Age | Commit message (Collapse) | Author | Files | Lines |
|
Change-Id: If56c66dd12eded1cc997087de5fd1b975766c4e2
Signed-off-by: Damjan Marion <damarion@cisco.com>
|
|
Change-Id: Id89e23fb5d275572b2356c073dfa0f55719e1a76
Signed-off-by: Filip Tehlar <ftehlar@cisco.com>
|
|
Change-Id: Ic2447313075cd46f265202dffaaac894f48ddf6d
Signed-off-by: Eyal Bari <ebari@cisco.com>
|
|
Change-Id: Ib1e301d62b687d4e42434239e7cd412065c28da0
Signed-off-by: Klement Sekera <ksekera@cisco.com>
|
|
Change-Id: I97681322fa9ca81736100b4d32eab84868886c7b
Signed-off-by: Florin Coras <fcoras@cisco.com>
|
|
Change-Id: I063d85200d12b09545ae1c373c7fc69112ae3b34
Signed-off-by: Neale Ranns <nranns@cisco.com>
|
|
the path-extension vector
Change-Id: I8bd8f6917ace089edb1f65bd017b478ee198c03f
Signed-off-by: Neale Ranns <nranns@cisco.com>
|
|
Change-Id: I6aac48d780fcd935818221044eae50067f225175
Signed-off-by: Dave Barach <dave@barachs.net>
|
|
Change-Id: I35ad6a42093cad0945df1df09a39c63c4560dce6
Signed-off-by: Radu Nicolau <radu.nicolau@intel.com>
|
|
Change-Id: I0ccb337eb0ed50ccc64193533cd816f6e36e6db5
Signed-off-by: Neale Ranns <nranns@cisco.com>
|
|
Add doxygen documentation for dpdk CLI commands.
Outside of adding documentation to the CLI Commands, modified the CLI
code as follows:
* The "set dpdk interface placement" command allows the user to move
interface/queues to a different thread. But there is only a subset of
threads that are valid. Updated the "show dpdk interface placement"
command to display all valid threads, even if all interface/queues
have been moved off. Updated the "show dpdk interface hqos placement"
the same way.
* There is a command to modify the Subport attributes, but no way to
display the changes. Added a "Subport" section to the "show dpdk
interface hqos" command.
* Reworked the "set dpdk interface hqos subport" command.
- The current implementation had a local rte_sched_subport_params
structure and initialized it to default values, then overwrote with
what was input. The side effect of this is that if all the current
data is non-default, and a new command is entered with just one
attribute, all the remaining attrbutes are getting set back to
default under the cover. Very confusing for the user. Updated the
code to read the current value and overwrite what has changed.
- DPDK does not have a read subport data, so no way query the current
applied values. The set command was not updating the local copy that
is created at init. Modified the code to store the updated values if
the DPDK apply function was successful.
- Several functions repeated the same code to get a pointer to the
local HQoS data. Added a utility function.get_hqos(..), to perform
this action. Did not port other code to use new function.
* The "set dpdk interface hqos pktfield" allows the user to set the
packet fields required for classifiying the incoming packet. The
classification is across three fields (subport, pipe, tc). The command
was using 0,1,2 to represent these three fields, but had no
explanation regarding these magic numbers. Updated the command to take
the three tokens (subport, pipe, tc) for more clarity. For legacy
sake, still allow 0,1,2 to be entered. Also updated the "show dpdk
interface hqos" command to show these tokens.
* The "set dpdk interface hqos tctbl" maps an interface and value 0-63
to a traffic class and queue. The "show dpdk interface hqos" command
showed the internal DPDK magic number for traffic class and queue.
Updated the show command to display what was input instead of the
magic number.
* The "show dpdk hqos queue" command always returns zeros by default
because RTE_SCHED_COLLECT_STATS is not defined in DPDK. Took me a
while to figure out why I wasn't getting values returned. So returned
an error message if RTE_SCHED_COLLECT_STATS is not defined instead of
zeros.
Change-Id: I22b640d668245839ee977ef3602175c61d91d24c
Signed-off-by: Billy McFall <bmcfall@redhat.com>
|
|
Change-Id: I103fe19a1ecbaf3746ec6b957fa1010458cc9fae
Signed-off-by: Dave Barach <dave@barachs.net>
|
|
Change-Id: Icd0dba04d8929456228136d1f25c459bffcc6a7a
Signed-off-by: Filip Tehlar <ftehlar@cisco.com>
|
|
In the CLI parsing, below is a common pattern:
/* Get a line of input. */
if (!unformat_user (input, unformat_line_input, line_input))
return 0;
while (unformat_check_input (line_input) != UNFORMAT_END_OF_INPUT)
{
if (unformat (line_input, "x"))
x = 1;
:
else
return clib_error_return (0, "unknown input `%U'",
format_unformat_error, line_input);
}
unformat_free (line_input);
The 'else' returns if an unknown string is encountered. There a memory
leak because the 'unformat_free(line_input)' is not called. There is a
large number of instances of this pattern.
