Age | Commit message (Collapse) | Author | Files | Lines |
|
Type: refactor
Change-Id: I5235bf3e9aff58af6ba2c14e8c6529c4fc9ec86c
Signed-off-by: Damjan Marion <damarion@cisco.com>
|
|
Type: improvement
Change-Id: Ie0bad9e03ac2e29da23af01ee7f63cb44489ad9c
Signed-off-by: Filip Tehlar <ftehlar@cisco.com>
|
|
After the clib_socket_init syntax changed, the behavior of VCL
socket creation was broken. This patch introduces app_namespace_add_del_v4
to address the behavioral change.
Type: refactor
Change-Id: Ice016bdb372233fd3317f166d45625e086e9b4df
Signed-off-by: Nathan Skrzypczak <nathan.skrzypczak@gmail.com>
|
|
Type: feature
This adds an API message to do the switch
at runtime.
Change-Id: Ice6b69c57f0bfbf5668182e25593362ff4133615
Signed-off-by: Nathan Skrzypczak <nathan.skrzypczak@gmail.com>
|
|
Type: feature
Change-Id: If0edbb21a0283d66c648a9e190d238c8cfa56353
Signed-off-by: Nathan Skrzypczak <nathan.skrzypczak@gmail.com>
|
|
Type: refactor
Change-Id: I99162d80280e0f45344671b18b1ea96db90d4282
Signed-off-by: Nathan Skrzypczak <nathan.skrzypczak@gmail.com>
|
|
This adds a new API call to add session namespaces
It now takes a netns and a sock_name.
(1) If no netns is passed, sock_name will be used as
socket path. Defaulting to /run/vpp/app_ns_sockets/${ns_id}
(2) If a netns is passed, the sock_name has to be
abstract (i.e. start with '@'). It will default to
`@vpp/session/${ns_id}` and will be created in the provided
netns.
Type: feature
Change-Id: I90e9a8e5ecca2cabe7c05335663e33c8506dc9e7
Signed-off-by: Nathan Skrzypczak <nathan.skrzypczak@gmail.com>
|
|
App namespaces can now be associated to a linux ip netns, e.g.:
app ns add id <ns_id> secret <n> sw_if_index <n> netns <netns>
If session layer's app sock api is enabled, this triggers the creation
of an abstract listening socket in the netns that has been configured.
For the example above that would be @vpp/session/<ns_id>.
Consequently, vcl, or other apps attaching to vpp, can connect to said
abstract socket from an ip netns without the need to share unix domain
socket files. In particular, for vcl it's enough to set app-socket-api
to @vpp/session/<ns_id> in the conf file.
Type: feature
Signed-off-by: Florin Coras <fcoras@cisco.com>
Change-Id: I26fdc626a760a3f423c5b8be4251623f6e9cd73a
|
|
Type: refactor
Change-Id: Ie67dc579e88132ddb1ee4a34cb69f96920101772
Signed-off-by: Damjan Marion <damarion@cisco.com>
|
|
This is an af_unix socket alternative to the binary api. To enable it,
add use-app-socket-api under session stanza in startup.conf. When the
socket api is enabled, attachments through the binary api are disabled.
The socket api only works with memfd fifo segments, i.e., shm segments
are not supported.
Type: feature
Signed-off-by: Florin Coras <fcoras@cisco.com>
Change-Id: I55ffcee201d004846daeeec85c700c7e7a578d43
|
|
Multiple API message handlers call vnet_get_sup_hw_interface(...)
without checking the inbound sw_if_index. This can cause a
pool_elt_at_index ASSERT in a debug image, and major disorder in a
production image.
Given that a number of places are coded as follows, add an
"api_visible_or_null" variant of vnet_get_sup_hw_interface, which
returns NULL given an invalid sw_if_index, or a hidden sw interface:
- hw = vnet_get_sup_hw_interface (vnm, sw_if_index);
+ hw = vnet_get_sup_hw_interface_api_visible_or_null (vnm, sw_if_index);
if (hw == NULL || memif_device_class.index != hw->dev_class_index)
return clib_error_return (0, "not a memif interface");
Rename two existing xxx_safe functions -> xxx_or_null to make it
obvious what they return.
