| Age | Commit message (Collapse) | Author | Files | Lines |
|---|
|
A poor man's flow switching or policy based rounting.
An ACL is used to match packets and is associated with a [set of] forwarding paths
that determine how to forward matched packets - collectively this association is a
'policy'.
Policies are then 'attached', in a priority order, to an interface when thaey are
encountered as an input feature. If a packet matches no policies it is forwarded
normally in the IP FIB.
This commit is used to test the "ACL-as-a-service" functionality,
which currently compiles, and the existing traffic ACL tests pass in both hash and linear modes.
Change-Id: I0b274ec9f2e645352fa898b43eb54c457e195964
Signed-off-by: Neale Ranns <nranns@cisco.com>
Signed-off-by: Andrew Yourtchenko <ayourtch@gmail.com>
Signed-off-by: Ole Troan <ot@cisco.com>
|
|
Change-Id: Ie20aaf0eb1a5a338a54f0de4d6da661431be5163
Signed-off-by: Klement Sekera <ksekera@cisco.com>
|
|
show vhost-user <interface> may cause a crash if interface is semi-bogus.
Semi-bogus means it is a known vpp interface which has a hw_if_index, but
it is bogus because it is not a vhost-user interface.
The fix is to add a check to reject non vhost-user interface for the
command.
Change-Id: I63f1e8bfbf46f5ec4c30f9fb3546982b63cd7cc5
Signed-off-by: Steven <sluong@cisco.com>
|
|
This patch addresses 182346, 182347, 182353.
Change-Id: I59c3d74bd3a2122b836c93e22ddb632fa032f7fe
Signed-off-by: Marco Varlese <marco.varlese@suse.com>
|
|
+refactor decap loop to remove repetitions and goto's
slightly improves performance in scale (3k-4k tunnels) tests (7-9 clocks)
slightly deteriorates performance in single tunnel tests (3-4 clocks)
Change-Id: I1a64ed0279c00481b61a162296c5a30f58bf29c4
Signed-off-by: Eyal Bari <ebari@cisco.com>
|
|
It is a relatively rarely used low level command for code that didn't change,
but due to infra changes it did not survive. Having it working may be very
useful for corner-case debugging. So, fix it for working with
the acl-as-a-service infra.
Change-Id: I11b60e0c78591cc340b043ec240f0311ea1eb2f9
Signed-off-by: Andrew Yourtchenko <ayourtch@gmail.com>
(cherry picked from commit 18bde8a579960aa46f43ffbe5c2905774bd81a35)
|
|
Change-Id: I071d4cfcf6ea9763dd4842a3594c486a8e400e8c
Signed-off-by: Jakub Grajciar <jgrajcia@cisco.com>
|
|
Add API support similar to VPP CLI "ip probe-neighbor" except API
call is asynch and will not wait, as the CLI does, for address
resolution of probed neighbor. The API client can use the APIs
want_ip4_arp_events or want_ip6_nd_events to get notified of the
desired address resolution event.
Change-Id: Ieab58abe75b5cc7f5185b3b91418b6362f8992d3
Signed-off-by: John Lo <loj@cisco.com>
|
|
Change-Id: I825f3822910a6ee368b9004e39ca16ac6833e30c
Signed-off-by: Florin Coras <fcoras@cisco.com>
|
|
interface)"
This reverts commit 70083ee74c3141bbefb185525315f1b34497dcaa.
Reverting as this patch is causing following crash:
0: /home/damarion/cisco/vpp3/build-data/../src/vnet/devices/devices.h:131 (vnet_get_device_input_thread_index) assertion `queue_id < vec_len (hw->input_node_thread_index_by_queue)' fails
Aborted
Change-Id: Ie2a365032110b1f67be7a9d832885b9899813d39
Signed-off-by: Damjan Marion <damarion@cisco.com>
|
|
only in lookup context 0
In process of extracting the matching out of the ACL plugin internals,
a couple of pieces setting the miscellaneout fields in the 5tuple structure
did not make it, so they are initialized to zeroes. Move the assignments
to the right place to make both traffic acls and acl-as-a-service working.
Change-Id: I66a7540a13b05113b599f0541999a18fad60385d
Signed-off-by: Andrew Yourtchenko <ayourtch@gmail.com>
(cherry picked from commit d3b96ef0d75889f09dc51efb89e5123cdbe7ffe8)
|
|
Change-Id: Id5a2a90d81cc9cb87cb6fb89ac2f4ca3cbcb51e2
Signed-off-by: Juraj Sloboda <jsloboda@cisco.com>
|
|
Change-Id: Ic04f419b9c09be34afc390e672793180d56c4665
Signed-off-by: Neale Ranns <neale.ranns@cisco.com>
|
|
Change-Id: I98bd454a761a1032738a21edeb0fe847e801f901
Signed-off-by: Ole Troan <ot@cisco.com>
|
|
update the GBP plugin to implement the full NAT feature set of opflex agent
Change-Id: Ic06a039c889445ed0b9087fa1f292634192b0f8d
Signed-off-by: Neale Ranns <neale.ranns@cisco.com>
|
|
In dpdk based bonding, when the bond interface is configured for l2,
it automatically sets the bond interface to promiscuous mode and sets rx
redirect to ethernet-input. This allows traffic to be bridged to
non compute node facing interface when it is received from the compute
node interface.
