Age | Commit message (Collapse) | Author | Files | Lines |
|
Moved CLI from nat.c to nat44_cli.c
Split "show nat44" to:
show nat44 addresses
show nat44 interfaces
show nat44 static mappings
show nat44 interface address
show nat44 sessions detail
show nat44 deterministic mappings
show nat44 deterministic timeouts
show nat44 deterministic sessions
show nat workers
Change-Id: I2d1be8941dd0e4a9e037f4a4d2cd192389beb8ed
Signed-off-by: Matus Fabian <matfabia@cisco.com>
|
|
Verify that /dev/shm size is >= 512M, which should be enough for `make
test' needs. If the verification fails, try to enlarge it automatically.
This helps avoid docker vpp/make test crashes (seen as SIGBUS).
Change-Id: I4e23d59ff8bf8befc320fa229fb6c9bfeb809a8f
Signed-off-by: Klement Sekera <ksekera@cisco.com>
|
|
== CONTENT ==
* SCTP chunks definition as per RFC4960;
* Helper functions to set/get values to/from the corresponding chunks;
* Hooks to the session/application layers;
* Complete state-machine handling;
* Implementation for unexpected chunk received in a certain
state (state-machine error handling)
* Support for 1-single connection;
* Sample application to test receive/transmit data-path;
* Test to validate SCTP stack;
Change-Id: I1b55c455ab400be9513f4e094dadfc3181d2ebc9
Signed-off-by: Marco Varlese <marco.varlese@suse.com>
|
|
now we get:
00:00:04:288925: pg-input
...
00:00:04:289345: ethernet-input
...
00:00:04:289524: ip6-input
...
00:00:04:289553: ip6-mfib-forward-lookup
...
00:00:04:289584: ip6-mfib-forward-rpf
entry 14 itf 2 flags Forward,
00:00:04:289754: ip6-drop
UDP: 2002::1 -> ff01:2::255
tos 0x00, flow label 0x0, hop limit 64, payload length 21
UDP: 1234 -> 1234
length 21, checksum 0x90d1
00:00:04:289802: error-drop
ip4-input: Multicast RPF check failed
08:36:44,517 Count Node Reason
182 ip4-input Multicast RPF check failed
8 ip6-icmp-input neighbor advertisements sent
8 ip6-icmp-input router advertisements sent
8 arp-input ARP replies sent
Change-Id: I1b29cda4ec77a88db45bfb25c7473cd64bbf501a
Signed-off-by: Neale Ranns <nranns@cisco.com>
|
|
One-armed NAT should work for asymmetrical static mappings without adding external address to the NAT44 pool.
Change-Id: Ie886b75b55c3b552d1029a50bd967625fde80f09
Signed-off-by: Matus Fabian <matfabia@cisco.com>
|
|
DISCOVER message sent.
According to RFC2131:
In the case of a client using DHCP for initial configuration (before
the client's TCP/IP software has been completely configured), DHCP
requires creative use of the client's TCP/IP software and liberal
interpretation of RFC 1122. The TCP/IP software SHOULD accept and
forward to the IP layer any IP packets delivered to the client's
hardware address before the IP address is configured; DHCP servers
and BOOTP relay agents may not be able to deliver DHCP messages to
clients that cannot accept hardware unicast datagrams before the
TCP/IP software is configured.
To work around some clients that cannot accept IP unicast datagrams
before the TCP/IP software is configured as discussed in the previous
paragraph, DHCP uses the 'flags' field [21]. The leftmost bit is
defined as the BROADCAST (B) flag. The semantics of this flag are
discussed in section 4.1 of this document. The remaining bits of the
flags field are reserved for future use. They MUST be set to zero by
clients and ignored by servers and relay agents. Figure 2 gives the
format of the 'flags' field.
this changes means VPP conforms to the:
"SHOULD accept and forward to the IP layer any IP packets delivered
to the client's hardware address before the IP address is configured"
with the caveat that VPP allows DHCP packets destined to the stanard client
DHCP port to be delivered. With this enhancement the control-plane is now
able to choose the setting of the broadcast flag.
Change-Id: Ia4eb2c9bb1e30c29f9192facc645e9533641955a
Signed-off-by: Neale Ranns <nranns@cisco.com>
|
|
On reviece side svm queue only permits blocking and
non-blocking calls. This patch adds timed wait blocking
functionality which returns either on signal/event or
on given time out.
It also preserves the original behavior, so it will not
hurt client applications which are using svm queue.
