| Age | Commit message (Collapse) | Author | Files | Lines |
|---|
|
Currently ip6 local check fails with error - source lookup miss if
route to source of packet is over a dpo object such as load balance -
recurssive route, tunnel adj - GRE, SR etc.
So unless packet source is of a directly connected neibhor or has
route with both interface and nexthop specified, it will be dropped.
Fix is to check urpf list and if at least one link exists in the list,
then allow packets to be processed, else drop.
Change-Id: Id426311bb63bab506754a79409c602fdb6d0f190
Signed-off-by: AkshayaNadahalli <anadahal@cisco.com>
|
|
Change-Id: Iafb071c684a43e21925e3a43019cd86372347898
Signed-off-by: Ole Troan <ot@cisco.com>
|
|
Change-Id: I76593632cde97f7cb80bbc395735404f39f3bd3f
Signed-off-by: Filip Tehlar <ftehlar@cisco.com>
|
|
Change-Id: Ifaf46554e45557ebf82009d9c46a9e905a46f884
Signed-off-by: Filip Tehlar <ftehlar@cisco.com>
|
|
Change-Id: Iefffcf7843dc11803d69a875a72704a2543911a1
Signed-off-by: Dave Barach <dave@barachs.net>
|
|
Change-Id: I4433eaed3f4e201edc329c4842cbbf74beb19a9a
Signed-off-by: Damjan Marion <damarion@cisco.com>
|
|
Change-Id: I7775dd3b90d5a3449650c3102e24bfedd770beb1
Signed-off-by: Matus Fabian <matfabia@cisco.com>
|
|
Change-Id: If26d758997d71792cedad1afae8d6a38cfd364ac
Signed-off-by: Matus Fabian <matfabia@cisco.com>
|
|
found by `scan-build make plugins-release`
Signed-off-by: Gabriel Ganne <gabriel.ganne@enea.com>
Change-Id: I52048e3a8ae3fb85eb3d91f6a5e15216dd7b9baa
|
|
Change-Id: I5499dd6b768425a56936afae50bd578620c83d30
Signed-off-by: Dave Barach <dave@barachs.net>
|
|
Change-Id: I3d8b7947ae6d721e9b514a59a7d2de49aed419b5
Signed-off-by: Damjan Marion <damarion@cisco.com>
|
|
Change-Id: I31730d58c34331f25f5b02cd065be94251f1302c
Signed-off-by: Damjan Marion <damarion@cisco.com>
|
|
Running trex in a VM with a bad config, trex sent a bogus pack from
the VM to the Virtual interface. It caused a crash.
Change-Id: I64d0197b444265553ab4c24f21e6a962e89cb587
Signed-off-by: Steven <sluong@cisco.com>
|
|
Change-Id: Ie39bb26a9aea88cf2768ec537adcdd8df1de3be0
Signed-off-by: Matej Klotton <mklotton@cisco.com>
|
|
Change-Id: I25077dd0739787de4f7512e5a70a62e8c34c28e4
Signed-off-by: Neale Ranns <nranns@cisco.com>
|
|
This patch replaces requirement for vlib_plugin_register function
in the plugin so file and introduces new macro:
VLIB_PLUGIN_REGISTER () = {
.version = "version string",
.version_required = "requred version",
.default_disabled = 1,
.early_init = "early_init_function_name",
};
Plugin will nor be loaded if .default_disabled is set to 1
unless explicitely enabled in startup.conf.
If .verstion_required is set, plugin will not be loaded if there
is version mismatch between plugin and vpp. This can be bypassed
by setting "skip-version-check" for specific plugin.
If .early-init string is present, plugin loader will try to resolve
this specific symbol in the plugin namespace and make a function call.
Following startup.conf configuration is added:
plugins {
path /path/to/plugin/directory
plugin ila_plugin.so { enable skip-version-check }
plugin acl_plugin.so { disable }
}
Change-Id: I706c691dd34d94ffe9e02b59831af8859a95f061
Signed-off-by: Damjan Marion <damarion@cisco.com>
|
|
Change-Id: Ia5d3d81cbc2ef85fabf9e19c89a52c589a921d14
Signed-off-by: Matus Fabian <matfabia@cisco.com>
|
|
Ports are allocated per protocol (UDP, TCP, ICMP)
1:1 NAT with port is configured for specific protocol
Change-Id: I37ae5eed3715b223d0620d4fdaed7a482bb7a834
Signed-off-by: Matus Fabian <matfabia@cisco.com>
|
|
Now that the M() and S() macros accept a message parameter, there
is no longer a need to introduce a new block structure around the
CONTROL_PING messages just to have a new unbound "mp" variable.
Instead, just use one named "mp_ping" directly.
Change-Id: I6b283562bb6eec25806e3d35c35b977680ecd1dd
Signed-off-by: Jon Loeliger <jdl@netgate.com>
|
|
Instead, have them accept and assign a return paramter leaving
the return control flow up to the caller. Clean up otherwise
misleading returns present even after "NOT REACHED" comments.
