow children to stack onto the interface per-instance tx node and not on 'interface-output'.
2) update PPPoE code to use ta midchain stack on a interface-tx DPO of the encap-interface. This remove the need for pppoe_encap node (which is replaced by the adj-midchain-tx) and interface-output node is no longer used (see above). Since PPPoE encap node is no longer needed, the PPPoE seesion does not need to be retrieved in the data-path, hence the cahce misses are removed.
Change-Id: Id8b40f53daa14889a9c51d802e14fed7fba4399a
Signed-off-by: Neale Ranns <nranns@cisco.com>
|
|
- v6 support
- Non-default VRF ID collection
- Break up ip source address list into CLI + API-friendly functions
- Automate proxy arp / proxy nd configuration
- Automate local adjacency insertion
- Binary API support
Change-Id: Iede31184f65cc1ec8c414447d2d60a1334e3fe15
Signed-off-by: Dave Barach <dave@barachs.net>
|
|
- Clean up internal API client registration
- Add proxy server
- Add a reference count to the svm fifo
Change-Id: I5ace1c85497062ed412d26ae76a9e6741af1e984
Signed-off-by: Dave Barach <dave@barachs.net>
Signed-off-by: Florin Coras <fcoras@cisco.com>
|
|
Change-Id: Idb97e573961b3bc2acdeef77582314590795f8c3
Signed-off-by: Pavel Kotucek <pkotucek@cisco.com>
|
|
Change-Id: Ica99e8cb919fca6b069c37c969d60e8ccc2c6bf9
Signed-off-by: Florin Coras <fcoras@cisco.com>
|
|
Add API methods to configure LLDP and set interface to enable/disable.
Also add port description TLV for LLDP.
Change-Id: Ib959d488c2ab8a0069f143558871f41fcc43a5d3
Signed-off-by: Steve Shin <jonshin@cisco.com>
|
|
API for P2P Ethernet feature
Change-Id: Id0280f42b9ce2428262e79c4dc309595037cd10e
Signed-off-by: Pavel Kotucek <pkotucek@cisco.com>
|
|
Visit http://<vpp-ip>/show/interface or similar.
Change-Id: I076b4661cf19d1b94bb01efdadb5849446be915e
Signed-off-by: Dave Barach <dave@barachs.net>
|
|
Change-Id: I961685a2a0e4c314049444c64eb6ccf877c278dd
Signed-off-by: Pablo Camarillo <pcamaril@cisco.com>
|
|
(VPP-708)
Change-Id: I9ad636f80bf109ffac9ca1b6d80d5f2c31f2076a
Signed-off-by: Matus Fabian <matfabia@cisco.com>
|
|
Change-Id: Ibe55e4399c6b78d83268d7c49ed498cab7bfdb43
Signed-off-by: Filip Tehlar <ftehlar@cisco.com>
|
|
Major refactoring of the session layer api
- Add attatch api for application binding to the the session layer
- Simplify listen/connect calls
- Update application CLI
- Add transport endpoint to accept callback
- Associate segment manager to application and allow for multiple
binds/connects per app
Additional:
- svm fifo cleanup
- add fifo free, format fns
- add fifo offset enqueue unit test
Change-Id: Id93a65047de61afc2bf3d58c9b544339c02065af
Signed-off-by: Florin Coras <fcoras@cisco.com>
Signed-off-by: Dave Barach <dave@barachs.net>
|
|
1 - interface-DPO
Used in the Data-plane to change a packet's input interface
2 - MPLS multicast FIB entry
Same as a unicast entry but it links to a replicate not a load-balance DPO
3 - Multicast MPLS tunnel
Update MPLS tunnels to use a FIB path-list to describe the endpoint[s]. Use the path-list to generate the forwarding chain (DPOs) to link to .
4 - Resolve a path via a local label (of an mLDP LSP)
For IP multicast entries to use an LSP in the replication list, we need to decribe the 'resolve-via-label' where the label is that of a multicast LSP.
5 - MPLS disposition path sets RPF-ID
For a interface-less LSP (i.e. mLDP not RSVP-TE) at the tail of the LSP we still need to perform an RPF check. An MPLS disposition DPO performs the MPLS pop validation checks and sets the RPF-ID in the packet.
6 - RPF check with per-entry RPF-ID
An RPF-ID is used instead of a real interface SW if index in the case the IP traffic arrives from an LSP that does not have an associated interface.
Change-Id: Ib92e177be919147bafeb599729abf3d1abc2f4b3
Signed-off-by: Neale Ranns <nranns@cisco.com>
|
|
- single-hop BFD: attach a delegate to the appropriate adjacency
- multi-hop BFD [not supported yet]: attach a delegate to the FIB entry.
adjacency/fib_entry state tracks the BFD session state. when the state is down the object does not contribute forwarding hence and hence dependent objects will not use it.
For example, if a route is ECMP via two adjacencies and one of them is BFD down, then only the other is used to forward (i.e. we don't drop half the traffic).