Change-Id: Ic10632170330a80afb8bc781d4ccddfe4da2c69a
Signed-off-by: Mohsin Kazmi <sykazmi@cisco.com>
|
|
add option to NAT44 static mapping API/CLI to make rule asymmetrical (rule match only out2in direction)
Change-Id: If262a3ff375a24d3059f0de1f1ac387a4fe09475
Signed-off-by: Matus Fabian <matfabia@cisco.com>
|
|
- Refactor LDP to be stateless.
- Use upper bit of fd to identify
tag as VCL session.
- Clean up debug output.
- Add VCOM config env vars for
app name and sid bit.
- Add VCL get/set attributes
- Add VCL poll implementation.
Change-Id: I4603ae88254c460a024fdb79fe91c6d1ef9bc7b9
Signed-off-by: Dave Wallace <dwallacelf@gmail.com>
|
|
Add option to NAT44 load balancing static mapping API/CLI to make rule asymmetrical (rule match only in out2in direction).
Change-Id: I325ecef5591e4bf44ce4469a24d44fe56c3bb2e9
Signed-off-by: Matus Fabian <matfabia@cisco.com>
|
|
Change-Id: Ifcca60da3f77c0a4959f98b3365c846badbdc2d0
Signed-off-by: Juraj Sloboda <jsloboda@cisco.com>
|
|
- rename l2_bridged to is_dvr. Including on the ip.api
this was new in the 18.01 release so no compatability issues.
- steal the free space in vnet_buffer_opaque_t for use with flags.
- run the ipX-output feature arc from the DVR DPO
Change-Id: I040e5976d1dbe076fcdda3a40a7804f56337ce3f
Signed-off-by: Neale Ranns <nranns@cisco.com>
|
|
Change-Id: Iddd754d00ace3d042336e5c2c40431566275051a
Signed-off-by: Neale Ranns <neale.ranns@cisco.com>
|
|
Change-Id: I7fa7d0ebf73dab8264a2e5ddbd412600d78ead05
Signed-off-by: Neale Ranns <nranns@cisco.com>
|
|
Change-Id: Ib90dc5613c9fdac0344b3bd7f163e2f7163c64d8
Signed-off-by: Matus Fabian <matfabia@cisco.com>
|
|
Change-Id: I66ae618edaa12c2b4e4afe276da689673b02c9cd
Signed-off-by: zhaoqingling <zhao.qingling@zte.com.cn>
|
|
Change-Id: I24e7a26972bbbfcea100292b212b29ae7a349335
Signed-off-by: Juraj Sloboda <jsloboda@cisco.com>
|
|
Change-Id: Iab0baabf2f27bc7ad7fbf2d2789a493752b07d8a
Signed-off-by: Florin Coras <fcoras@cisco.com>
|
|
L2 Emulation is a feautre that is applied to L2 ports to 'extract'
IP packets from the L2 path and inject them into the L3 path (i.e.
into the appropriate ip[4|6]_input node).
L3 routes in the table_id for that interface should then be configured
as DVR routes, therefore the forwarded packet has the L2 header
preserved and togehter the L3 routed system behaves like an L2 bridge.
Change-Id: I8effd7e2f4c67ee277b73c7bc79aa3e5a3e34d03
Signed-off-by: Neale Ranns <nranns@cisco.com>
|
|
* NAT46: fix test cleanup, missing del keyword
* NAT66: fix kube-proxy vip, is ipv6
* add some missing kp_put_writer_lock
* wipe flowtable after each unit test
* Add new cli api: "test kube-proxy flowtable flush" to flushes everything
* Call this new cli function after the end of each kube-proxy unit test.
* same as commit b3d1b203579226ca5136b9d6a2744577d07cfcc6 for the lb plugin
Change-Id: I4146f44841328ec96eb66729e3bae3d40f33e4aa
Signed-off-by: Gabriel Ganne <gabriel.ganne@enea.com>
|
|
Add API function which enables forwarding of packets not matching
existing translation or static mapping instead of dropping them.
When forwarding is enabled matching packets will be translated
while non-matching packets will be forwarded without translation.
Change-Id: Ic13040cbad16d3a1ecdc3e02a497171bef6aa413
Signed-off-by: Juraj Sloboda <jsloboda@cisco.com>
|
|
Translation of both source and destination addresses and ports for 1:1 NAT
session initiated from outside network (ExternalIP K8 use case).
Change-Id: Ic0000497cf71619aac996d6d580844f0ea0edc14
Signed-off-by: Matus Fabian <matfabia@cisco.com>
|
|
This plugin provides kube-proxy data plane on user space,
which is used to replace linux kernal's kube-proxy based on iptables.
The idea is largely inspired from VPP LB plugin.
