Age | Commit message (Collapse) | Author | Files | Lines |
|
Check ARP request packet with bad requester MAC/IP address and
drop these packets. Also removed useless VRRP check in the node.
Change-Id: I2c8a774d291928eb623b3a515f1edf7e338fa760
Signed-off-by: John Lo <loj@cisco.com>
|
|
After calling vlib_packet_template_get_packet(), make sure
packet buffer is allocated before using it.
Change-Id: Idb5199f4e2c9596137b2101e502d611f474a6ffe
Signed-off-by: John Lo <loj@cisco.com>
|
|
only learn from a GARP packet if it is an update to an existing entry.
Change-Id: I4c1b59cfedb911466e5e4c9756cf53a6676e1909
Signed-off-by: Neale Ranns <neale.ranns@cisco.com>
|
|
This reverts commit d018870d1b02109fc8b328446f15312fdd2fcd11.
Change-Id: I700ade7a25ae5ed72cfed586e50b02492a4f11de
Signed-off-by: John Lo <loj@cisco.com>
|
|
Change-Id: I86019f4ff9b0c8c633638fa23341d8ce49099ba6
Signed-off-by: John Lo <loj@cisco.com>
|
|
- Modify the API send_ip6_na and send_ip4_garp to take sw_if_index instead
of vnet_hw_interface_t and add call to build_ethernet_rewrite to support
subinterface/vlan
- Add code to bonding driver to send an event to bond_process when the first
interface becomes active or when the active interface is down
- Create a bond_process to walk the interface and the corresponding
subinterfaces to send garp/ip6_na when an event is received.
- Minor cleanup in bonding/node.c
Note: dpdk bonding driver does not send garp/ip6_na for subinterfaces. There is
no attempt to fix it here. But the infra is now done and should be easy to
add the support.
Change-Id: If3ecc4cd0fb3051330f7fa11ca0dab3e18557ce1
Signed-off-by: Steven <sluong@cisco.com>
|
|
Move handling of IP neighbor pool full into main thread on entry
creation and make sure static entriesare not deleted for reuse.
Fix IPv6 neighbor handling on interface down and up so that static
entries are not deleted.
Change-Id: I073794949a41a5b86201e519ebe479febfc506c8
Signed-off-by: John Lo <loj@cisco.com>
|
|
Change-Id: I8335ebf266becf2f42bb3f28a17dfed8d9b08f97
Signed-off-by: Neale Ranns <nranns@cisco.com>
|
|
Change-Id: I44278dea2ee1daa147b0928bfe26e861907a209f
Signed-off-by: Jon Loeliger <jdl@netgate.com>
|
|
Scan IPv4 and IPv6 neigbor pool entries once a minute to keep them
up to date. The neighbor of an entry is probed if its time-stamp
is older than 1 minute. If the neighbor respond, its time-stamp
will be updated. If there is no response from a neighbor, its
entry will be deleted when the time-stamp of the entry become more
than 4 minutes old. Static neighbor entries are not probed nor
deleted.
Implemented CLI and API to enable and disable priodic scan of IPv4,
IPv6 or both types of IP neighbors. CLI is "ip scan-neighbor" and
API is "ip_scan_neighbor_enable_disable". Other IP neighbor scan
parameters can also be changed from their defaults via the CLI/API.
Change-Id: Id1a0a934ace15d03db845aa698bcbb9cdabebfcd
Signed-off-by: John Lo <loj@cisco.com>
|
|
hard code the address mask offsets. This are protocol specific and only used on ethernet when used at all.
Change-Id: Ib1f6f33682f53254ffbb5a241a1583e65420e0c7
Signed-off-by: Neale Ranns <nranns@cisco.com>
|
|
update the GBP plugin to implement the full NAT feature set of opflex agent
Change-Id: Ic06a039c889445ed0b9087fa1f292634192b0f8d
Signed-off-by: Neale Ranns <neale.ranns@cisco.com>
|
|
The interpose source allows the source/provider to insert/interpose
a DPO in the forwarding chain of the FIB entry ahead of the forwarding
provided by the next best source. For example if the API source (i.e
the 'control plane') has provided an adjacency for forwarding, then
an interpose source (e.g. a monitoring service) couold interpose a
replicatte DPO to copy the traffic to another location AND forward
using the API's adjacency.
To use the interose feature an existing source (i.e FIB_SOURCE_PLUGIN_HI)
cn specifiy as a flag FIB_ENTRY_FLAG_INTERPOSE and provide a DPO to
interpose. One might also consider using interpose in conjunction with
FIB_ENTRY_FLAG_COVER_INHERIT to ensure the interpose object affects
all prefixes in the sub-tree.
