Age | Commit message (Collapse) | Author | Files | Lines |
|
File vnet/fib/fib_urpf_list.h was included in vnet/fib/ip6_fib.h but was
exported to be installed in /usr/include/vnet. So out-of-tree builds
relying on an installed package was failing.
Fix is to inlcude fib_urpf_list.h in source file rather than including
it in header file.
Change-Id: Iae39c1d9417dbd31ee67fa1bd2d1915d5e813c73
Signed-off-by: AkshayaNadahalli <anadahal@cisco.com>
|
|
When handling the IP_DETAILS and IP_ADDRESS_DETAILS replies,
it is almost certainly going to require having both the is_ipv6
and sw_if_index context to handle them properly. Placing these
values in an essentially global location as the current VAT does
isn't thread-safe. Fruthermore, rather than forcing every
API user to hoop-jump to establish these context values, simply
provide them in their DETAILS reply messages.
Change-Id: I6a9e0cb16ecdbf87fca8fc5c7663e98d3a53c26c
Signed-off-by: Jon Loeliger <jdl@netgate.com>
|
|
Change-Id: I97fedb0f70dd18ed9bbe985407cc5fe714e8a2e2
Signed-off-by: Florin Coras <fcoras@cisco.com>
|
|
Refer to jira ticket for more details.
Change-Id: I6facb9ef8553a21464f9a2e612706f152badbb68
Signed-off-by: AkshayaNadahalli <anadahal@cisco.com>
|
|
Change-Id: Ie490b7fd5238cbad23f0199161cc14324fd9c554
Signed-off-by: Neale Ranns <nranns@cisco.com>
|
|
Change-Id: I1c93f96a752eb2ffd1117a656552131cde1fa489
Signed-off-by: Klement Sekera <ksekera@cisco.com>
|
|
Change-Id: I666e5c0cc71a3693640960c93cdd1907f84fbe23
Signed-off-by: Klement Sekera <ksekera@cisco.com>
|
|
Currently ip6 local check fails with error - source lookup miss if
route to source of packet is over a dpo object such as load balance -
recurssive route, tunnel adj - GRE, SR etc.
So unless packet source is of a directly connected neibhor or has
route with both interface and nexthop specified, it will be dropped.
Fix is to check urpf list and if at least one link exists in the list,
then allow packets to be processed, else drop.
Change-Id: Id426311bb63bab506754a79409c602fdb6d0f190
Signed-off-by: AkshayaNadahalli <anadahal@cisco.com>
|
|
Change-Id: Ifaf46554e45557ebf82009d9c46a9e905a46f884
Signed-off-by: Filip Tehlar <ftehlar@cisco.com>
|
|
Change-Id: I4433eaed3f4e201edc329c4842cbbf74beb19a9a
Signed-off-by: Damjan Marion <damarion@cisco.com>
|
|
Change-Id: I3d8b7947ae6d721e9b514a59a7d2de49aed419b5
Signed-off-by: Damjan Marion <damarion@cisco.com>
|
|
Change-Id: I31730d58c34331f25f5b02cd065be94251f1302c
Signed-off-by: Damjan Marion <damarion@cisco.com>
|
|
Running trex in a VM with a bad config, trex sent a bogus pack from
the VM to the Virtual interface. It caused a crash.
Change-Id: I64d0197b444265553ab4c24f21e6a962e89cb587
Signed-off-by: Steven <sluong@cisco.com>
|
|
Change-Id: Ie39bb26a9aea88cf2768ec537adcdd8df1de3be0
Signed-off-by: Matej Klotton <mklotton@cisco.com>
|
|
Change-Id: I25077dd0739787de4f7512e5a70a62e8c34c28e4
Signed-off-by: Neale Ranns <nranns@cisco.com>
|
|
This patch replaces requirement for vlib_plugin_register function
in the plugin so file and introduces new macro:
VLIB_PLUGIN_REGISTER () = {
.version = "version string",
.version_required = "requred version",
.default_disabled = 1,
.early_init = "early_init_function_name",
};
Plugin will nor be loaded if .default_disabled is set to 1
unless explicitely enabled in startup.conf.
If .verstion_required is set, plugin will not be loaded if there
is version mismatch between plugin and vpp. This can be bypassed
by setting "skip-version-check" for specific plugin.
If .early-init string is present, plugin loader will try to resolve
this specific symbol in the plugin namespace and make a function call.
Following startup.conf configuration is added:
plugins {
path /path/to/plugin/directory
plugin ila_plugin.so { enable skip-version-check }
plugin acl_plugin.so { disable }
}
Change-Id: I706c691dd34d94ffe9e02b59831af8859a95f061
Signed-off-by: Damjan Marion <damarion@cisco.com>
|
|
1 - use the SR policy to construct the replicate DPO. Each bucket therein is a SR tunnel.
2 - install a special mfib entry that links via this replicate
3 - forwarding is now mfib-lookup -> replicate -> sr_rewrite (per-tunnel)
no need for a separate sr_replicate node.
