This change is used to add cli command for macip acl rules.
Cli commands added for addition and deletion of rule.
Type: improvement
Change-Id: I28adba0193a904f6c130c81cd19bb6de47f517a9
Signed-off-by: Sanjyot Vaidya <Sanjyot.Vaidya@arm.com>
The VPP API auto-generated endian conversion functions are intended to
be symmetrical. They are used both by the API client and the API server.
Called on send to convert from host endian to network endian and on
receive to convert back.
For variable length arrays, we have to iterate over the array and call
a more specific handler for the array type. Unfortunately the length of
the array is part of the api definition, and if it's endian swapped
prior to the for loop, unexpected behaviour will ensue.
There was an earlier fix, for some specific messages, but unfortunately
that only fixed the problem from the VPP (server) side.
This adds a new parameters to the endian handler, so the boundary
argument to the loop can be treated differently depending on if this
message is to the network or from the network.
Type: fix
Change-Id: I43011aed384e3b847579a1dd2c390867ae17a9ad
Signed-off-by: Ole Troan <otroan@employees.org>
On glibc this builds fine; on musl the byteswap header doesn't seem to be
included properly. This change adds it, fixing the build.
Type: fix
Change-Id: I402812409395d471357b6317084774afba39548f
Signed-off-by: Eric Sun <esun@meraki.com>
Signed-off-by: Pierre Pfister <ppfister@cisco.com>
Allow the CLI caller to specify an optional [index <idx>] index,
which will remove the ACL at that index. This mimicks the API behavior,
Add a 'delete acl-plugin acl index <idx>' to mimick the API acl_del
call, which will refuse to delete a non-existent index, as well as
an index that is referenced by an interface.
Type: improvement
Signed-off-by: pim@ipng.nl
Change-Id: I5f240f7a4e3bca14e8122917e8a5186d80094de2
API refactoring moved the address-family tag from rule
level down to prefix level.
This necessarily warrants the check that they are the same.
Also, add a check that the address family is sane.
Change-Id: Ia63b688cc9e7c9e9cc773e89708d9e9f99185fb7
Type: fix
Signed-off-by: Andrew Yourtchenko <ayourtch@gmail.com>
The statement
pw0->pending_clear_sw_if_index_bitmap =
clib_bitmap_dup (pw0->serviced_sw_if_index_bitmap);
will cause pw0->pending_clear_sw_if_index_bitmap's previous
vector to be gone. Need to free it prior to calling clib_bitmap_dup()
Type: fix
Signed-off-by: Steven Luong <sluong@cisco.com>
Change-Id: I20de780e73daea7be17efa0bf660af2592cd4680
Use of _vec_len() to set vector length breaks address sanitizer.
Users should use vec_set_len(), vec_inc_len(), vec_dec_len () instead.
Type: improvement
Change-Id: I441ae948771eb21c23a61f3ff9163bdad74a2cb8
Signed-off-by: Damjan Marion <damarion@cisco.com>
fa_session_t *sess;
CLIB_PREFETCH (sess, 2 * CLIB_CACHE_LINE_BYTES, STORE);
sizeof(fa_session_t) is 128 bytes
i) on 64B cacheline size Arm machine,
above CLIB_PREFETCH () macro will be expand to
__builtin_prefetch(sess)
__builtin_prefetch(sess + 64)
__builtin_prefetch(sess + 128) << prefetch is out of range of *sess.
__builtin_prefetch(sess + 192) <<
ii) on 128B cacheline size Arm machine, CLIB_PREFETCH () expands to
__builtin_prefetch(sess)
__builtin_prefetch(sess + 128) << still out of bound
Solution:
Change to CLIB_PREFETCH (sess, sizeof(*sess), STORE);
Type: fix
Signed-off-by: Tianyu Li <tianyu.li@arm.com>
Reviewed-by: Lijian Zhang <lijian.zhang@arm.com>
Change-Id: I4b3d4fc55747f3d9ad1bcf24f8834601a03ef55e
In some cases (ACL of a few lines long with a lot of different subnet masks), linear lookup
may be more efficient than the hash-based lookup. Expose the API to allow the control plane
to choose what lookup algorithm to use.
Type: improvement
Change-Id: I540dd1b4ce63c5106a556d550f911f3a578b33e0
Signed-off-by: Andrew Yourtchenko <ayourtch@gmail.com>
Put plugin init order inside plugin instead of in vnet
Type: improvement
Signed-off-by: Bin Zhou (bzhou2) <bzhou2@cisco.com>
Change-Id: Icbacdb3f1cb4ac9d74e3f78458e8bc333793b4d6
- Generate copyright year and version
instead of using hard-coded data
Type: refactor
Signed-off-by: Dave Wallace <dwallacelf@gmail.com>
Change-Id: I6058f5025323b3aa483f5df4a2c4371e27b5914e
Sending the bogus acl_add_replace message with count=~0 will result in
an overflow of "expected_len" field which is a u32, thus the message
will pass the validation when it should not.
