update the GBP plugin to implement the full NAT feature set of opflex agent
Change-Id: Ic06a039c889445ed0b9087fa1f292634192b0f8d
Signed-off-by: Neale Ranns <neale.ranns@cisco.com>
In dpdk based bonding, when the bond interface is configured for l2,
it automatically sets the bond interface to promiscuous mode and sets rx
redirect to ethernet-input. This allows traffic to be bridged to
non compute node facing interface when it is received from the compute
node interface.
For native vpp bonding, we need to do similar things. When the bond interface
is configured for l2, we set the slave interfaces to promiscuous mode
and set rx redirect to ethernet-input because dpdk does not know anything
about the bond interface. Likewise, when a new interface is enslaved, we also
need to do the same thing if the bond interface has already been configured
for l2.
Change-Id: I7e168008e8a4221be74929b2a20e6db0ce8f3110
Signed-off-by: Steven <sluong@cisco.com>
exception in vpp_api.vac_write():
"TypeError: initializer for ctype 'char *' must be a bytes or list or
tuple, not str"
Change-Id: Ib6bcfb86e6e36c557174979a110113af689c6754
Signed-off-by: Andrey "Zed" Zaikin <zed.0xff@gmail.com>
While https://gerrit.fd.io/r/#/c/11316/ took care of 1 packet/frame for
most of the bonding modes, it missed the broadcast mode. This patch is
to fix the 1 packet/frame for the broadcast mode.
Change-Id: Iac48a2977c7f702f341479cc712a6448090dbc60
Signed-off-by: Steven <sluong@cisco.com>
When in deterministic mode disable nondeterministic CLI/API.
When not in deterministic mode disable deterministic CLI/API.
Change-Id: Ibf485c14612297e51d3815a6fde541542c8fe7ab
Signed-off-by: Juraj Sloboda <jsloboda@cisco.com>
When NAT44 forwarding is disabled, if a DHCP server-to-
client packet arrives on an outside interface, it is
handled correctly by setting the next node to the next
feature on the ip4-unicast feature arc, where it can be
processed.
When NAT44 forwarding is enabled, if a DHCP server-to-
client packet arrives, it is not handled any differently
than other packets and ends up going to ip4-lookup
which results in the packet being dropped.
Move the check for DHCP server-to-client packets outside
of the block that is executed if forwarding is disabled so
DHCP replies will be processed in either case.
Change-Id: Ia795cce3fd459f3252c2c17d53bb88ceaeaafca4
Signed-off-by: Matthew Smith <mgsmith@netgate.com>
Prior to this fix vppapigen would just do a crc32 on the Python representation
of the file as a set of dictionaries. That of course was not a good idea.
Change-Id: Ie454736ffec02fa4679ab27e684b1d6c6406a0f1
Signed-off-by: Ole Troan <ot@cisco.com>
The users of ACL lookup contexts might not check the data they supply,
so do it on their behalf in this function, and return an error if
an ACL does not exist or if they attempt to apply the same ACL twice.
Change-Id: I89d871e60f267ce643f88574c83baf9cd0a2d7b3
Signed-off-by: Andrew Yourtchenko <ayourtch@gmail.com>
(cherry picked from commit e5cbccf35f4d230afafa633abbc88e64ef33d758)
The acl_main struct, which is defined in the acl_plugin, is not visible when
the ACL plugin inline code is being compiled within the context of other plugins.
Fix that by using the global pointer variable, which exists in both the ACL plugin
context and is set in the context of the external plugins using ACL plugin.
Change-Id: Iaa74dd8cf36ff5442a06a25c5c968722116bddf8
Signed-off-by: Andrew Yourtchenko <ayourtch@gmail.com>
(cherry picked from commit 1286a15a6e60f80b0e1b349f876de8fa38c71368)
- Ignore warnings W504 (newline after binary operator) which otherwise
occurs a significant number of times.
- Fix two instances of lines >79 chars.
Change-Id: I8cef56f8afc237187995e638e610c8c0554e2bb5
Signed-off-by: Chris Luke <chrisy@flirble.org>
So current makefile covers opensuse tumbleweed and
current opensuse leap 12.3. Neither of these cover
new leap 15 package naming. Cannot only use Name
or ID do to release differences.
Change-Id: I7ffcabb3a5af5b0789ba827209355050f6dc5204
Signed-off-by: Ed Kern <ejk@cisco.com>
With no IPv4 output features on an IPsec tunnel inferface,
when packets are forwarded to that interface, they reach
the ipsec-if-output node via the output_node_index on the
hw interface and they are handled correctly.
When an IPv4 output feature (e.g. output ACL, outbound
NAT) is enabled on an IPsec tunnel interface, outbound
IPsec stops working for that interface. The last node in
the ip4-output feature arc is interface-output. From there
a packet is sent to ipsec<N>-output, and then ipsec<N>-tx.
The tx function for an IPsec tunnel interface that is
called by ipsec<N>-tx is a dummy that doesn't do anything
except write a warning message.
Enable a feature on the interface-output feature arc for
an IPsec tunnel interface so the ipsec-if-output node is
reached from the interface-output node.
Change-Id: Ia9c73d3932f5930ec7ce0791a0375b1d37148b01
Signed-off-by: Matthew Smith <mgsmith@netgate.com>
We need to keep original linked list so destructire can remove entries.
Change-Id: I5ff5ca0e1a417d88707255207725bba46433c943
Signed-off-by: Damjan Marion <damarion@cisco.com>
dpdk plugin self-disables if there are no hugepages available
Change-Id: Ib286e1a370deeb21248e6e961573ef9c68759b4c
Signed-off-by: Damjan Marion <damarion@cisco.com>
Signed-off-by: Dave Barach <dave@barachs.net>
JIRA: VPP-1227
Remove rpm tmp dir build debuginfo rpms.
Reverses commits to fix a build problem with old versions of rpmbuild
that prevented builds in chrooted environments with short paths
and short project names.
Change-Id: I852696dccc984bf4882fd3ca9ec4c8da080bdb41
Signed-off-by: Thomas F Herbert <therbert@redhat.com>
JIRA: VPP-1229
Subunit and Subunit-devel in Fedora and Epel but not Centos.
This patch moves the Fedora from the Centos specific requirements.
Change-Id: I093a4571cddf14af5ee2827ba8ee00c7bcbe6fc0
Signed-off-by: Thomas F Herbert <therbert@redhat.com>
If l2-fwd node does not find an L2FIB entry for DMAC of packet,
use input feature bitmap to find next node instead of always
sending packet to l2-flood node to perform unknow unicast flood.
It provides possibilty of using other feature to forward unknow
unicast packet instead of flooding the BD.
Change-Id: I56b277050537678c92bd548d96d87cadc8d2e287
Signed-off-by: John Lo <loj@cisco.com>
Although mbedtls is in Fedora and Epel, it is not
in Centos yet. It is not strictly necessary for TLS
which also can use openssl.
Change-Id: Id62d52000f9ecda2fc10d1938f02be1142fa5bdb
Signed-off-by: Thomas F Herbert <therbert@redhat.com>
Revert "Setup for branch stable/1804"
This reverts commit c9c0988a0f331cbecfefb3f8cf0617b42bc89139.
Change-Id: I53ac0e9742317962aebe6f6eb5c9180fa87af2a8
Signed-off-by: Chris Luke <chrisy@flirble.org>
