Age | Commit message (Collapse) | Author | Files | Lines |
|
- make allow action explicit (-3)
- add session lookup is_filtered return flag that is set if lookup hit a
deny filter
- change tcp logic to drop filtered packets when punting is enabled
Change-Id: Ic38f294424663a4e108439b7571511f46f8e0be1
Signed-off-by: Florin Coras <fcoras@cisco.com>
|
|
This moves session proxy logic from session rules tables to table/logic
used to manage session listeners in order to avoid overlap of
semantically different rules.
Change-Id: I463522cce91b92d942f6a2086fb14c3366b9f023
Signed-off-by: Florin Coras <fcoras@cisco.com>
|
|
Change-Id: I5217364220023df34d5bee071cb750df1661b093
Signed-off-by: Florin Coras <fcoras@cisco.com>
|
|
Change-Id: Ie747b490901254e962cf61814491851b891129ee
Signed-off-by: Florin Coras <fcoras@cisco.com>
|
|
Change-Id: Id5ebb410f509ac4c83d60e48efd54e00035e5ce6
Signed-off-by: Florin Coras <fcoras@cisco.com>
|
|
Change-Id: Ie42fd77e75e86a45cfe5951768c4638f27fdc3aa
Signed-off-by: Florin Coras <fcoras@cisco.com>
|
|
Change-Id: Ided2980373ed5329c68f958f61be893428bccd31
Signed-off-by: Florin Coras <fcoras@cisco.com>
|
|
To enable this, applications set the proxy flag in their attach requests
and pass the transport protocols they want to act as proxies for as part
of the attach options.
When proxy is enabled, session rules that point incoming packets to the
proxy app are addedd to the local and global session tables, if these
scopes are accessible to the app. In particular, in case of the former,
the rule accepts packets from all sources and all ports destined to the
namespace's supporting interface address on any port. While in case of
the latter, a generic any destination and any port rule is addedd.
Change-Id: I791f8c1cc083350f02e26a2ac3bdbbfbfa19ece3
Signed-off-by: Florin Coras <fcoras@cisco.com>
|
|
This introduces 5-tuple lookup tables that may be used to implement
custom session layer actions at connection establishment time (session
layer perspective).
The rules table build mask-match-action lookup trees that for a given
5-tuple key return the action for the first longest match. If rules
overlap, ordering is established by tuple longest match with the
following descending priority: remote ip, local ip, remote port, local
port.
At this time, the only match action supported is to forward packets to
the application identified by the action.
Change-Id: Icbade6fac720fa3979820d50cd7d6137f8b635c3
Signed-off-by: Florin Coras <fcoras@cisco.com>
|
|
Change-Id: I44d5c9df7c49b8d4d5677c6d319033b2da3e6b80
Signed-off-by: Florin Coras <fcoras@cisco.com>
|
|
Applications are now provided the option to select the namespace they
are to be attached to and the scope of their attachement. Application
namespaces are meant to:
1) constrain the scope of communication through the network by
association with source interfaces and/or fib tables that provide the
source ips to be used and limit the scope of routing
2) provide a namespace local scope to session layer communication, as
opposed to the global scope provided by 1). That is, sessions can be
established without assistance from transport and network layers.
Albeit, zero/local-host ip addresses must still be provided in session
establishment messages due to existing application idiosyncrasies. This
mode of communication uses shared-memory fifos (cut-through sessions)
exclusively.
If applications request no namespace, they are assigned to the default
one, which at its turn uses the default fib. Applications can request
access to both local and global scopes for a namespace. If no scope is
specified, session layer defaults to the global one.
When a sw_if_index is provided for a namespace, zero-ip (INADDR_ANY)
binds are converted to binds to the requested interface.
Change-Id: Ia0f660bbf7eec7f89673f75b4821fc7c3d58e3d1
Signed-off-by: Florin Coras <fcoras@cisco.com>
|
|
177117: fstat() returns -1 on error; the code is
checking for any positive value instead
175142: final return could never be reached; simple
refactoring
175235,175236: Warning suppressed with an explicit
cast to (void)
174817: Final return couldn't be reached; is
is_in_order is 0 then 'rv' is already returned
above
172095,172093: If is_is_set does not get set to 1,
then return 0 has already been invoked
174405: Re-kill this (nothing sets rv)
171136: Looks like a cmd line flag to set test_bytes
was missing; added it, and refactored the
argc/argv processing to avoid two other
potential segv's
176813: Add range checking for term width/height.
First stab at a reasonable range is 1-512
for both.
175350: Fix implicit casting in shift operation
174272: Not a c+p error; try using a coverity
annotation to ignore it
174273,175320: Annotated FORWARD_NULL
Change-Id: I58d0f860fc2209f59f8d1b6b344d631b8d429ace
Signed-off-by: Chris Luke <chrisy@flirble.org>
|
|
Change-Id: Ia6dd5e948b17b2f3866fe70838eabb09e35415e1
Signed-off-by: Dave Barach <dbarach@cisco.com>
Signed-off-by: Florin Coras <fcoras@cisco.com>
|
|
- Make tcp output buffer allocation macro an inline function
- Use per ip version per thread tx frames for retransmits and timer
events
- Fix / parameterize tcp data structure preallocation
- Add a couple of gdb-callable show commands
- Fix local endpoint cleanup
Change-Id: I67b47b7570aa14cb4634b6fd93c57cd2eacbfa29
Signed-off-by: Florin Coras <fcoras@cisco.com>
Signed-off-by: Dave Barach <dave@barachs.net>
|
|
- Cleanup half-open connections and timers on the right thread
- Ensure half-open connection and transport endpoint pools are thread safe
- Enqueue TX events to the correct vpp thread in the builtin client
- Use transport proto in transport connections instead of session type
Change-Id: Id13239a206afbff6f34a38afa510fe014e4b2049
Signed-off-by: Florin Coras <fcoras@cisco.com>
Signed-off-by: Dave Barach <dave@barachs.net>
|
|
Change-Id: Ica99e8cb919fca6b069c37c969d60e8ccc2c6bf9
Signed-off-by: Florin Coras <fcoras@cisco.com>
|