Change-Id: I0861921f73ab65d55b95eabd27514f0129152723
Signed-off-by: Jon Loeliger <jdl@netgate.com>
|
|
Rather than rely on an unbound variable, explicitly introduce
the timeout variable within the 'do { ... } while (0)' construct
as a block-local variable.
Change-Id: I6e78635290f9b5ab3f56b7f116c5fa762c88c9e9
Signed-off-by: Jon Loeliger <jdl@netgate.com>
|
|
Rather than blindly assume an unbound, fixed message parameter
explicilty pass it as a paramter to the S() macro.
Change-Id: Ieea1f1815cadd2eec7d9240408d69acdc3caa49a
Signed-off-by: Jon Loeliger <jdl@netgate.com>
|
|
Now that all the M() and M2() uses properly supply a message
pointer as second parameter, fix the macros to use it.
Change-Id: I0b8f4848416c3fa2e06755ad6ea7171b7c546124
Signed-off-by: Jon Loeliger <jdl@netgate.com>
|
|
Rather than maintain (?) an unused second parameter, t, and pull
an unbound message pointer, mp, out of context, explicitly list
the message pointer as the second parameter.
Change-Id: I92143efda6211cdf6b935470f8c71579742a6b64
Signed-off-by: Jon Loeliger <jdl@netgate.com>
|
|
1 - use the SR policy to construct the replicate DPO. Each bucket therein is a SR tunnel.
2 - install a special mfib entry that links via this replicate
3 - forwarding is now mfib-lookup -> replicate -> sr_rewrite (per-tunnel)
no need for a separate sr_replicate node.
4 - Stack the sr tunnel on the forwarding DPO of the first-hop FIB entry.
no need for a second lookup post SR encap.
5 - fix some path-list lock leaks in the MFIB entry.
Change-Id: I20de96ea4c4be4fae252625bde159d9c435c8315
Signed-off-by: Neale Ranns <nranns@cisco.com>
|
|
- Make puppetlabs/ubuntu-16.04-64-nocm the default box
- Enable x11 forwarding
- Install x11-utils required for emacs to work over X11
- Refactor run.sh
- Add VPP_VAGRANT_POST_BUILD environment variable to
allow selection of installing VPP or run "make test".
- Fix dependencies in src/vppapigen.am
Change-Id: I0ec054fdc83feb71ca8396df53ed02bf82ecd7e7
Signed-off-by: Dave Wallace <dwallacelf@gmail.com>
|
|
Add authentication support to BFD feature. Out of three existing
authentication types, implement SHA1 (sole RFC requirement). Simple
password is insecure and MD5 is discouraged by the RFC, so ignore
those.
Add/change APIs to allow configuring BFD authentication keys
and their usage with BFD sessions.
Change-Id: Ifb0fb5b19c2e72196d84c1cde919bd4c074ea415
Signed-off-by: Klement Sekera <ksekera@cisco.com>
|
|
Avoid coverity warning and improve safety by declaring a helper
structure and working with it when searching for ip headers.
Make sure the content following IPv6 header is actually UDP before
parsing it. Bail out if unexpcted IPv6 header found ...
Change-Id: I1c6b9fd42d6fdae226f12c91c53c07a932b29522
Signed-off-by: Klement Sekera <ksekera@cisco.com>
|
|
Change-Id: I165b64fdc12dd2936df1958348e93b709ce0e784
Signed-off-by: Sergio Gonzalez Monroy <sergio.gonzalez.monroy@intel.com>
|
|
Use FIB_SOURCE_PLUGIN_HI and modify ARP input to use non-source variants for
flags and resolving interface get.
Change-Id: I3bab76f36e0b1ee86e430a416099f1654e02740a
Signed-off-by: Matus Fabian <matfabia@cisco.com>
|
|
Remote mapping and locator set binary APIs uses zero length arrays
defined as 'u8 array[0]' in .api file.
This path will change such cases to form 'type_t array[count];'
in order to enhance maintainability.
Change-Id: I98d0252b441020609c550d48186ed0d8338a3f2d
Signed-off-by: Filip Tehlar <ftehlar@cisco.com>
|
|
fix wrong udp error codes in decap ip6 handling
Change-Id: Ibf791a995128d38b31725c1ee67ec9d1c9dffca2
Signed-off-by: Eyal Bari <ebari@cisco.com>
|
|
Change-Id: I40deb8b40f5d3a96d2c0dcb400f489cd05a64348
Signed-off-by: Klement Sekera <ksekera@cisco.com>
|
|
Change-Id: I2575d780d19e12ddf8a77e5596e5d7cc3dbf4233
Signed-off-by: Dave Barach <dave@barachs.net>
|
|
Add the external NAT address to the FIB as receive entries.
This ensures that VPP will reply to ARP for these addresses and we don't need
to enable proxy ARP on the outside interface.
