Age | Commit message (Collapse) | Author | Files | Lines |
|
Change-Id: I4a70c7df8f0cb368a4e1cb16f30eeef5c6058c79
Signed-off-by: Dave Barach <dave@barachs.net>
|
|
other plugins
This code implements the functionality required for other plugins wishing
to perform ACL lookups in the contexts of their choice, rather than only
in the context of the interface in/out.
The lookups are the stateless ACLs - there is no concept of "direction"
within the context, hence no concept of "connection" either.
The plugins need to include the
The file acl_lookup_context.md has more info.
Change-Id: I91ba97428cc92b24d1517e808dc2fd8e56ea2f8d
Signed-off-by: Andrew Yourtchenko <ayourtch@gmail.com>
|
|
This introduces a startup config option for configuring stats poller delay.
Use `stats { interval <seconds> }` to configure the delay at startup.
The default value remains unchanged - 10 seconds.
Change-Id: If12cb1f7f6f1f8ecfa461561bc77847cdf260388
Signed-off-by: Klement Sekera <ksekera@cisco.com>
|
|
Change GRE tunnel to use the interface type where the same encap
node is used as output node for all GRE tunnels, instead of having
dedicated output and tx node for each tunnel. This allows for more
efficient tunnel creation and deletion at scale tested at 1000's
of GRE tunnels.
Add support for ERSPAN encap as another tunnel type, in addition
to the existing L3 and TEB types. The GRE ERSPAN encap supported
is type 2 thus GRE encap need to include sequence number and GRE-
ERSPAN tunnel can be created with user secified ERSPAN session ID.
The GRE tunnel lookup hash key is updated to inclue tunnel type
and session ID, in addition to SIP/DIP and FIB index.
Thus, GRE-ERSPAN tunnel can be created, with the appropriate
session ID, to be used as output interface for SPAN config to
send mirrored packets.
Change interface naming so that all GRE tunnels, irrespective of
tunnel type, uses "greN" where N is the instance number. Removed
interface reuse on tunnel creation and deletion to enable unfied
tunnel interface name.
Add support of user specified instance on GRE tunnel creation.
Thus, N in the "greN" interface name can optionally be specified
by user via CLI/API.
Optimize GRE tunnel encap DPO stacking to bypass load-balance DPO
node since packet output on GRE tunnel always belong to the same
flow after 5-tupple hash.
Change-Id: Ifa83915744a1a88045c998604777cc3583f4da52
Signed-off-by: John Lo <loj@cisco.com>
|
|
If one is not selected by the user, the next available id
will be allocated, thus maintaining backward compatibility.
Change-Id: I4691ed0638b8072f9cfa9f20b9fe4f981e708800
Signed-off-by: Jon Loeliger <jdl@netgate.com>
|
|
Change-Id: I2421197b76be58099e5f8ed5554410adff202109
Signed-off-by: Neale Ranns <neale.ranns@cisco.com>
|
|
- update segment manager and session api to work with both flavors of
ssvm segments
- added generic ssvm slave/master init and del functions
- cleanup/refactor tcp_echo
- fixed uses of svm fifo pool as vector
Change-Id: Ieee8b163faa407da6e77e657a2322de213a9d2a0
Signed-off-by: Florin Coras <fcoras@cisco.com>
|
|
- add support for assigning tap interface to the bridge
- add support for assigning tap interface host side ip4 and ip6 address
- host namespace can be specified as PID (pid:12345) or full path to file
- automatically bring linux interface up
Change-Id: I1cf7c3cad9a740e430cc1b9c2bb0aad0ba4cc8d8
Signed-off-by: Damjan Marion <damarion@cisco.com>
|
|
Change-Id: Ided667356d5c6fb9648eb34685aabd6b16a598b7
Signed-off-by: Damjan Marion <damarion@cisco.com>
Signed-off-by: Steven Luong <sluong@cisco.com>
|
|
Added two new errors:
ACL_IN_USE_INBOUND
ACL_IN_USE_OUTBOUND
Update ACL tests to expect new, precise return values.
Change-Id: I644861a18aa5b70cce5f451dd6655641160c7697
Signed-off-by: Jon Loeliger <jdl@netgate.com>
|
|
Change-Id: I5217364220023df34d5bee071cb750df1661b093
Signed-off-by: Florin Coras <fcoras@cisco.com>
|
|
This patch is a plausible first-cut, suitable for initial testing by
vcl (host stack client library).
Main features;
- recursive name resolution
- multiple ip4/ip6 name servers
- cache size limit enforcement
- currently limited to 65K
- ttl / aging
- static mapping support
- show / clear / debug CLI commands
Binary APIs provided for the following:
- add/delete name servers
- enable/disable the name cache
- resolve a name
To Do list:
- Respond to ip4/ip6 client DNS requests (vs. binary API requests)
- Perf / scale tuning
- map pending transaction ids to pool indices, so the cache
can (greatly) exceed 65K entries
- Security improvements
- Use unpredictable dns transaction IDs, related to previous item
- Make sure that response-packet src ip addresses match the server
- Add binary APIs
- deliver raw response data to clients
- control recursive name resolution
- Documentation
Change-Id: I48c373d5c05d7108ccd814d4055caf8c75ca10b7
Signed-off-by: Dave Barach <dave@barachs.net>
|
|
Applications are now provided the option to select the namespace they
are to be attached to and the scope of their attachement. Application
namespaces are meant to:
1) constrain the scope of communication through the network by
association with source interfaces and/or fib tables that provide the
source ips to be used and limit the scope of routing
2) provide a namespace local scope to session layer communication, as
opposed to the global scope provided by 1). That is, sessions can be
established without assistance from transport and network layers.