4 - Stack the sr tunnel on the forwarding DPO of the first-hop FIB entry.
no need for a second lookup post SR encap.
5 - fix some path-list lock leaks in the MFIB entry.
Change-Id: I20de96ea4c4be4fae252625bde159d9c435c8315
Signed-off-by: Neale Ranns <nranns@cisco.com>
|
|
Add authentication support to BFD feature. Out of three existing
authentication types, implement SHA1 (sole RFC requirement). Simple
password is insecure and MD5 is discouraged by the RFC, so ignore
those.
Add/change APIs to allow configuring BFD authentication keys
and their usage with BFD sessions.
Change-Id: Ifb0fb5b19c2e72196d84c1cde919bd4c074ea415
Signed-off-by: Klement Sekera <ksekera@cisco.com>
|
|
Avoid coverity warning and improve safety by declaring a helper
structure and working with it when searching for ip headers.
Make sure the content following IPv6 header is actually UDP before
parsing it. Bail out if unexpcted IPv6 header found ...
Change-Id: I1c6b9fd42d6fdae226f12c91c53c07a932b29522
Signed-off-by: Klement Sekera <ksekera@cisco.com>
|
|
Change-Id: I165b64fdc12dd2936df1958348e93b709ce0e784
Signed-off-by: Sergio Gonzalez Monroy <sergio.gonzalez.monroy@intel.com>
|
|
Use FIB_SOURCE_PLUGIN_HI and modify ARP input to use non-source variants for
flags and resolving interface get.
Change-Id: I3bab76f36e0b1ee86e430a416099f1654e02740a
Signed-off-by: Matus Fabian <matfabia@cisco.com>
|
|
Remote mapping and locator set binary APIs uses zero length arrays
defined as 'u8 array[0]' in .api file.
This path will change such cases to form 'type_t array[count];'
in order to enhance maintainability.
Change-Id: I98d0252b441020609c550d48186ed0d8338a3f2d
Signed-off-by: Filip Tehlar <ftehlar@cisco.com>
|
|
fix wrong udp error codes in decap ip6 handling
Change-Id: Ibf791a995128d38b31725c1ee67ec9d1c9dffca2
Signed-off-by: Eyal Bari <ebari@cisco.com>
|
|
Change-Id: I40deb8b40f5d3a96d2c0dcb400f489cd05a64348
Signed-off-by: Klement Sekera <ksekera@cisco.com>
|
|
Change-Id: I9cfff0196845c6f1161848aa49442aa4df81b20e
Signed-off-by: Eyal Bari <ebari@cisco.com>
|
|
expressive (and might appease coverity)
Change-Id: Ie3c9b2896a487a0302903bfbdd6348f6f091c67d
Signed-off-by: Neale Ranns <nranns@cisco.com>
|
|
Add vxlan-bypass feature which can be enabled on the IP6 underlay
interface which receive VXLAN packets to accelerate VXLAN decap
processing. The CLI to enable/disable it is:
set interface ip6 vxlan-bypass <interface> [del]
The vxlan-bypass feature is already supported on the IP4 underlay
interface. The CLI to enable/disable it is:
set interface ip vxlan-bypass <interface> [del]
Move vxlan-bypass API/CLI support code from decap.c to vxlan.c.
Also fixed two issues in the VXLAN decap path in the vxlan-input node:
1. Add verification of VXLAN packet FIB index with the encap-vrf-id
of the VXLAN tunnel.
2. Fix checking of VXLANoIPv6 packet mcast DIP against that of the
IP6 mcast VXLAN tunnel.
Change-Id: I2bad4074a468c48fbb8bb5ac64f6437190756ed2
Signed-off-by: John Lo <loj@cisco.com>
|
|
minus headers.
Before the commit 878c6098 the VLIB_BUFFER_DATA_SIZE was different depending
on whether building "vpp" or "vpp_lite", resulting in an overrun in vpp_lite build.
Avoid the hardcoded value and make the upper bound for ICMP echo data size
dependent on the buffer size.
Change-Id: Id6c4d7fc73766a95af2610eb237881b5fe9ce9aa
Signed-off-by: Andrew Yourtchenko <ayourtch@gmail.com>
|
|
Change-Id: I2330cb7c2ba0f5eaeb4e7a4c3de4f22283d3923d
Signed-off-by: Radu Nicolau <radu.nicolau@intel.com>
|
|
Change-Id: Iaca2ff453872e638ee83b11fc16472e44deb9a7e
Signed-off-by: Florin Coras <fcoras@cisco.com>
|
|
Change-Id: Ie7f51643fd3522a0fa8df8d0309305481c211f5f
Signed-off-by: Filip Tehlar <ftehlar@cisco.com>
|
|
Change-Id: If10b878cb05d695eaed9416202fd19bed2e0b793
Signed-off-by: Neale Ranns <nranns@cisco.com>
|
|
Change-Id: Ia7d8b557bcdf45eb8e33bb3d297bc6f7ad321c72
Signed-off-by: Pavel Kotucek <pkotucek@cisco.com>
|
|
Build Cryptodev IPsec support by default when DPDK is enabled but only build
hardware Cryptodev PMDs.