Replaced the previous pattern with:
/* Get a line of input. */
if (!unformat_user (input, unformat_line_input, line_input))
return 0;
while (unformat_check_input (line_input) != UNFORMAT_END_OF_INPUT)
{
if (unformat (line_input, "x"))
x = 1;
:
else
{
error = clib_error_return (0, "unknown input `%U'",
format_unformat_error, line_input);
goto done:
}
}
/* ...Remaining code... */
done:
unformat_free (line_input);
return error;
}
In multiple files, 'unformat_free (line_input);' was never called, so
there was a memory leak whether an invalid string was entered or not.
Also, there were multiple instance where:
error = clib_error_return (0, "unknown input `%U'",
format_unformat_error, line_input);
used 'input' as the last parameter instead of 'line_input'. The result
is that output did not contain the substring in error, instead just an
empty string. Fixed all of those as well.
There are a lot of file, and very mind numbing work, so tried to keep
it to a pattern to avoid mistakes.
Change-Id: I8902f0c32a47dd7fb3bb3471a89818571702f1d2
Signed-off-by: Billy McFall <bmcfall@redhat.com>
Signed-off-by: Dave Barach <dave@barachs.net>
|
|
The DHCP proxy and VSS information maintained by VPP is the same for v4 and v6, so we can manage this state using the same code.
Packet handling is cleary different, so this is kept separate.
Change-Id: I10f10cc1f7f19debcd4c4b099c6de64e56bb0c69
Signed-off-by: Neale Ranns <nranns@cisco.com>
|
|
Change-Id: I6b5984df176688f0722a2888e73f05d8ed8b9310
Signed-off-by: Filip Tehlar <ftehlar@cisco.com>
|
|
DHCP additions:
1) DHCPv4 will only relay a message back to the client, if the Option82 information is present. So make this the default.
2) It is no longer possible to select via the API to "insert circuit ID" - since this is now default
3) Remove the version 2 API since it's now the same as version 1.
4) Adding the VSS option is now conditional only on the presence of VSS config (not the 'insert' option in the set API)
5) DHCP proxy dump via API
Change-Id: Ia7271ba8c1d4dbf34a02c401d268ccfbb1b74f17
Signed-off-by: Neale Ranns <nranns@cisco.com>
|
|
Change-Id: I133c55bce46d40ffddabbbf8626cbd3d072522d4
Signed-off-by: Filip Tehlar <ftehlar@cisco.com>
|
|
Extended sw_interface_dump to provide 802.1ah (pbb) tag rewrite info if
present.
Extended log "l2-output" to provide raw data to display result of
prospetive pbb tag rewrite. Tracing is moved after l2output_vtr to show
these changes.
Change-Id: I8b7cb865dc67ce21afab402cc086dac35f7c0f07
Signed-off-by: Pavel Kotucek <pkotucek@cisco.com>
|
|
the lock count on the entry did not drop to zero
Change-Id: I6e2dff8c3c7976fd1c2e4c5258f5dc73123aa9b7
Signed-off-by: Neale Ranns <nranns@cisco.com>
|
|
Change-Id: Iecba818ccf74a4d34e35d498e6f6a1d3c62419f4
Signed-off-by: Filip Tehlar <ftehlar@cisco.com>
|
|
Change-Id: Id17060fd0e8ac80c8cf1999b0b82d0241b3b969a
Signed-off-by: Neale Ranns <nranns@cisco.com>
|
|
Add IP[46] MFIB dump.