Change-Id: I8b2737b985f8f7c08123406d0491881def347b52
Signed-off-by: Neale Ranns <nranns@cisco.com>
|
|
and update glean address on local interface MAC change
Change-Id: I530826d60c7e9db2b0fa2d45754139d82c5ea807
Signed-off-by: Neale Ranns <neale.ranns@cisco.com>
|
|
This reverts commit 8b30e471df4d42214619e1d6c50cc8298426b45f.
Change-Id: I99edb236eb0a7f8ba3fba333c3481a710ebcb59c
Signed-off-by: Ole Troan <ot@cisco.com>
|
|
update the glean adj on a local interface MAC change
Change-Id: Ia5c5cde424ed0fea3431532cc5abf22b364bbab5
Signed-off-by: Neale Ranns <nranns@cisco.com>
|
|
Change-Id: I66ae618edaa12c2b4e4afe276da689673b02c9cd
Signed-off-by: zhaoqingling <zhao.qingling@zte.com.cn>
|
|
- always use 'va_args' as pointer in all format_* functions
- u32 for all 'indent' params as it's declaration was inconsistent
Change-Id: Ic5799309a6b104c9b50fec309cba789c8da99e79
Signed-off-by: Christophe Fontaine <christophe.fontaine@enea.com>
|
|
- Teach vpp_api_test to send/receive API messages over sockets
- Add memfd-based shared memory
- Add api messages to create memfd-based shared memory segments
- vpp_api_test supports both socket and shared memory segment connections
- vpp_api_test pivot from socket to shared memory API messaging
- add socket client support to libvlibclient.so
- dead client reaper sends ping messages, container-friendly
- dead client reaper falls back to kill (<pid>, 0) live checking
if e.g. a python app goes silent for tens of seconds
- handle ping messages in python client support code
- teach show api ring about pairwise shared-memory segments
- fix ip probing of already resolved destinations (VPP-998)
We'll need this work to implement proper host-stack client isolation
Change-Id: Ic23b65f75c854d0393d9a2e9d6b122a9551be769
Signed-off-by: Dave Barach <dave@barachs.net>
Signed-off-by: Dave Wallace <dwallacelf@gmail.com>
Signed-off-by: Florin Coras <fcoras@cisco.com>
|
|
For bonded interface in Active/Backup mode (mode 1), we need to
send a GARP/NA packet, if IP address is present, on slave link
state change to up or down to help with route convergence. The
callback from DPDK happens in a separate thread so we need to make
sure RPC call is used to signal the send_garp_na process in the
main thread. Also need to fix DPDK polling so the slave links are
not polled.
Change-Id: If5fd8ea2d28c54dd28726ac403ad366386ce9651
Signed-off-by: John Lo <loj@cisco.com>
|
|
wildcard ND events publisher was sending the last event mutiple times
Change-Id: I6c30f2de03fa825e79df9005a3cfaaf68ff7ea2f
Signed-off-by: Eyal Bari <ebari@cisco.com>
|
|
previous mechanism was emitting duplicates of last event, when handling multiple arp queries.
tests:
* arp events sent for graps
* duplicate suppression
* verify no events when disabled
Change-Id: I84adc23980d43b819261eccf02ec056b5cec61df
Signed-off-by: Eyal Bari <ebari@cisco.com>
|
|
Change-Id: I6cab79c266837a8731adcf78c9e093dfa6be0ead
Signed-off-by: Neale Ranns <nranns@cisco.com>
|
|
part 2;
- this adds the code to create an IP and MPLS table via the API.
- but the enforcement that the table must be created before it is used is still missing, this is so that CSIT can pass.
Change-Id: Id124d884ade6cb7da947225200e3bb193454c555
Signed-off-by: Neale Ranns <nranns@cisco.com>
|
|
When VPP has an interface whose address is also applied to a TAP
interface on the host, then VPP's TAP interface will be unnumbered
to the 'real' interface and do proxy ARP from the host.
the curious aspect of this setup is that ARP requests from the host
will come from the VPP's own address.
Change-Id: Ia238790e1034ba3cd3facdab29387b65a31525f2
Signed-off-by: Neale Ranns <nranns@cisco.com>
|
|
When attempting to delete an ARP entry on an interface
that hasn't had any ARP entries added yet, VPP was
retrieving an array element at an index that was out of
bounds and trying to dereference it.
