Age | Commit message (Collapse) | Author | Files | Lines |
|
- make allow action explicit (-3)
- add session lookup is_filtered return flag that is set if lookup hit a
deny filter
- change tcp logic to drop filtered packets when punting is enabled
Change-Id: Ic38f294424663a4e108439b7571511f46f8e0be1
Signed-off-by: Florin Coras <fcoras@cisco.com>
|
|
Change-Id: Ie7b795715530e0920763098eb468c55fb17b1a2c
Signed-off-by: Florin Coras <fcoras@cisco.com>
|
|
Change-Id: I5e36ea9335a9a633a112c27396997a765f279e06
Signed-off-by: Florin Coras <fcoras@cisco.com>
|
|
There's nothing ip6-sr specific about it.
Change-Id: I9e3710162bd81b535c46599c988557abf5a5003b
Signed-off-by: Dave Barach <dave@barachs.net>
|
|
Change-Id: I32de25890ac0a643314f650591d2479879d9a2a6
Signed-off-by: Neale Ranns <nranns@cisco.com>
|
|
Change-Id: I86b2e2c5a655e53a915fbf62ff04ee23c86de234
Signed-off-by: Florin Coras <fcoras@cisco.com>
|
|
Change-Id: I4e420bcc9241b03e179a939911059c0cc3704a51
Signed-off-by: Florin Coras <fcoras@cisco.com>
|
|
Change-Id: I153b07b4348133535b16b6bf55527d19a6b927c6
Signed-off-by: Dave Barach <dave@barachs.net>
|
|
Enhence support of DHCP VSS (Virtual Subnet Selection) to include
VSS type 0 where VSS info is a NVT (Network Virtual Terminal)
ASCII VPN ID where the ASCII string MUST NOT be terminated with a
zero byte. Existing code already support VSS type 1, where VSS
information is a RFC 2685 VPN-ID of 7 bytes with 3 bytes OUI
and 4 bytes VPN index, and VSS type 255 indicating global VPN.
Change-Id: I54edbc447c89a2aacd1cc9fc72bd5ba386037608
Signed-off-by: John Lo <loj@cisco.com>
|
|
Change-Id: I657bade082f9f754b294cd5f23ecfad4f0f46265
Signed-off-by: Neale Ranns <nranns@cisco.com>
|
|
Change-Id: Iaad22f25993783be57247aa1f050740f96d2566a
Signed-off-by: Dave Barach <dave@barachs.net>
|
|
This reverts commit fa600c9169c0d7104af7a9be12a0471a8a8c8262.
Change-Id: I873b53b2c025d7aba2211cab9b3e2d780af33b32
Signed-off-by: Jakub Grajciar <Jakub.Grajciar@pantheon.tech>
|
|
Change-Id: Idc7e7c35f17d514589d1264f1d1be664192ee586
Signed-off-by: Neale Ranns <neale.ranns@cisco.com>
|
|
Change-Id: Ibc5528bea564f6c2b0ff34220405395bc78274fc
Signed-off-by: Gabriel Ganne <gabriel.ganne@enea.com>
|
|
Need to be NULL-terminated.
Fix declarations of:
- bier_disp_table_bier_nodes
- bier_table_mpls_nodes
- bier_fmask_mpls_nodes
This was crashing during make test on aarch64 platform:
During the API call to bier_table_add_del, the crash happens during
dpo_default_get_next_node().
Change-Id: I16207ba38fc9ab65bad787878c4608740c312257
Signed-off-by: Gabriel Ganne <gabriel.ganne@enea.com>
|
|
Change-Id: Ice61d4c6c281aa8c4e89447208e0ad047bcce639
Signed-off-by: Florin Coras <fcoras@cisco.com>
|
|
Change-Id: Ie07b71977c46d2f1e030799a08cc5af0fdc397aa
Signed-off-by: Jakub Grajciar <Jakub.Grajciar@pantheon.tech>
|
|
Change-Id: I42ee5898e1f775692811eebab11bcfe458f1ec63
Signed-off-by: Jakub Grajciar <Jakub.Grajciar@pantheon.tech>
|
|
When BUM packets are flooded in the l2 domain, some data should be
kept and restored for recycling in the replication routine.
If l2 bridge domain has multiple interfaces mixed with normal and
vlan tagged, the vlan tag value of the vnet buffer can be changed
while flooding the replicated packets. The change is made to store
and restore the original vlan tag in the replication logic.