Albeit, zero/local-host ip addresses must still be provided in session
establishment messages due to existing application idiosyncrasies. This
mode of communication uses shared-memory fifos (cut-through sessions)
exclusively.
If applications request no namespace, they are assigned to the default
one, which at its turn uses the default fib. Applications can request
access to both local and global scopes for a namespace. If no scope is
specified, session layer defaults to the global one.
When a sw_if_index is provided for a namespace, zero-ip (INADDR_ANY)
binds are converted to binds to the requested interface.
Change-Id: Ia0f660bbf7eec7f89673f75b4821fc7c3d58e3d1
Signed-off-by: Florin Coras <fcoras@cisco.com>
|
|
Identify and complain when the same IP prefix is assigned
to two different SW interfaces:
vpp# set int ip address TenGigabitEthernet6/0/0 1.2.3.4/32
vpp# set int ip address TenGigabitEthernet6/0/1 1.2.3.4/32
set interface ip address: Prefix 1.2.3.4/32 already found on
interface TenGigabitEthernet6/0/0
Change-Id: I1aee1b6a7ddd00d3109a53d8e1b6ce97bf45e372
Signed-off-by: Jon Loeliger <jdl@netgate.com>
|
|
When I type in set interface rx-mode with a nonexistent queue, I got a crash with the following
traceback. It looks like the vm is NULL when vlib_node_get_runtime is called.
DBGvpp# sh int rx
Thread 0 (vpp_main):
node dpdk-input:
TenGigabitEthernet5/0/0 queue 0 (polling)
TenGigabitEthernet5/0/1 queue 0 (polling)
TenGigabitEthernet7/0/0 queue 0 (polling)
TenGigabitEthernet7/0/1 queue 0 (polling)
node vhost-user-input:
VirtualEthernet0/0/2 queue 0 (adaptive)
DBGvpp# set interface rx-mode VirtualEthernet0/0/2 queue 1 polling
Thread 1 "vpp_main" received signal SIGSEGV, Segmentation fault.
0x00007ffff6d4e0bc in vlib_node_get_runtime (vm=0x0, node_index=125)
at /home/sluong/vpp/build-data/../src/vlib/node_funcs.h:92
92 vlib_node_t *n = vec_elt (nm->nodes, node_index);
(gdb) where
at /home/sluong/vpp/build-data/../src/vlib/node_funcs.h:92
at /home/sluong/vpp/build-data/../src/vlib/node_funcs.h:112
vnm=0x6f0fa0 <vnet_main>, hw_if_index=7, queue_id=1, mode=0x7fffb62099e8)
at /home/sluong/vpp/build-data/../src/vnet/devices/devices.c:307
hw_if_index=7, queue_id=1, mode=VNET_HW_INTERFACE_RX_MODE_POLLING)
at /home/sluong/vpp/build-data/../src/vnet/interface_cli.c:1192
vm=0x7ffff7b9d440 <vlib_global_main>, input=0x7fffb6209ef0,
cmd=0x7fffb61d5d14)
at /home/sluong/vpp/build-data/../src/vnet/interface_cli.c:1288
vm=0x7ffff7b9d440 <vlib_global_main>,
cm=0x7ffff7b9d630 <vlib_global_main+496>, input=0x7fffb6209ef0,
parent_command_index=18)
at /home/sluong/vpp/build-data/../src/vlib/cli.c:588
vm=0x7ffff7b9d440 <vlib_global_main>,
cm=0x7ffff7b9d630 <vlib_global_main+496>, input=0x7fffb6209ef0,
parent_command_index=12)
The fix is to add a check for vec_len(hw->input_node_thread_index_by_queue)
and vec_len (hw->rx_mode_by_queue) to reject the command if the queue_id is
out of bound. While at it, I notice inputting queue_id=-1 is being interpreted
as all queues. An easy fix is to not overload the queue_id variable with -1 to
mean something else.
Change-Id: Id70ec3e7d06ccc67635e6d28ef53420bdac4a988
Signed-off-by: Steven <sluong@cisco.com>
|
|
Added APIs want_l2_macs_events and l2_macs_event to allow an API
client to receive notification events from VPP for MAC learned
or aged in L2FIB. Only one API client is allowed for L2 MAC events.
The want_l2_macs_events API allow caller to specify MAC learn
limit, event scan delay and max number of MACs that can be included
in a event message. These parameters should be choosen properly as
to not have too many MAC events sent by VPP and overwhelm the API
share memory. They can all be left as 0's so VPP will setup reasonable
defaults which are: 1000 learn limit, 100 msec scan delay and 100
MACs per event message.