Change-Id: I0ef53e20e73b067001a132cd0a3045408811a822
Signed-off-by: Neale Ranns <nranns@cisco.com>
|
|
Change-Id: I2a1246061e57c4caae0a1a1b861c459d115860cd
Signed-off-by: Damjan Marion <damarion@cisco.com>
|
|
Change-Id: I03195a86c69f84a301051c6b3ab64456bbf28645
Signed-off-by: Neale Ranns <nranns@cisco.com>
|
|
Change-Id: I4dbd0dbd1e24bbf7c66fb9a2c055c8bc11d3817d
Signed-off-by: Neale Ranns <nranns@cisco.com>
|
|
Change-Id: I6081a38af3817f0957a2faf0e3e41afa4a74f3a4
Signed-off-by: Dave Barach <dave@barachs.net>
|
|
- Added svm fifo flag for tracking fifo dequeue events (replaces event
length). Updated all code to switch to the new scheme.
- More session debugging
- Fix peek index wrap
- Add a trivial socket test client
- Fast retransmit/cc fixes
- tx and rx SACK fixes and unit testing
- SRTT computation fix
- remove dupack/ack burst filters
- improve ack rx
- improved segment rx
- builtin client test code
Change-Id: Ic4eb2d5ca446eb2260ccd3ccbcdaa73c64e7f4e1
Signed-off-by: Florin Coras <fcoras@cisco.com>
Signed-off-by: Dave Barach <dbarach@cisco.com>
|
|
use a 32bit mask in the adjacency to AND with the IP address and OR into the rewrite.
Change-Id: I80b0f246c18fd74f3e43c5d49e25833412f34665
Signed-off-by: Neale Ranns <nranns@cisco.com>
|
|
1 - Quad loop lookup and label imposition.
2 - optimise imposition for the 1 label case
3 - input gets TTL from header directly (no byte swap)
Change-Id: I59204c9e5d134b0df75d7afa43e360f946d1ffe7
Signed-off-by: Neale Ranns <nranns@cisco.com>
|
|
- event-logging support for tcp and session layer
- improvements to uri test code
- builtin_server on port 1234
- use the CLOSEWAIT timer when we rx FIN in FIN_WAIT_2 state
Change-Id: Ibc445f164b2086b20323bf89c77cffd3059f570f
Signed-off-by: Florin Coras <fcoras@cisco.com>
Signed-off-by: Dave Barach <dbarach@cisco.com>
Signed-off-by: Dave Barach <dave@barachs.net>
|
|
vpp_lite platform is not needed anymore as same efect can be
achieved with following startup.conf config:
plugins {
plugin dpdk_plugin.so { disable }
}
Change-Id: I690ea8ceb1c6e1fe32e01e7da54e9958019a93bf
Signed-off-by: Damjan Marion <damarion@cisco.com>
|
|
session.api.h is included in src/vnet/vnet_all_api_h.h
since 68b0fb0c620, as such it should be added to the 'devel' package
and installed for out-of-tree builds which use binary VPP API
Change-Id: Ie8ad03d8df2a96cbc6913f767500d5ff34dcc915
Signed-off-by: Alexander Popovsky (apopovsk) <apopovsk@cisco.com>
|
|
- Add CLI/API to enable session layer, by default it's disabled
- Improve rcv wnd computation
- Improvements to tx path
- URI code cleanup
- Builtin test tcp server
- Improve src port allocation
Change-Id: I2ace498e76a0771d4c31a8075cc14fe33d7dfa38
Signed-off-by: Florin Coras <fcoras@cisco.com>
|
|
Implements:
1.- SR Policies with several (weighted) SID lists
2.- Binding SID
3.- SR LocalSIDs with support for the following functions
- End
- End.X
- End.DX6
- End.DX4
- End.DX2
- End.DT6
- End.DT2
- End.B6
- End.B6.Encaps
4.- SR Steering policies (to steer a traffic through an SR Policy)
- Support for IPv6 traffic (IPv6 Encapsulation / SRH insertion)
- Support for IPv4 traffic (IPv6 Encapsulation)
- Support for L2 traffic
(T.Insert / T.Encaps)
5.- Doxygen documentation
6.- Framework (APIs) to allow the definition of new SR LocalSID behaviors by means of plugins
7.- Sample SRv6 LocalSID plugin
Change-Id: I2de3d126699d4f11f54c0f7f3b71420ea41fd389
Signed-off-by: Pablo Camarillo <pcamaril@cisco.com>
|
|
Implement command line interface to the BFD binary APIs. Add
corresponding unit tests.
Change-Id: Ia0542d0bc4c8d78e6f7b777a08fd94ebfe4d524f
Signed-off-by: Klement Sekera <ksekera@cisco.com>
|
|
Change-Id: I238258cdeb77035adc5e88903d824593d0a1da90
Signed-off-by: Damjan Marion <damarion@cisco.com>
|
|
Change-Id: I49e5ce0aae6e4ff634024387ceaf7dbc432a0351
Signed-off-by: Dave Barach <dave@barachs.net>
Signed-off-by: Florin Coras <fcoras@cisco.com>
|
|
The DHCP proxy and VSS information maintained by VPP is the same for v4 and v6, so we can manage this state using the same code.