Change-Id: I4a2821f65e67a5416b291e4912c84f64989883b8
Signed-off-by: Neale Ranns <nranns@cisco.com>
|
|
Change-Id: I5e0057b36bc4221e688a27fc1c0f602f78132991
Signed-off-by: Neale Ranns <nranns@cisco.com>
|
|
Change-Id: I7d8889dce8495607106593ad83320c9af0f2fa07
Signed-off-by: Klement Sekera <ksekera@cisco.com>
|
|
- IKE_SA_INIT and IKE_AUTH initial exchanges
- Delete IKA SA
- Rekey and delete Child SA
- Child SAs lifetime policy
To set up one VPP instance as the initiator use the following CLI commands (or API equivalents):
ikev2 profile set <id> responder <interface> <addr>
ikev2 profile set <id> ike-crypto-alg <crypto alg> <key size> ike-integ-alg <integ alg> ike-dh <dh type>
ikev2 profile set <id> esp-crypto-alg <crypto alg> <key size> esp-integ-alg <integ alg> esp-dh <dh type>
ikev2 profile set <id> sa-lifetime <seconds> <jitter> <handover> <max bytes>
and finally
ikev2 initiate sa-init <profile id> to initiate the IKE_SA_INIT exchange
Child SA re-keying process:
1. Child SA expires
2. A new Child SA is created using the Child SA rekey exchange
3. For a set time both SAs are alive
4. After the set time interval expires old SA is deleted
Any additional settings will not be carried over (i.e. settings of the ipsec<x> interface associated with the Child SA)
CLI API additions:
ikev2 profile set <id> responder <interface> <addr>
ikev2 profile set <id> ike-crypto-alg <crypto alg> <key size> ike-integ-alg <integ alg> ike-dh <dh type>
ikev2 profile set <id> esp-crypto-alg <crypto alg> <key size> esp-integ-alg <integ alg> esp-dh <dh type>
ikev2 profile set <id> sa-lifetime <seconds> <jitter> <handover> <max bytes>
ikev2 initiate sa-init <profile id>
ikev2 initiate del-child-sa <child sa ispi>
ikev2 initiate del-sa <sa ispi>
ikev2 initiate rekey-child-sa <profile id> <child sa ispi>
Sample configurations:
Responder:
ikev2 profile add pr1
ikev2 profile set pr1 auth shared-key-mic string Vpp123
ikev2 profile set pr1 id local fqdn vpp.home.responder
ikev2 profile set pr1 id remote fqdn vpp.home.initiator
ikev2 profile set pr1 traffic-selector remote ip-range 192.168.125.0 - 192.168.125.255 port-range 0 - 65535 protocol 0
ikev2 profile set pr1 traffic-selector local ip-range 192.168.124.0 - 192.168.124.255 port-range 0 - 65535 protocol 0
Initiator:
ikev2 profile add pr1
ikev2 profile set pr1 auth shared-key-mic string Vpp123
ikev2 profile set pr1 id local fqdn vpp.home.initiator
ikev2 profile set pr1 id remote fqdn vpp.home.responder
ikev2 profile set pr1 traffic-selector local ip-range 192.168.125.0 - 192.168.125.255 port-range 0 - 65535 protocol 0
ikev2 profile set pr1 traffic-selector remote ip-range 192.168.124.0 - 192.168.124.255 port-range 0 - 65535 protocol 0
ikev2 profile set pr1 responder TenGigabitEthernet3/0/1 192.168.40.20
ikev2 profile set pr1 ike-crypto-alg aes-cbc 192 ike-integ-alg sha1-96 ike-dh modp-2048
ikev2 profile set pr1 esp-crypto-alg aes-cbc 192 esp-integ-alg sha1-96 esp-dh ecp-256
ikev2 profile set pr1 sa-lifetime 3600 10 5 0
Change-Id: I1db9084dc787129ea61298223fb7585a6f7eaf9e
Signed-off-by: Radu Nicolau <radu.nicolau@intel.com>
|
|
fixes a problem that occurs with cryptodev ipv6 input.
Change-Id: I1f0c0db45b2aabc243dd785c8d5d5ef990cac903
Signed-off-by: Radu Nicolau <radu.nicolau@intel.com>
|
|
Change-Id: Ib0c8572773499d8dd4d81b3a565c24412ccc3510
Signed-off-by: Dave Barach <dave@barachs.net>
|
|
Change-Id: I19ec3b769b6512f7408044751393d9faf10d01d5
Signed-off-by: Damjan Marion <damarion@cisco.com>
|
|
Also adds missing gpe nsh address type functions.
Change-Id: I3353a23c0518da9ce3b221ddf8c5bd0364930154
Signed-off-by: Florin Coras <fcoras@cisco.com>
|
|
Change-Id: I3925d2ebb2d26c676fc61f118d25bdf7fd522f26
Signed-off-by: Florin Coras <fcoras@cisco.com>
|
|
RADV Pool index was not getting updated
Change-Id: I2d2f14c56f51034d39049d1c7e13c248180a865f
Signed-off-by: Wojciech Dec <wdec@cisco.com>
|
|
* use RLOC for IP version detection
* don't check whether RLOC is local when deleting
Change-Id: Icdb84025dd5511eb5348b654bf7b373def15406c
Signed-off-by: Filip Tehlar <ftehlar@cisco.com>
|
|
Change-Id: Ic674cc953b45ddd4811e07821e1a0af28b5f6214
Signed-off-by: Filip Tehlar <ftehlar@cisco.com>
|
|
Change-Id: I772b63ac25ebfccaff9ab9d8d0b1445e85f21df7
Signed-off-by: Klement Sekera <ksekera@cisco.com>
|
|
Change-Id: Ic814b805ef77913ffe86f82c009602c75258acfb
Signed-off-by: Juraj Sloboda <jsloboda@cisco.com>
|
|
Add doxygen documentation for pcap tx trace CLI command.