For native vpp bonding, we need to do similar things. When the bond interface
is configured for l2, we set the slave interfaces to promiscuous mode
and set rx redirect to ethernet-input because dpdk does not know anything
about the bond interface. Likewise, when a new interface is enslaved, we also
need to do the same thing if the bond interface has already been configured
for l2.
Change-Id: I7e168008e8a4221be74929b2a20e6db0ce8f3110
Signed-off-by: Steven <sluong@cisco.com>
|
|
Change-Id: I417357b00c43b27872aa3f681335bdc1ef574eca
Signed-off-by: Keith Burns (alagalah) <alagalah@gmail.com>
Signed-off-by: Dave Wallace <dwallacelf@gmail.com>
|
|
Change-Id: I3e670c22b3b8a674c98ff30eb093c5c6ab873e53
Signed-off-by: Neale Ranns <nranns@cisco.com>
|
|
Change-Id: I994649761fe2e66e12ae0e49a84fb1d0a966ddfb
Signed-off-by: Neale Ranns <nranns@cisco.com>
|
|
Change-Id: Iedc6bbaa1c0a1c3c6e1b8ed6d67db28046a551f4
Signed-off-by: Mohsin Kazmi <sykazmi@cisco.com>
|
|
exception in vpp_api.vac_write():
"TypeError: initializer for ctype 'char *' must be a bytes or list or
tuple, not str"
Change-Id: Ib6bcfb86e6e36c557174979a110113af689c6754
Signed-off-by: Andrey "Zed" Zaikin <zed.0xff@gmail.com>
|
|
While https://gerrit.fd.io/r/#/c/11316/ took care of 1 packet/frame for
most of the bonding modes, it missed the broadcast mode. This patch is
to fix the 1 packet/frame for the broadcast mode.
Change-Id: Iac48a2977c7f702f341479cc712a6448090dbc60
Signed-off-by: Steven <sluong@cisco.com>
|
|
When in deterministic mode disable nondeterministic CLI/API.
When not in deterministic mode disable deterministic CLI/API.
Change-Id: Ibf485c14612297e51d3815a6fde541542c8fe7ab
Signed-off-by: Juraj Sloboda <jsloboda@cisco.com>
|
|
When NAT44 forwarding is disabled, if a DHCP server-to-
client packet arrives on an outside interface, it is
handled correctly by setting the next node to the next
feature on the ip4-unicast feature arc, where it can be
processed.
When NAT44 forwarding is enabled, if a DHCP server-to-
client packet arrives, it is not handled any differently
than other packets and ends up going to ip4-lookup
which results in the packet being dropped.
Move the check for DHCP server-to-client packets outside
of the block that is executed if forwarding is disabled so
DHCP replies will be processed in either case.
Change-Id: Ia795cce3fd459f3252c2c17d53bb88ceaeaafca4
Signed-off-by: Matthew Smith <mgsmith@netgate.com>
|
|
Prior to this fix vppapigen would just do a crc32 on the Python representation
of the file as a set of dictionaries. That of course was not a good idea.
Change-Id: Ie454736ffec02fa4679ab27e684b1d6c6406a0f1
Signed-off-by: Ole Troan <ot@cisco.com>
|
|
Change-Id: Icfb99a09726c01e96ff14967afbafa4116e02eff
Signed-off-by: Dave Barach <dbarach@cisco.com>
|
|
Change-Id: I686254b332a4527cb0cad3c5c0a17ea4c9f40e1d
Signed-off-by: Andrey "Zed" Zaikin <zed.0xff@gmail.com>
|
|
Change-Id: Ieeafb41d10959700bfd434cd455800af31944150
Signed-off-by: Matus Fabian <matfabia@cisco.com>
|
|
The users of ACL lookup contexts might not check the data they supply,
so do it on their behalf in this function, and return an error if
an ACL does not exist or if they attempt to apply the same ACL twice.
Change-Id: I89d871e60f267ce643f88574c83baf9cd0a2d7b3
Signed-off-by: Andrew Yourtchenko <ayourtch@gmail.com>
(cherry picked from commit e5cbccf35f4d230afafa633abbc88e64ef33d758)
|
|
using the inline functions
The acl_main struct, which is defined in the acl_plugin, is not visible when
the ACL plugin inline code is being compiled within the context of other plugins.
Fix that by using the global pointer variable, which exists in both the ACL plugin
context and is set in the context of the external plugins using ACL plugin.
Change-Id: Iaa74dd8cf36ff5442a06a25c5c968722116bddf8
Signed-off-by: Andrew Yourtchenko <ayourtch@gmail.com>
(cherry picked from commit 1286a15a6e60f80b0e1b349f876de8fa38c71368)
|
|
Change-Id: If536ae142dc0109b587d92981d337bc6f15e070a
Signed-off-by: Damjan Marion <damarion@cisco.com>
|
|
lb session with the same user maybe deleted.