To enable Cryptodev support, a new startup.conf option for dpdk has been
introduced 'enable-cryptodev'.
During VPP init, if Cryptodev support is not enabled or not enough cryptodev
resources are available then default to OpenSSL ipsec implementation.
Change-Id: I5aa7e0d5c2676bdb41d775ef40364536a081956d
Signed-off-by: Sergio Gonzalez Monroy <sergio.gonzalez.monroy@intel.com>
|
|
Change-Id: I1596d7a130fb6d3b170b8e01f2116b323cc10c0d
Signed-off-by: Pavel Kotucek <pkotucek@cisco.com>
|
|
When mac address is set prior bringing interface up incorrect rx filter
being installed into the e1000 mac.
Change-Id: If59a2bf16f732e45221b3787d271307d369e54d3
Signed-off-by: Pavel Kotucek <pkotucek@cisco.com>
|
|
- IPv[46] mfib tables with support for (*,G/m), (*,G) and (S,G) exact and longest prefix match
- Replication represented via a new replicate DPO.
- RPF configuration and data-plane checking
- data-plane signals sent to listening control planes.
The functions of multicast forwarding entries differ from their unicast conterparts, so we introduce a new mfib_table_t and mfib_entry_t objects. However, we re-use the fib_path_list to resolve and build the entry's output list. the fib_path_list provides the service to construct a replicate DPO for multicast.
'make tests' is added to with two new suites; TEST=mfib, this is invocation of the CLI command 'test mfib' which deals with many path add/remove, flag set/unset scenarios, TEST=ip-mcast, data-plane forwarding tests.
Updated applications to use the new MIFB functions;
- IPv6 NS/RA.
- DHCPv6
unit tests for these are undated accordingly.
Change-Id: I49ec37b01f1b170335a5697541c8fd30e6d3a961
Signed-off-by: Neale Ranns <nranns@cisco.com>
|
|
Change-Id: I693a73ba9a5e3b0cb5d2a6c5d363f671e19c1f24
Signed-off-by: Pavel Kotucek <pkotucek@cisco.com>
|
|
Change-Id: I6aaf9c602cd515ed9d4416d286f9191d048c1a87
Signed-off-by: Neale Ranns <nranns@cisco.com>
|
|
Change-Id: I3829835ed2126e51e96690c907deac623dc77151
Signed-off-by: Pavel Kotucek <pkotucek@cisco.com>
|
|
When enabled, destinations with negative mappings or those not reachable
via underlay have their traffic forwarded to the PETR.
Change-Id: I1056b0959736144f27fcca7b79263f921e7a8bd9
Signed-off-by: Florin Coras <fcoras@cisco.com>
|
|
Change-Id: I953b3888bbc6d8a5f53f684a5edc8742b382f323
Signed-off-by: Neale Ranns <nranns@cisco.com>
|
|
Change-Id: I24355c71606c047e474b2541bb274e3d183fee85
Signed-off-by: Florin Coras <fcoras@cisco.com>
|
|
Change-Id: I99e913b954f8b02f347bfeff093856a1c5e96781
Signed-off-by: Pavel Kotucek <pkotucek@cisco.com>
|
|
span-output (tx) was enabled on wrong arc_name
Change-Id: Ic21dfaec35c975de79abec66421b353637ac9394
Signed-off-by: Pavel Kotucek <pkotucek@cisco.com>
|
|
Change-Id: Ib75197ef8e5057e7f0d9361a10705c3743d05333
Signed-off-by: Pavel Kotucek <pkotucek@cisco.com>
|
|
bi0 retrieval from the ping reply events vector was incorrectly done
always from the first element.
For TBD reason the sending of the ping requests under VMWare was batched,
as a result the replies arrive close enough to make the events arrive as
an array, which exposed this bug. KVM never exhibited this behavior, which
explains not seeing this issue there.
Change-Id: I485d6f983571e25baa9407c21ef604937586d8bd
Signed-off-by: Andrew Yourtchenko <ayourtch@gmail.com>
|
|
Change-Id: Ie6dd9521507cd4731f1bad99c50238310238914f
Signed-off-by: Filip Tehlar <ftehlar@cisco.com>
|
|
Change-Id: I1086debdf90a51205af17c35e93cd9aeff598135
Signed-off-by: Dave Barach <dave@barachs.net>
|
|
and refactored hash table mem keys access
hash_set_key_dup - same as hash_set_mem but duplicates the key
hash_unset_key_free - same as hash_unset_mem but frees the key
Change-Id: I18cdcf7e41c57faa615d6337acaf8d1ad058a4c1
Signed-off-by: Eyal Bari <ebari@cisco.com>
|