In the process of adding the documentation, made the following changes
to the way the command worked:
* If there is an error with any of the attributes, the whole command
fails. The existing behavior was to apply attribute by attribute,
then bail if there was an issue, with partial apply.
* Move the 'on' processing to the end. The existing behavior was to
process the 'on' as it was encountered on the commandline. That meant
that any attributes after the 'on' in the commandline were saved and
displayed, but not really being used in the packet trace.
* Enhanced the 'status' to show all the configured attributes.
NOTE: The packet capture has some weird behavior with regards to how
many packets are written to file and if the file is appended or
overwritten. VPP-634 written to document the issue.
Change-Id: Iab241228b125385052de242865afd9515fa2524f
Signed-off-by: Billy McFall <bmcfall@redhat.com>
|
|
Change-Id: I5063d31f5305c848043afb32fcacff6e61aed79f
Signed-off-by: Klement Sekera <ksekera@cisco.com>
|
|
Change-Id: Id294dbbd6499ae8221cc8143e1027adc08866ae6
Signed-off-by: Klement Sekera <ksekera@cisco.com>
|
|
Change-Id: I0963760a7da95612d5cab19596919b369a4d0f8e
Signed-off-by: Shwetha Bhandari <shwethab@cisco.com>
|
|
Change-Id: I5b308eb39ae770d58d1498d7fafa49b236b3f534
Signed-off-by: Marek Gradzki <mgradzki@cisco.com>
|
|
This happens only on when compiled for older microarchitectures,
where BSF insutruction is used instead of TZCNT. BSF provides
undefined result if operand is 0.
Change-Id: I7a13350786a533428168595097ef01a560fde53b
Signed-off-by: Damjan Marion <damarion@cisco.com>
|
|
File vnet/fib/fib_urpf_list.h was included in vnet/fib/ip6_fib.h but was
exported to be installed in /usr/include/vnet. So out-of-tree builds
relying on an installed package was failing.
Fix is to inlcude fib_urpf_list.h in source file rather than including
it in header file.
Change-Id: Iae39c1d9417dbd31ee67fa1bd2d1915d5e813c73
Signed-off-by: AkshayaNadahalli <anadahal@cisco.com>
|
|
When handling the IP_DETAILS and IP_ADDRESS_DETAILS replies,
it is almost certainly going to require having both the is_ipv6
and sw_if_index context to handle them properly. Placing these
values in an essentially global location as the current VAT does
isn't thread-safe. Fruthermore, rather than forcing every
API user to hoop-jump to establish these context values, simply
provide them in their DETAILS reply messages.
Change-Id: I6a9e0cb16ecdbf87fca8fc5c7663e98d3a53c26c
Signed-off-by: Jon Loeliger <jdl@netgate.com>
|
|
Change-Id: I97fedb0f70dd18ed9bbe985407cc5fe714e8a2e2
Signed-off-by: Florin Coras <fcoras@cisco.com>
|
|
Refer to jira ticket for more details.
Change-Id: I6facb9ef8553a21464f9a2e612706f152badbb68
Signed-off-by: AkshayaNadahalli <anadahal@cisco.com>
|
|
Change-Id: Ie490b7fd5238cbad23f0199161cc14324fd9c554
Signed-off-by: Neale Ranns <nranns@cisco.com>
|
|
Change-Id: I1c93f96a752eb2ffd1117a656552131cde1fa489
Signed-off-by: Klement Sekera <ksekera@cisco.com>
|
|
Change-Id: I666e5c0cc71a3693640960c93cdd1907f84fbe23
Signed-off-by: Klement Sekera <ksekera@cisco.com>
|
|
Currently ip6 local check fails with error - source lookup miss if
route to source of packet is over a dpo object such as load balance -
recurssive route, tunnel adj - GRE, SR etc.
So unless packet source is of a directly connected neibhor or has
route with both interface and nexthop specified, it will be dropped.
Fix is to check urpf list and if at least one link exists in the list,
then allow packets to be processed, else drop.
Change-Id: Id426311bb63bab506754a79409c602fdb6d0f190
Signed-off-by: AkshayaNadahalli <anadahal@cisco.com>
|