Change-Id: Ie58579cf4f8babb594f3c44aa185720134c58c3d
Signed-off-by: ahdj007 <dong.juan1@zte.com.cn>
|
|
Change-Id: I6400b77de388c01e85209e5dc5f11ccafb79a459
Signed-off-by: Radu Nicolau <radu.nicolau@intel.com>
|
|
Change-Id: Iaadfbc75832e37ae52511b25448da14116214fc1
Signed-off-by: Francois Clad <fclad@cisco.com>
|
|
With no IPv4 output features on an IPsec tunnel inferface,
when packets are forwarded to that interface, they reach
the ipsec-if-output node via the output_node_index on the
hw interface and they are handled correctly.
When an IPv4 output feature (e.g. output ACL, outbound
NAT) is enabled on an IPsec tunnel interface, outbound
IPsec stops working for that interface. The last node in
the ip4-output feature arc is interface-output. From there
a packet is sent to ipsec<N>-output, and then ipsec<N>-tx.
The tx function for an IPsec tunnel interface that is
called by ipsec<N>-tx is a dummy that doesn't do anything
except write a warning message.
Enable a feature on the interface-output feature arc for
an IPsec tunnel interface so the ipsec-if-output node is
reached from the interface-output node.
Change-Id: Ia9c73d3932f5930ec7ce0791a0375b1d37148b01
Signed-off-by: Matthew Smith <mgsmith@netgate.com>
|
|
We need to keep original linked list so destructire can remove entries.
Change-Id: I5ff5ca0e1a417d88707255207725bba46433c943
Signed-off-by: Damjan Marion <damarion@cisco.com>
|
|
Change-Id: I50ff0cacf88182f8e0be19840c50f4954de586e2
Signed-off-by: Neale Ranns <neale.ranns@cisco.com>
|
|
Change-Id: I32f68e2ee8f5d32962acdefb0193583f71d342b3
Signed-off-by: Damjan Marion <damarion@cisco.com>
|
|
Change-Id: I71660eb327124179ff200763c4743cc81dc6e1c6
Signed-off-by: Matus Fabian <matfabia@cisco.com>
|
|
dpdk plugin self-disables if there are no hugepages available
Change-Id: Ib286e1a370deeb21248e6e961573ef9c68759b4c
Signed-off-by: Damjan Marion <damarion@cisco.com>
Signed-off-by: Dave Barach <dave@barachs.net>
|
|
Change-Id: I0efd03bdb84bc9ff2334d398bfdb82486228114a
Signed-off-by: Neale Ranns <neale.ranns@cisco.com>
|
|
Change-Id: I2b1d1035f810cb58356626cf081d46eb289265b4
Signed-off-by: Neale Ranns <nranns@cisco.com>
|
|
If l2-fwd node does not find an L2FIB entry for DMAC of packet,
use input feature bitmap to find next node instead of always
sending packet to l2-flood node to perform unknow unicast flood.
It provides possibilty of using other feature to forward unknow
unicast packet instead of flooding the BD.
Change-Id: I56b277050537678c92bd548d96d87cadc8d2e287
Signed-off-by: John Lo <loj@cisco.com>
|
|
Adopt nova naming convention for vhost-user interfaces.
Change-Id: If70f0828106bf594eb11d4f0ed2898a35ec0af15
Signed-off-by: Mohsin Kazmi <sykazmi@cisco.com>
|
|
Change-Id: I78a4176f98c2b4630a57ac5ddb7faf58ba0c4ee1
Signed-off-by: Neale Ranns <nranns@cisco.com>
|
|
Change-Id: Id775efb2e85d850e510d00f1b48bb711a3342397
Signed-off-by: Damjan Marion <damarion@cisco.com>
|
|
Change-Id: I3700fc1d140e30da783e41762670618f0298c7db
Signed-off-by: Mohsin Kazmi <sykazmi@cisco.com>
|
|
Change-Id: I92ca28d3007f7ea43cd3e8b20659e400dfa6c75c
Signed-off-by: Jon Loeliger <jdl@netgate.com>
|
|
Change-Id: I81d870ab9fc0b1f0e1b777d56ca7870ff99c7c2c
Signed-off-by: Chris Luke <chrisy@flirble.org>
|
|
Change-Id: Ibcffee7d20dbb79720199bcd82d2353f39d5544f
Signed-off-by: Chris Luke <chrisy@flirble.org>
|
Andrew Yourtchenko
Klement Sekera
Steven
Marco Varlese
Eyal Bari
Jakub Grajciar
John Lo
Florin Coras
Damjan Marion
Juraj Sloboda
Neale Ranns
Ole Troan
Keith Burns (alagalah)
Neale Ranns
Mohsin Kazmi
Andrey "Zed" Zaikin
Matthew Smith
Dave Barach
Matus Fabian
ahdj007
Radu Nicolau
Francois Clad
Jon Loeliger
Chris Luke