Change-Id: Id141d3bfd8378dd8dd63f43b0b4b41461c285a4f
Signed-off-by: Matthew Smith <mgsmith@netgate.com>
|
|
Change-Id: I488965e78d0b3291af4c82902098ca666317a22e
Signed-off-by: Neale Ranns <nranns@cisco.com>
|
|
[support for VPWS/VPLS]
- switch to using dpo_proto_t rather than fib_protocol_t in fib_paths so that we can describe L2 paths
- VLIB nodes to handle pop/push of MPLS labels to L2
Change-Id: Id050d06a11fd2c9c1c81ce5a0654e6c5ae6afa6e
Signed-off-by: Neale Ranns <nranns@cisco.com>
|
|
Change-Id: Ifb17bae98ae1362078889d40e2369d58997bd92c
Signed-off-by: Neale Ranns <neale.ranns@cisco.com>
|
|
Simplify L2 output feature infra to unify with L2 input feature
infra using the newly improved feature bitmap mechanism.
Updated all L2 features to use the more efficient infra functions.
Change-Id: If8f463826b0af0717129befe92a27ea8cfc40449
Signed-off-by: John Lo <loj@cisco.com>
|
|
If a bonded interface is in active-backup mode and configured with
IPv4 and/or IPv6 addresses, on slave interface link up/down, send
a GARP packet if configured with an IPv4 address and an unsolcited
NA if configured with an IPv6 address. These packets can help with
faster route convergence in the next hop router/switch.
Change-Id: I68ccb11a4a40cda414704fa08ee0171c952befa2
Signed-off-by: John Lo <loj@cisco.com>
|
|
source is connected
Change-Id: I39fb0ec44cc322eaa12c0ff0700fc405d3982bfc
Signed-off-by: Neale Ranns <nranns@cisco.com>
|
|
Change-Id: I21b1ad39275495d4d006023b58f630a213445854
Signed-off-by: Neale Ranns <nranns@cisco.com>
|
|
don't add duplicate extensions.
Change-Id: Icf72d6e1b004d0dda532bec2b51f6b74544925bb
Signed-off-by: Neale Ranns <nranns@cisco.com>
|
|
there are, intentionally, no validation checks in the ARP/ND code to prevent an ARP/ND entry from being installed for an address that is not local to the interface's sub-net. This is ok, since the adjacency/FIB code is designed to handle this case using the 'refinement' criteria - i.e. only installing a FIB entry for the address if the address 'refines' (i.e. is more specific than) the interface's sub-net.
However, the refinement criteria currently operates on the FIB entry's prefix (which is a /32, so on the address) and not on the next-hop in the path.
So, enter multiple ARP entries for the same address on different links, and this refinement criteria uses only the last added path, and so will remove the FIB entry should the ARP entries be added in the 'wrong' order.
This fix updates the refinement criteria to work on each path of the FIB entry. The entry is installed if one of the paths refines the covers and only paths refining the cover contribute forwarding.
Per-path refinement checks are stored in path-extensions. The patch is rather large as path-extension, which were previously used only for out-going MPLS labels, have been generalized.
Change-Id: I00be359148cb948c32c52109e832a70537a7920a
Signed-off-by: Neale Ranns <nranns@cisco.com>
|
|
Check whether an ARP src hw addr starts with 00:00:5e:00:01
before rejecting due to a mismatch between ARP src hw addr
and ethernet frame src addr.
Change-Id: Ia3ecd5d6dba34876aca8d90bc622a0a1397e48fb
Signed-off-by: Matthew Smith <mgsmith@netgate.com>
|
|
learn ARP peers if, 1) it's a reply to a local address, 2) we are sending a response to a request.
send proxy ARP responses only in the interface the request was sent.
Change-Id: I22b949c65122824233076492b7dd537daca07bc2
Signed-off-by: Neale Ranns <nranns@cisco.com>
|
|
Change-Id: I4c3ce4d58df7977490fc94991291422ea1e31ee3
Signed-off-by: Neale Ranns <nranns@cisco.com>
|
|
Change-Id: Ic16bc10d0b2877b2afdf052615f9334f31b9519f
Signed-off-by: Neale Ranns <nranns@cisco.com>
|
|
1 - interface-DPO
Used in the Data-plane to change a packet's input interface
2 - MPLS multicast FIB entry
Same as a unicast entry but it links to a replicate not a load-balance DPO
3 - Multicast MPLS tunnel
Update MPLS tunnels to use a FIB path-list to describe the endpoint[s]. Use the path-list to generate the forwarding chain (DPOs) to link to .