Type: fix
Change-Id: I29996e8d0768fd9e0c5495bd91ff8bedcf2c5697
Signed-off-by: Dave Barach <dave@barachs.net>
|
|
Change-Id: I89d240753b3f3c5e984aa303a7c8fa35fa59bf7f
Signed-off-by: Florin Coras <fcoras@cisco.com>
|
|
Rename core data structures. This will break compatibility for out of
tree builtin apps.
- stream_session_t to session_t
- server_rx/tx_fifo to rx/tx_fifo
- stream_session.h to session_types.h
- update copyright
Change-Id: I414097c6e28bcbea866fbf13b8773c7db3f49325
Signed-off-by: Florin Coras <fcoras@cisco.com>
|
|
Change-Id: Ied34720ca5a6e6e717eea4e86003e854031b6eab
Signed-off-by: Dave Barach <dave@barachs.net>
|
|
Change-Id: I373cc252df3621d44879b8eca70aed17d7752a2a
Signed-off-by: Florin Coras <fcoras@cisco.com>
|
|
Change-Id: I7e5545297ab9f2db8d7d07e44c744bdb0a0874a7
Signed-off-by: Florin Coras <fcoras@cisco.com>
|
|
- make allow action explicit (-3)
- add session lookup is_filtered return flag that is set if lookup hit a
deny filter
- change tcp logic to drop filtered packets when punting is enabled
Change-Id: Ic38f294424663a4e108439b7571511f46f8e0be1
Signed-off-by: Florin Coras <fcoras@cisco.com>
|
|
Change-Id: I9b0a4676d088bc7587d12023fc3a3ea53aeaba20
Signed-off-by: Florin Coras <fcoras@cisco.com>
|
|
Change-Id: I188e0471636683345bd9daa779c3680a616c2244
Signed-off-by: Florin Coras <fcoras@cisco.com>
|
|
Change-Id: Ie42fd77e75e86a45cfe5951768c4638f27fdc3aa
Signed-off-by: Florin Coras <fcoras@cisco.com>
|
|
This introduces 5-tuple lookup tables that may be used to implement
custom session layer actions at connection establishment time (session
layer perspective).
The rules table build mask-match-action lookup trees that for a given
5-tuple key return the action for the first longest match. If rules
overlap, ordering is established by tuple longest match with the
following descending priority: remote ip, local ip, remote port, local
port.
At this time, the only match action supported is to forward packets to
the application identified by the action.
Change-Id: Icbade6fac720fa3979820d50cd7d6137f8b635c3
Signed-off-by: Florin Coras <fcoras@cisco.com>
|
|
Change-Id: I39d634b7691a524e5221c28997a737102298c281
Signed-off-by: Florin Coras <fcoras@cisco.com>
|
|
Change-Id: I04f1b63e66260d99c0dd180b0295a55a9b750df7
Signed-off-by: Dave Wallace <dwallacelf@gmail.com>
|
|
Applications are now provided the option to select the namespace they
are to be attached to and the scope of their attachement. Application
namespaces are meant to:
1) constrain the scope of communication through the network by
association with source interfaces and/or fib tables that provide the
source ips to be used and limit the scope of routing
2) provide a namespace local scope to session layer communication, as
opposed to the global scope provided by 1). That is, sessions can be
established without assistance from transport and network layers.
Albeit, zero/local-host ip addresses must still be provided in session
establishment messages due to existing application idiosyncrasies. This
mode of communication uses shared-memory fifos (cut-through sessions)
exclusively.
If applications request no namespace, they are assigned to the default
one, which at its turn uses the default fib. Applications can request
access to both local and global scopes for a namespace. If no scope is
specified, session layer defaults to the global one.
When a sw_if_index is provided for a namespace, zero-ip (INADDR_ANY)
binds are converted to binds to the requested interface.
Change-Id: Ia0f660bbf7eec7f89673f75b4821fc7c3d58e3d1
Signed-off-by: Florin Coras <fcoras@cisco.com>
|