vpp - Vector Packet Processing

Age	Commit message (Collapse)	Author	Files	Lines
2018-09-27	Test typo fixes	juraj.linkes	1	-4/+4
	Renamed one acl testcase class which was copy-pasted and fixed one inheritance issue. Renamed one bihash testcase class. Change-Id: I70d911ee7872d8d9ddba96c7f721dd099f0152f7 Signed-off-by: juraj.linkes <juraj.linkes@pantheon.tech>
2018-09-26	acl-plugin: fix the stateful ICMP handling and add testcases	Andrew Yourtchenko	1	-27/+107
	The stateful ICMP/ICMPv6 handling got broken. Fix that and introduce testcases to catch in the future. Change-Id: Ie602e72d6ac613d64ab0bf6693b6d75afb1a9552 Signed-off-by: Andrew Yourtchenko <ayourtch@gmail.com>
2018-09-25	L2 BD: introduce a BD interface on which to send UU packets	Neale Ranns	1	-1/+3
	Change-Id: I21ad6b04c19c8735d057174b1f260a59f2812241 Signed-off-by: Neale Ranns <nranns@cisco.com>
2018-06-24	Revert "Revert "make test: fix broken interfaces""	Klement Sekera	1	-1/+1
	This reverts commit c8efa29b6f9a91381897b54f1147daf922ed7164. Change-Id: I1d5c5773d5f86a63073e255336bd9de628e26179 Signed-off-by: Klement Sekera <ksekera@cisco.com>
2018-06-22	Revert "make test: fix broken interfaces"	Ole Troan	1	-1/+1
	This reverts commit d5c60b96a3fd93916fc4af5c8d6d25625c28242e. Change-Id: I3632b9c3f76c615aee897f28f76d094e7031e689 Signed-off-by: Ole Troan <ot@cisco.com>
2018-06-22	make test: fix broken interfaces	Klement Sekera	1	-1/+1
	Change-Id: I2e092774f81503e04b53cc6c6b5d357fe3fc52ab Signed-off-by: Klement Sekera <ksekera@cisco.com>
2018-04-09	make test: fix failure on centos	Klement Sekera	1	-1/+1
	Change-Id: I1fcc742699a60ef99ce97b35f7b964ee6ad29ddf Signed-off-by: Klement Sekera <ksekera@cisco.com>
2018-03-23	acl-plugin: make test: shuffle applied ACLs as part of the tests	Andrew Yourtchenko	1	-1/+79
	During the testing of 94f9a6de3f706243d138e05b63fef1d5c8174f6c I realized there was no test coverage for the cases where the ACLs are added then modified while having beein applied. This change adds some simple shuffling to l2l3 ACL test set, whereby after each of the ACLs being applied, a few extra ACLs are applied at the front and the back of the list, and are changed several times, the base for the changes being the set of all the ACEs that are being applied previously. After these few shuffles, the routine restores the applied ACLs and proceeds to the test as usual. Change-Id: Ieda2aa5b7963746d62484e54719309de9c1ee752 Signed-off-by: Andrew Yourtchenko <ayourtch@gmail.com>
2017-09-26	acl-plugin: test: move the API calls to vpp_papi_provider.py	Andrew Yourtchenko	1	-61/+25
	Change-Id: I1d3818027b8a1fcb1ec12016e3476b5c22a2d5a5 Signed-off-by: Andrew Yourtchenko <ayourtch@gmail.com>
2017-06-19	acl-plugin: bihash-based ACL lookup	Andrew Yourtchenko	1	-0/+3
	Add a bihash-based ACL lookup mechanism and make it a new default. This changes the time required to lookup a 5-tuple match from O(total_N_entries) to O(total_N_mask_types), where "mask type" is an overall mask on the 5-tuple required to represent an ACE. For testing/comparison there is a temporary debug CLI "set acl-plugin use-hash-acl-matching {0\|1}", which, when set to 0, makes the plugin use the "old" linear lookup, and when set to 1, makes it use the hash-based lookup. Based on the discussions on vpp-dev mailing list, prevent assigning the ACL index to an interface, when the ACL with that index is not defined, also prevent deleting an ACL if that ACL is applied. Also, for the easier debugging of the state, there are new debug CLI commands to see the ACL plugin state at several layers: "show acl-plugin acl [index N]" - show a high-level ACL representation, used for the linear lookup and as a base for building the hashtable-based lookup. Also shows if a given ACL is applied somewhere. "show acl-plugin interface [sw_if_index N]" - show which interfaces have which ACL(s) applied. "show acl-plugin tables" - a lower-level debug command used to see the state of all of the related data structures at once. There are specifiers possible, which make for a more focused and maybe augmented output: "show acl-plugin tables acl [index N]" show the "bitmask-ready" representations of the ACLs, we well as the mask types and their associated indices. "show acl-plutin tables mask" show the derived mask types and their indices only. "show acl-plugin tables applied [sw_if_index N]" show the table of all of the ACEs applied for a given sw_if_index or all interfaces. "show acl-plugin tables hash [verbose N]" show the 48x8 bihash used for the ACL lookup. Change-Id: I89fff051424cb44bcb189e3cee04c1b8f76efc28 Signed-off-by: Andrew Yourtchenko <ayourtch@gmail.com>
2017-04-20	Clean up old datapath code in ACL plugin.	Andrew Yourtchenko	1	-48/+0
	Change-Id: I3d64d5ced38a68f3fa208be00c49d20c4e6d4d0e Signed-off-by: Andrew Yourtchenko <ayourtch@gmail.com>
2017-04-06	acl-plugin: make the IPv4/IPv6 non-first fragment handling in line with ACL ↵	Andrew Yourtchenko	1	-3/+48
	(VPP-682) This fixes the previously-implicit "drop all non-first fragments" behavior to be more in line with security rules: a non-first fragment is treated for the purposes of matching the ACL as a packet with the port match succeeding. This allows to change the behavior to permit the fragmented packets for the default "permit specific rules" ruleset, but also gives the flexibility to block the non-initial fragments by inserting into the begining a bogus rule which would deny the L4 traffic. Also, add a knob which allows to potentially turn this behavior off in case of a dire need (and revert to dropping all non-initial fragments), via a debug CLI. Change-Id: I546b372b65ff2157d9c68b1d32f9e644f1dd71b4 Signed-off-by: Andrew Yourtchenko <ayourtch@gmail.com> (cherry picked from commit 9fc0c26c6b28fd6c8b8142ea52f52eafa7e8c7ac)
2017-03-21	ACL plugin 1.2	Andrew Yourtchenko	1	-0/+722
	L3 path support, L2+L3 unified processing node, skip IPv6 EH support. Change-Id: Iac37a466ba1c035e5c2997b03c0743bfec5c9a08 Signed-off-by: Andrew Yourtchenko <ayourtch@gmail.com>