Change-Id: I1db153373c43fec4808845449a17085509ca588c
Signed-off-by: Matus Fabian <matfabia@cisco.com>
|
|
Change-Id: I8333b7d19ebdacac5445b4505750dd0a46764b36
Signed-off-by: Marek Gradzki <mgradzki@cisco.com>
|
|
Change-Id: I9cfff0196845c6f1161848aa49442aa4df81b20e
Signed-off-by: Eyal Bari <ebari@cisco.com>
|
|
expressive (and might appease coverity)
Change-Id: Ie3c9b2896a487a0302903bfbdd6348f6f091c67d
Signed-off-by: Neale Ranns <nranns@cisco.com>
|
|
Add vxlan-bypass feature which can be enabled on the IP6 underlay
interface which receive VXLAN packets to accelerate VXLAN decap
processing. The CLI to enable/disable it is:
set interface ip6 vxlan-bypass <interface> [del]
The vxlan-bypass feature is already supported on the IP4 underlay
interface. The CLI to enable/disable it is:
set interface ip vxlan-bypass <interface> [del]
Move vxlan-bypass API/CLI support code from decap.c to vxlan.c.
Also fixed two issues in the VXLAN decap path in the vxlan-input node:
1. Add verification of VXLAN packet FIB index with the encap-vrf-id
of the VXLAN tunnel.
2. Fix checking of VXLANoIPv6 packet mcast DIP against that of the
IP6 mcast VXLAN tunnel.
Change-Id: I2bad4074a468c48fbb8bb5ac64f6437190756ed2
Signed-off-by: John Lo <loj@cisco.com>
|
|
minus headers.
Before the commit 878c6098 the VLIB_BUFFER_DATA_SIZE was different depending
on whether building "vpp" or "vpp_lite", resulting in an overrun in vpp_lite build.
Avoid the hardcoded value and make the upper bound for ICMP echo data size
dependent on the buffer size.
Change-Id: Id6c4d7fc73766a95af2610eb237881b5fe9ce9aa
Signed-off-by: Andrew Yourtchenko <ayourtch@gmail.com>
|
|
Change-Id: I2330cb7c2ba0f5eaeb4e7a4c3de4f22283d3923d
Signed-off-by: Radu Nicolau <radu.nicolau@intel.com>
|
|
Change-Id: Iaca2ff453872e638ee83b11fc16472e44deb9a7e
Signed-off-by: Florin Coras <fcoras@cisco.com>
|
|
header is included by ip6.h and should therefore be made public
Change-Id: Ieb7d14bb082d821c2f77e9204ec09d884fb2cb09
Signed-off-by: Gabriel Ganne <gabriel.ganne@enea.com>
|
|
Change-Id: Ie7f51643fd3522a0fa8df8d0309305481c211f5f
Signed-off-by: Filip Tehlar <ftehlar@cisco.com>
|
|
At the least, $(BUILT_SOURCES) should be added to CLEANFILES. Also
beneficial is $(api_DATA), and in the case of Java, *.files and *.h.
Also there is a vpp/app/version.h, and some grammar and lex files in
vppapigen.
Change-Id: Ic6d3f2d40ce65e1d9a8b88217fa1f36de393ebb4
Signed-off-by: Burt Silverman <burtms@gmail.com>
|
|
Change-Id: If10b878cb05d695eaed9416202fd19bed2e0b793
Signed-off-by: Neale Ranns <nranns@cisco.com>
|
|
Change-Id: Ia7d8b557bcdf45eb8e33bb3d297bc6f7ad321c72
Signed-off-by: Pavel Kotucek <pkotucek@cisco.com>
|
|
Build Cryptodev IPsec support by default when DPDK is enabled but only build
hardware Cryptodev PMDs.
To enable Cryptodev support, a new startup.conf option for dpdk has been
introduced 'enable-cryptodev'.
During VPP init, if Cryptodev support is not enabled or not enough cryptodev
resources are available then default to OpenSSL ipsec implementation.
Change-Id: I5aa7e0d5c2676bdb41d775ef40364536a081956d
Signed-off-by: Sergio Gonzalez Monroy <sergio.gonzalez.monroy@intel.com>
|
|
Change-Id: I1596d7a130fb6d3b170b8e01f2116b323cc10c0d
Signed-off-by: Pavel Kotucek <pkotucek@cisco.com>
|
|
When mac address is set prior bringing interface up incorrect rx filter
being installed into the e1000 mac.
Change-Id: If59a2bf16f732e45221b3787d271307d369e54d3
Signed-off-by: Pavel Kotucek <pkotucek@cisco.com>
|
AkshayaNadahalli
Ole Troan
Filip Tehlar
Dave Barach
Damjan Marion
Matus Fabian
Gabriel Ganne
Steven
Matej Klotton
Neale Ranns
Jon Loeliger
Dave Wallace
Klement Sekera
Sergio Gonzalez Monroy
Eyal Bari
Marek Gradzki
John Lo
Andrew Yourtchenko
Radu Nicolau
Florin Coras
Burt Silverman
Pavel Kotucek