Currently, kube-proxy plugin supports three service types:
1) Cluster IP plus Port: support any protocols, including TCP, UDP.
2) Node IP plus Node Port: currently only support UDP.
3) External Load Balancer.
Please refer to kp_plugin_doc.md for details.
Change-Id: I36690e417dd26ad5ec1bd77c7ea4b8100416cac6
Signed-off-by: Hongjun Ni <hongjun.ni@intel.com>
|
|
Change-Id: I0e20100c9e2ca4e951f605a79d48c04ff47864cb
Signed-off-by: Ole Troan <ot@cisco.com>
|
|
- GRE tunnels with the same src,dst addresses are not the same tunnel
- Two data-plane improvements:
- the cached key was never updated and so useless
- no need to dereference the tunnel's HW interface to get the sw_if_index
Change-Id: I2f2ea6e08c759a810b753cec22c497e921a2ca01
Signed-off-by: Neale Ranns <nranns@cisco.com>
|
|
This allows arm platforms to also take advantage of crc32 hardware
acceleration.
* add a wrapper for crc32_u64. It's the only one really used. Using it
instead of a call to clib_crc32c() eases building symmetrical hash
functions.
* replace #ifdef on SSE4 by a test on clib_crc32c_uses_intrinsics.
Note: keep the test on i386
* fix typo in lb test log
Change-Id: I03a0897b70f6c1717e6901d93cf0fe024d5facb5
Signed-off-by: Gabriel Ganne <gabriel.ganne@enea.com>
|
|
same as commit d3e671e0dbb879d90f00bdee608ee0bb5f6357ae did for centos
Change-Id: If57765490d1ef41042a42db433b704af2f0c0ffd
Signed-off-by: Gabriel Ganne <gabriel.ganne@enea.com>
|
|
Change-Id: I941abdc4a02e4c52c66b9d299e380b27caca7c1d
Signed-off-by: “mystarrocks” <mystarrocks@yahoo.com>
|
|
Change-Id: I7196ad8bf6afaf356674789c05e23ac000bc038e
Signed-off-by: Neale Ranns <nranns@cisco.com>
|
|
Change-Id: I655382f7f74181dd7c795a2b22f151f76b50e793
Signed-off-by: Neale Ranns <nranns@cisco.com>
|
|
The "test-all" target is still never called as part of any continuous
test (as it probably should) but at least it can now be expected to
succeed.
VXLAN-GPE:
* decapsulate Ethernet to "l2-input" instead of "ethernet-input"
otherwise the inner mac address get checked against the interface one
(external) and packet gets dropped (mac mismatch)
* set packet input sw_if_index to unicast vxlan tunnel for learning
TEST:
* VXLAN:
* reduce the number of share tunnels:
=> reduce test duration by half
=> no functional change
* VXLAN-GPE:
* fix test TearDown() cli: command is "show vxlan-gpe" only
* remove vxlan-gpe specific tests as the were a duplicated of the
BridgeDomain one and already inherited.
* disable test_mcast_rcv() and test_mcast_flood() tests
* P2PEthernetAPI:
* remove test: "create 100k of p2p subifs"
there already is a "create 1k p2p subifs" so this one is a load test
and not a unit test.
See: lists.fd.io/pipermail/vpp-dev/2017-November/007280.html
Change-Id: Icafb83769eb560cbdeb3dc6d1f1d3c23c0901cd9
Signed-off-by: Gabriel Ganne <gabriel.ganne@enea.com>
|
|
Change-Id: I64e8a76a17057ae69de72a5a80c0a194cd0c21cb
Signed-off-by: Neale Ranns <nranns@cisco.com>
|
|
Change-Id: Iebf859b6d86482e4465423bad598eecf87e53ec4
Signed-off-by: Matus Fabian <matfabia@cisco.com>
|
|
(VPP-1090)
Change-Id: I361c043979274eac1aefcd95abdf1624a3ef2756
Signed-off-by: Matus Fabian <matfabia@cisco.com>
|
|
Change-Id: Icb93ab80c5a6432d7b2b698a47e8b612c6f06fbd
Signed-off-by: Florin Coras <fcoras@cisco.com>
|
|
macip_acl_add_replace on an existing MACIP ACL
The classifier tables layout might (and most always will) change during the MACIP ACL modification.
Furthermore, vnet_set_input_acl_intfc() is quite a picky creature - it quietly does nothing
if there is an existing inacl applied, even if the number is different, so a simple "reapply"
does not work. So, cleanly remove inacl, then reapply when the new tables are ready.
Also, fix the testcase which was supposed to test this exact behavior.
Thanks to Jon Loeliger for spotting this issue.