4 - Resolve a path via a local label (of an mLDP LSP)
For IP multicast entries to use an LSP in the replication list, we need to decribe the 'resolve-via-label' where the label is that of a multicast LSP.
5 - MPLS disposition path sets RPF-ID
For a interface-less LSP (i.e. mLDP not RSVP-TE) at the tail of the LSP we still need to perform an RPF check. An MPLS disposition DPO performs the MPLS pop validation checks and sets the RPF-ID in the packet.
6 - RPF check with per-entry RPF-ID
An RPF-ID is used instead of a real interface SW if index in the case the IP traffic arrives from an LSP that does not have an associated interface.
Change-Id: Ib92e177be919147bafeb599729abf3d1abc2f4b3
Signed-off-by: Neale Ranns <nranns@cisco.com>
|
|
This patch deprecates stack-based thread identification,
Also removes requirement that thread stacks are adjacent.
Finally, possibly annoying for some folks, it renames
all occurences of cpu_index and cpu_number with thread
index. Using word "cpu" is misleading here as thread can
be migrated ti different CPU, and also it is not related
to linux cpu index.
Change-Id: I68cdaf661e701d2336fc953dcb9978d10a70f7c1
Signed-off-by: Damjan Marion <damarion@cisco.com>
|
|
Change-Id: I03195a86c69f84a301051c6b3ab64456bbf28645
Signed-off-by: Neale Ranns <nranns@cisco.com>
|
|
Change-Id: Ia3acf87d3e07a7d41c047869de504e1972334b55
Signed-off-by: Eyal Bari <ebari@cisco.com>
|
|
we should not suppress arps on remote interface instead we should flood them to the local one
used shg != 0 to identify packets from remote interfaces and disable arp term l2 input feature for them
Change-Id: I701537c05df7451a25ccb5bfc9e2b03ea70cff20
Signed-off-by: Eyal Bari <ebari@cisco.com>
|
|
use a 32bit mask in the adjacency to AND with the IP address and OR into the rewrite.
Change-Id: I80b0f246c18fd74f3e43c5d49e25833412f34665
Signed-off-by: Neale Ranns <nranns@cisco.com>
|
|
allow this config to function:
set int ip address loop0 169.254.1.1/32 (the default GW address for attached hosts)
set int unnumbered af_packet0 use loop0 ('enable' IP on the host interface)
ip route add 192.168.1.1/32 via af_packet0 (where to find the host)
repeat for each host and host interface.
Inter-host communication is throught the /32 routes.
To allow this:
1 - attached host routes have the ATTACHED flag set, so the ARP code accepts then as legitimate sources
2 - unnumbered interfaces inherit the source address from the IP interface
Change-Id: Ib66c5f0e848c528f79372813adc3a0c11b50717f
Signed-off-by: Neale Ranns <nranns@cisco.com>
|
|
neighbor entry
Change-Id: I952039e101031ee6a06e63f4c73d8eb359423e1a
Signed-off-by: Neale Ranns <nranns@cisco.com>
|
|
Change-Id: Ia9c6790436f8f6337b5351e3017ef5e441a8a4e9
Signed-off-by: Neale Ranns <nranns@cisco.com>
(cherry picked from commit 5e323329ed6ded6f6944c56069329207ad9069c0)
|
|
Use FIB_SOURCE_PLUGIN_HI and modify ARP input to use non-source variants for
flags and resolving interface get.
Change-Id: I3bab76f36e0b1ee86e430a416099f1654e02740a
Signed-off-by: Matus Fabian <matfabia@cisco.com>
|
|
- IPv[46] mfib tables with support for (*,G/m), (*,G) and (S,G) exact and longest prefix match
- Replication represented via a new replicate DPO.
- RPF configuration and data-plane checking
- data-plane signals sent to listening control planes.
The functions of multicast forwarding entries differ from their unicast conterparts, so we introduce a new mfib_table_t and mfib_entry_t objects. However, we re-use the fib_path_list to resolve and build the entry's output list. the fib_path_list provides the service to construct a replicate DPO for multicast.
'make tests' is added to with two new suites; TEST=mfib, this is invocation of the CLI command 'test mfib' which deals with many path add/remove, flag set/unset scenarios, TEST=ip-mcast, data-plane forwarding tests.
Updated applications to use the new MIFB functions;
- IPv6 NS/RA.
- DHCPv6
unit tests for these are undated accordingly.
Change-Id: I49ec37b01f1b170335a5697541c8fd30e6d3a961
Signed-off-by: Neale Ranns <nranns@cisco.com>
|