Change-Id: I399cf54cd2e74cb44a2be42241bdc4fba85032c5
Signed-off-by: Steve Shin <jonshin@cisco.com>
|
|
Change-Id: I40f80110f5224b676d60252f9721fd1bc8a10b58
Signed-off-by: Dave Wallace <dwallacelf@gmail.com>
|
|
Added two new errors:
ACL_IN_USE_INBOUND
ACL_IN_USE_OUTBOUND
Update ACL tests to expect new, precise return values.
Change-Id: I644861a18aa5b70cce5f451dd6655641160c7697
Signed-off-by: Jon Loeliger <jdl@netgate.com>
|
|
Change-Id: I8c42e26152f2ed1246f91b789887bfc923418bdf
Signed-off-by: Neale Ranns <nranns@cisco.com>
|
|
- makes the VAPI generated file more consumable.
- VOM build times improve.
Change-Id: I838488930bd23a0d3818adfdffdbca3eead382df
Signed-off-by: Neale Ranns <neale.ranns@cisco.com>
|
|
Add a way to toggle on and off a warning for a specific section of code.
This supports clang and gcc, and has no effect for any other compilers.
This follows commit bfc29ba442dbb65599f29fe5aa44c6219ed0d3a8 and
provides a generic way to handle warnings in such corner cases.
To disable a warning enabled by "-Wsome-warning" for a specific code:
WARN_OFF(some-warning) // disable compiler warning
; /* some code */
WARN_ON(some-warning) // enable the warning again
Change-Id: I0101caa0aa775e2b905c7b3b5fef3bbdce281673
Signed-off-by: Gabriel Ganne <gabriel.ganne@enea.com>
|
|
For ARP/ICMPv6 packets received from a BVI in a BD, allow flood
to all remote VTEPs via VXLAN tunnels irrespective of SHG check
for ARP request or ICMPv6 neighbor solicitation packets only.
All other packets types will flood normally as per SHG check.
Change-Id: I17b1cef9015e363fb684c2b6506ed6c4efe70bba
Signed-off-by: John Lo <loj@cisco.com>
(cherry picked from commit 5b99133cff1ff0eb9043dd8bd3648b0b3aafa47e)
|
|
This allows to use the classifier to steer source routing packets instead
of using the "sr steer" command.
This way we can steer on anything instead of only the dst ip address.
test:
* add add_node_next function to the VppPapiProvider class.
* add simple test scenario using the classifier to steer packets with
dest ip addr == a7::/8 to the source routing insert node.
* use new interface indexes (3,4) instead of (0,1) to prevent a cleanup
conflict with the other tests which attach a specific fib to the
interface.
The test creates interfaces sepsrated from the other tests to prevent a
conflict in the cleaning of the ip6 fib index 1 which causes vpp not to
be able to find a default route on this table.
Change-Id: Ibacb30fab3ce53f0dfe848ca6a8cdf0d111d8336
Signed-off-by: Gabriel Ganne <gabriel.ganne@enea.com>
|
|
This patch addresses all the code changes required to VPP to support
openssl 1.1.0 API.
All the changes have been done so that VPP can still be built against
current openssl API whilst forward-looking to version 1.1.0.
Change-Id: I65e22c53c5decde7a15c7eb78a62951ee246b8dc
Signed-off-by: Marco Varlese <marco.varlese@suse.com>
|
|
When IPsec tunnel interface has the inbound SA updated,
the key used to find the right interface for inbound
packets was being generated using the destination
address instead of the source.
Change-Id: Id5a6fb1511637c912b329aad65188789646a5889
Signed-off-by: Matthew Smith <mgsmith@netgate.com>
|
|
Change-Id: I86bfe4e8b0a899cc54c9b37eeb5eec701d0baf3d
Signed-off-by: Florin Coras <fcoras@cisco.com>
|
|
When a DUMP with sw_if_index == ~0 is used to get all Neighbor
entries for all interfaces, it is unclear in the details to
which interface the neighbor belongs.
Clear that up by returning the associated sw_if_index as well.
Change-Id: Ib584a57138f7faceffed64d7c1854f7af92e0e42
Signed-off-by: Jon Loeliger <jdl@netgate.com>
|
|
This moves session proxy logic from session rules tables to table/logic
used to manage session listeners in order to avoid overlap of
semantically different rules.