Change-Id: I7e4bd8023d9de7e914448bb4466c1b0ef6940f58
Signed-off-by: Andrew Yourtchenko <ayourtch@gmail.com>
|
|
as decsribed in section 2.2
ihttps://tools.ietf.org/html/draft-ietf-bier-mpls-encapsulation-10
with BIFT encoding from:
https://tools.ietf.org/html/draft-wijnandsxu-bier-non-mpls-bift-encoding-00
changes:
1 - introduce the new BIFT lookup table. BIER tables that have an associated
MPLS label are added to the MPLS-FIB. Those that don't are added to the
BIER table
2 - BIER routes that have no associated output MPLS label will add a BIFT label.
3 - The BIER FMask has a path-list as a member to resolve via any possible path.
Change-Id: I1fd4d9dbd074f0e855c16e9329b81460ebe1efce
Signed-off-by: Neale Ranns <nranns@cisco.com>
|
|
Change-Id: I4fbf4a574f455628d56e78cefc1a76adc06bc801
Signed-off-by: Neale Ranns <neale.ranns@cisco.com>
|
|
Change-Id: I03d7508649e80a538fcf9541815e2c29224bc87a
Signed-off-by: Mohsin Kazmi <sykazmi@cisco.com>
|
|
Identity mapping translate an IP address to itself.
Change-Id: Icc0ca5102d32547a4b0c75720b5f5bf41ed69c71
Signed-off-by: Matus Fabian <matfabia@cisco.com>
|
|
logging: allow a client to register a callback handler to recieve log messages
that way the client can maintain a correctly sequenced log
populate: fix the creation of interface and the setting of the handle
stats: the reset promise idea is not defined behaviour.
Use an eanble/disable command pair
Change-Id: I347720bb65df2874c7619e722d593bc863ee2bf1
Signed-off-by: Neale Ranns <neale.ranns@cisco.com>
|
|
- Refactor debug output to include vpp handle associated
with session id where appropriate.
- Fix vcom_connect return value on error.
- Refactor vcom_socket_epoll_pwait().
- Fix sock_test_server/client connect failure handling.
Change-Id: I2649596aa4b8a77d9bd876409a76810cb2785797
Signed-off-by: Dave Wallace <dwallacelf@gmail.com>
|
|
- find object by key
- compare objects
Change-Id: I36ec8612be9482bcef7ceced2a59f7403f77b3e8
Signed-off-by: Neale Ranns <neale.ranns@cisco.com>
|
|
- Refactor session disconnect/close state
transitions. Only remove session state
when app calls close(). Add HUP/reset
feedback by returning ECONNRESET.
- Update debug messages.
- Use VCL_LOCK_AND_GET_SESSION macro more
extensively
Change-Id: I23d372834b901a6726e6d6c1061df73ad967882f
Signed-off-by: Dave Wallace <dwallacelf@gmail.com>
|
|
Change-Id: Icd73f00162fb6aabe296c8bb6f2174ad4f6a17b7
Signed-off-by: Hongjun Ni <hongjun.ni@intel.com>
|
|
Enhence support of DHCP VSS (Virtual Subnet Selection) to include
VSS type 0 where VSS info is a NVT (Network Virtual Terminal)
ASCII VPN ID where the ASCII string MUST NOT be terminated with a
zero byte. Existing code already support VSS type 1, where VSS
information is a RFC 2685 VPN-ID of 7 bytes with 3 bytes OUI
and 4 bytes VPN index, and VSS type 255 indicating global VPN.
Change-Id: I54edbc447c89a2aacd1cc9fc72bd5ba386037608
Signed-off-by: John Lo <loj@cisco.com>
|
|
- Add vxlan-gpe binding on udp port 4790 (taken from scapy upstream)
- VXLAN.VNI -> VXLAN.vni
Change-Id: If7ad38fa04fbfec01e01c81a06e88ffe70183672
Signed-off-by: Gabriel Ganne <gabriel.ganne@enea.com>
|
|
Change-Id: I273e1ea28c3c146e4a88d031c790c1cc56dccf00
Signed-off-by: Neale Ranns <neale.ranns@cisco.com>
|
|
Change-Id: I2fa219d6530f1e7a3b8ae32d35a0c60ba57c5129
Signed-off-by: Neale Ranns <neale.ranns@cisco.com>
|
|
Added two new errors:
ACL_IN_USE_INBOUND
ACL_IN_USE_OUTBOUND
Update ACL tests to expect new, precise return values.
Change-Id: I644861a18aa5b70cce5f451dd6655641160c7697
Signed-off-by: Jon Loeliger <jdl@netgate.com>
|