Packet handling is cleary different, so this is kept separate.
Change-Id: I10f10cc1f7f19debcd4c4b099c6de64e56bb0c69
Signed-off-by: Neale Ranns <nranns@cisco.com>
|
|
Change-Id: I6b5984df176688f0722a2888e73f05d8ed8b9310
Signed-off-by: Filip Tehlar <ftehlar@cisco.com>
|
|
Change-Id: I97fedb0f70dd18ed9bbe985407cc5fe714e8a2e2
Signed-off-by: Florin Coras <fcoras@cisco.com>
|
|
1 - use the SR policy to construct the replicate DPO. Each bucket therein is a SR tunnel.
2 - install a special mfib entry that links via this replicate
3 - forwarding is now mfib-lookup -> replicate -> sr_rewrite (per-tunnel)
no need for a separate sr_replicate node.
4 - Stack the sr tunnel on the forwarding DPO of the first-hop FIB entry.
no need for a second lookup post SR encap.
5 - fix some path-list lock leaks in the MFIB entry.
Change-Id: I20de96ea4c4be4fae252625bde159d9c435c8315
Signed-off-by: Neale Ranns <nranns@cisco.com>
|
|
header is included by ip6.h and should therefore be made public
Change-Id: Ieb7d14bb082d821c2f77e9204ec09d884fb2cb09
Signed-off-by: Gabriel Ganne <gabriel.ganne@enea.com>
|
|
Change-Id: Ia7d8b557bcdf45eb8e33bb3d297bc6f7ad321c72
Signed-off-by: Pavel Kotucek <pkotucek@cisco.com>
|
|
Build Cryptodev IPsec support by default when DPDK is enabled but only build
hardware Cryptodev PMDs.
To enable Cryptodev support, a new startup.conf option for dpdk has been
introduced 'enable-cryptodev'.
During VPP init, if Cryptodev support is not enabled or not enough cryptodev
resources are available then default to OpenSSL ipsec implementation.
Change-Id: I5aa7e0d5c2676bdb41d775ef40364536a081956d
Signed-off-by: Sergio Gonzalez Monroy <sergio.gonzalez.monroy@intel.com>
|
|
Change-Id: I1596d7a130fb6d3b170b8e01f2116b323cc10c0d
Signed-off-by: Pavel Kotucek <pkotucek@cisco.com>
|
|
- IPv[46] mfib tables with support for (*,G/m), (*,G) and (S,G) exact and longest prefix match
- Replication represented via a new replicate DPO.
- RPF configuration and data-plane checking
- data-plane signals sent to listening control planes.
The functions of multicast forwarding entries differ from their unicast conterparts, so we introduce a new mfib_table_t and mfib_entry_t objects. However, we re-use the fib_path_list to resolve and build the entry's output list. the fib_path_list provides the service to construct a replicate DPO for multicast.
'make tests' is added to with two new suites; TEST=mfib, this is invocation of the CLI command 'test mfib' which deals with many path add/remove, flag set/unset scenarios, TEST=ip-mcast, data-plane forwarding tests.
Updated applications to use the new MIFB functions;
- IPv6 NS/RA.
- DHCPv6
unit tests for these are undated accordingly.
Change-Id: I49ec37b01f1b170335a5697541c8fd30e6d3a961
Signed-off-by: Neale Ranns <nranns@cisco.com>
|
|
Change-Id: I3829835ed2126e51e96690c907deac623dc77151
Signed-off-by: Pavel Kotucek <pkotucek@cisco.com>
|
|
Change-Id: I24355c71606c047e474b2541bb274e3d183fee85
Signed-off-by: Florin Coras <fcoras@cisco.com>
|
|
Change-Id: I99e913b954f8b02f347bfeff093856a1c5e96781
Signed-off-by: Pavel Kotucek <pkotucek@cisco.com>
|
|
Change-Id: Ib75197ef8e5057e7f0d9361a10705c3743d05333
Signed-off-by: Pavel Kotucek <pkotucek@cisco.com>
|
|
This replaces --without-ipsec and --without-ipv6sr
and allows other parts of the code to be disabled if
libssl is not available.
Change-Id: Id97ff3685a7924d7f86622952e0405d94ceb5957
Signed-off-by: Damjan Marion <damarion@cisco.com>
|
Dave Barach
Florin Coras
Neale Ranns
Marco Varlese
Sergio Gonzalez Monroy
Dave Barach
Pavel Kotucek
Steve Shin
Pablo Camarillo
Matus Fabian
Filip Tehlar
Damjan Marion
Alexander Popovsky (apopovsk)
Klement Sekera
Gabriel Ganne