Change-Id: I463522cce91b92d942f6a2086fb14c3366b9f023
Signed-off-by: Florin Coras <fcoras@cisco.com>
|
|
Change-Id: I0ba698da9739c11de3a368fe4cf3617167a8d854
Signed-off-by: Neale Ranns <nranns@cisco.com>
|
|
Change-Id: I280fea2610dcfc0b2da84973b9f567daec42f1f6
Signed-off-by: Florin Coras <fcoras@cisco.com>
|
|
Change-Id: I69998aa4eb587d80fc61d14bb28a9318a318f9ec
Signed-off-by: Florin Coras <fcoras@cisco.com>
|
|
Change-Id: Iff1a665b6cf9ca2def0fcdacf02d7f8c579c0f4e
Signed-off-by: Florin Coras <fcoras@cisco.com>
|
|
- see draft-ietf-bier-mpls-encapsulation-10
- midpoint, head and tail functions
- supported payload protocols; IPv4 and IPv6 only.
Change-Id: I59d7363bb6fdfdce8e4016a68a9c8f5a5e5791cb
Signed-off-by: Neale Ranns <nranns@cisco.com>
|
|
Change-Id: I5217364220023df34d5bee071cb750df1661b093
Signed-off-by: Florin Coras <fcoras@cisco.com>
|
|
Change-Id: I9b0a4676d088bc7587d12023fc3a3ea53aeaba20
Signed-off-by: Florin Coras <fcoras@cisco.com>
|
|
Change-Id: Ia8941b7b90f14dd688aca215b2dae1cc5c8f4472
Signed-off-by: Klement Sekera <ksekera@cisco.com>
|
|
Change-Id: I188e0471636683345bd9daa779c3680a616c2244
Signed-off-by: Florin Coras <fcoras@cisco.com>
|
|
Change-Id: I28c8abe49c9858966a66530d3dc41c074c6901f3
Signed-off-by: Matus Fabian <matfabia@cisco.com>
|
|
http_server_rx_callback must return -1,
if session_rx_request fails.
Change-Id: I08e48ea7560dee301958e0babe023bb739b9342c
Signed-off-by: JingLiuZTE <liu.jing5@zte.com.cn>
|
|
This change makes sure ARP/ICMPv6 brodcast packets received from
the BVI of a BD can be flooded to all remote VTEPs via its VXLAN
tunnels irrespective of SHG setting. Similar processing was done
for unicast packets already and needs to be extpanded to ARP and
ICMPv6 broadcast packets.
Change-Id: I26ac43ecdbc81a769f742a583a156506f7e70d49
Signed-off-by: John Lo <loj@cisco.com>
(cherry picked from commit c97b4aca0db8d84b17ceb03a14ab44346a2b3466)
|
|
Change-Id: I5e35921acb65157a3de8ea0c53b3a6fa5cfca044
Signed-off-by: Florin Coras <fcoras@cisco.com>
|
|
Change-Id: I5f92e40d2fe08a05f51622143648433732141cf4
Signed-off-by: Klement Sekera <ksekera@cisco.com>
|
|
Change-Id: Id14826eefe43168747c8ba69b3b600441a7d4047
Signed-off-by: Jakub Grajciar <Jakub.Grajciar@pantheon.tech>
|
|
A UDP-encap object that particiapates in the FIB graph and contributes
DPO to teh output chain. It thereofre resembles a tunnel but without the
interface. FIB paths (and henace routes) can then be created to egress
through the UDP-encap. Said routes can have MPLS labels, hence this also
allows MPLSoUPD.
Encap is uni-directional. For decap, one still registers with the UDP port
dispatcher.
Change-Id: I23bd345523b20789a1de1b02022ea1148ca50797
Signed-off-by: Neale Ranns <nranns@cisco.com>
|
|
Change-Id: Id324a757517f85973097e20e2eb88d64ae0e931b
Signed-off-by: Florin Coras <fcoras@cisco.com>
|
|
Change-Id: Ie747b490901254e962cf61814491851b891129ee
Signed-off-by: Florin Coras <fcoras@cisco.com>
|
|
Change-Id: Iff63238bcf87db3411493e95064c5ad3ed8fd166
Signed-off-by: Gabriel Ganne <gabriel.ganne@enea.com>
|