If want_l2_macs_events is never called, VPP learning and aging
should behave as before except that MAC entries provisioned by API
or CLI will not be aged, even if it is not set as static_mac. These
non static MACs, however, can be overwritten by MAC learning on a
MAC move as a leared MAC. Only learned MACs are subject to aging.
Change-Id: Ia3757a80cf8adb2811a089d2eafbd6439461285c
Signed-off-by: John Lo <loj@cisco.com>
|
|
Change-Id: Idb97e573961b3bc2acdeef77582314590795f8c3
Signed-off-by: Pavel Kotucek <pkotucek@cisco.com>
|
|
Enforce bridge domain ID range to allow a maximum value of 16M
which matches the range of 24-bit VNI used for virtual overlay
network ID.
Fix "show bridge-domain" output to allow full 16M BD ID range
to be displayed using 8-digit spaces.
Change-Id: I80d9c76ea7c001bcccd3c19df1f3e55d2970f01c
Signed-off-by: John Lo <loj@cisco.com>
|
|
The default bridge domain, 0, is created automatically
with static features. It should be modified by neither
the CLI nor the API. So add tests for, and reject any
operation on BD 0. The new API error message BD_NOT_MODIFIABLE
is returned in such cases.
Change-Id: Iaf3dd80c4f43cf41689ca55756a0a3525420cd12
Signed-off-by: Jon Loeliger <jdl@netgate.com>
|
|
Change-Id: Ib506c3e9d66170f29e3266ad6dc4d32b829befba
Signed-off-by: Damjan Marion <damarion@cisco.com>
|
|
Change-Id: I29082e7a0c556069180a157e55b3698cf8cd38c7
Signed-off-by: Eyal Bari <ebari@cisco.com>
|
|
Major refactoring of the session layer api
- Add attatch api for application binding to the the session layer
- Simplify listen/connect calls
- Update application CLI
- Add transport endpoint to accept callback
- Associate segment manager to application and allow for multiple
binds/connects per app
Additional:
- svm fifo cleanup
- add fifo free, format fns
- add fifo offset enqueue unit test
Change-Id: Id93a65047de61afc2bf3d58c9b544339c02065af
Signed-off-by: Florin Coras <fcoras@cisco.com>
Signed-off-by: Dave Barach <dave@barachs.net>
|
|
Change-Id: Ia3acf87d3e07a7d41c047869de504e1972334b55
Signed-off-by: Eyal Bari <ebari@cisco.com>
|
|
- Add CLI/API to enable session layer, by default it's disabled
- Improve rcv wnd computation
- Improvements to tx path
- URI code cleanup
- Builtin test tcp server
- Improve src port allocation
Change-Id: I2ace498e76a0771d4c31a8075cc14fe33d7dfa38
Signed-off-by: Florin Coras <fcoras@cisco.com>
|
|
has an address configured (VPP-601)
Change-Id: I311fc264f73dd3b2b3ce9d7d1c33cd0515b36c4a
Signed-off-by: Neale Ranns <nranns@cisco.com>
|
|
Implement command line interface to the BFD binary APIs. Add
corresponding unit tests.
Change-Id: Ia0542d0bc4c8d78e6f7b777a08fd94ebfe4d524f
Signed-off-by: Klement Sekera <ksekera@cisco.com>
|
|
Change-Id: I49e5ce0aae6e4ff634024387ceaf7dbc432a0351
Signed-off-by: Dave Barach <dave@barachs.net>
Signed-off-by: Florin Coras <fcoras@cisco.com>
|
|
Change-Id: Id89e23fb5d275572b2356c073dfa0f55719e1a76
Signed-off-by: Filip Tehlar <ftehlar@cisco.com>
|
|
Change-Id: I666e5c0cc71a3693640960c93cdd1907f84fbe23
Signed-off-by: Klement Sekera <ksekera@cisco.com>
|
|
Change-Id: Ifaf46554e45557ebf82009d9c46a9e905a46f884
Signed-off-by: Filip Tehlar <ftehlar@cisco.com>
|
|
Add authentication support to BFD feature. Out of three existing
authentication types, implement SHA1 (sole RFC requirement). Simple
password is insecure and MD5 is discouraged by the RFC, so ignore
those.
Add/change APIs to allow configuring BFD authentication keys
and their usage with BFD sessions.
Change-Id: Ifb0fb5b19c2e72196d84c1cde919bd4c074ea415
Signed-off-by: Klement Sekera <ksekera@cisco.com>
|
|
To simplify system configuration. Converted existing code to use an
argument structure, instead of [one or two too many] discrete
parameters.
Change-Id: I3eddfa74eeed918c1b04a6285fba494651594332
Signed-off-by: Dave Barach <dave@barachs.net>
|
|
Change-Id: I7b51f88292e057c6443b12224486f2d0c9f8ae23
Signed-off-by: Damjan Marion <damarion@cisco.com>
|