Solution - make the expected_len a u64 to avoid overflow.
The bug was found while experimenting with libfuzzer as part of
https://gerrit.fd.io/r/c/vpp/+/31763
Type: fix
Change-Id: I4a866d48f2418148236f1b1d77c487b869c7c43d
Signed-off-by: Andrew Yourtchenko <ayourtch@gmail.com>
Allow to supply the external VPP worker config for tests which
do not specify the workers config explicitly, and use
the tags infra to flag those that need attention in this configuration.
This commit shows one example use of such a tag, there will be
a separate commit with the rest of the places needing it,
since that change is rather mechanical.
Thus, the assumption is that the test should by default be agnostic
of the VPP configuration, unless it explicitly specifies so.
Type: test
Change-Id: I3c0077e4e22a75cb9561fb98d3b783b93486b2be
Signed-off-by: Andrew Yourtchenko <ayourtch@gmail.com>
Type: fix
In order to build VPP as a package for an embedded Yocto-based
distribution, this patch replaces the use of the glibc internal
__bswap_64 function with the VPP function clib_net_to_host_u64, which is
provided by vppinfra.
Change-Id: I3ecc8525861dc3441bce2b51aa4c80f9a62d3051
Signed-off-by: Nathan Moos <nmoos@cisco.com>
tag is expected to be a null-terminated C-string
Type: fix
Change-Id: I633719068c37eac395cc30a6a314c00848e9cdca
Signed-off-by: Benoît Ganne <bganne@cisco.com>
- tag is expected to be 64-bytes
- when specifying tag on cli, a vector is allocated. Make sure it is
freed
Type: fix
Change-Id: Id1741fe406819ca9f71edb081d4483f52cae547d
Signed-off-by: Benoît Ganne <bganne@cisco.com>
Counter checks in ACL tests were incorrect if VPP is running with multiple workers
Change-Id: Id095d55c6cd3bfee8aaac6d177984e569e87d29b
Type: fix
Signed-off-by: Andrew Yourtchenko <ayourtch@gmail.com>
Improves compilation time and reduces object file size for 1MB
Type: improvement
Change-Id: Ibe4840c0ced22070248d93822ea61afe20aff65c
Signed-off-by: Damjan Marion <damarion@cisco.com>
Custom ACL-plugin heap was useful in early stages,
but it interferes with other infra optimizations.
Remove it and use global heap.
Change-Id: I2300548f1d1798dec27bc5a2a41cf37f9fcda95d
Type: improvement
Signed-off-by: Andrew Yourtchenko <ayourtch@gmail.com>
The "ACL as a service" lookup infra is shared, so a global heap must
be used.
Type: fix
Signed-off-by: Andrew Yourtchenko <ayourtch@gmail.com>
Change-Id: I86894254b737392c1968b6a581b5a37590376428
"ipv4"/"ipv6" option is not supported in acl_add_replace and
macip_acl_add_replace vat api.
Update its help message per actual api usage.
Type: fix
Change-Id: I8d34fac5f98bd78a46a5e98df05cd35182988dd8
Signed-off-by: Lijian Zhang <Lijian.Zhang@arm.com>
Reviewed-by: Jieqiang Wang <Jieqiang.Wang@arm.com>
Reviewed-by: Govindarajan Mohandoss <Govindarajan.Mohandoss@arm.com>
facilitates use of papi beyond the tests.
Type: improvement
Change-Id: I3d502d9130b81a7fb65ee69bb06fe55802b28a27
Signed-off-by: Paul Vinciguerra <pvinci@vinciconsulting.com>
Use consistent API types.
Type: fix
Signed-off-by: Jakub Grajciar <jgrajcia@cisco.com>
Change-Id: I09fa6c1b6917936351bd376b56c414ce24488095
Signed-off-by: Jakub Grajciar <jgrajcia@cisco.com>
Use consistent API types.
Type: fix
Signed-off-by: Jakub Grajciar <jgrajcia@cisco.com>
Change-Id: If90d753f129312400c4c3669bb86289d0c3e0d99
Signed-off-by: Jakub Grajciar <jgrajcia@cisco.com>
Type: improvement
when using vlib_buffer_enqueue_to_next the 'nexts' parameter is an array
of u16, but vnet_feautre_next takes a u32. this is a simple wrapper to
address the impedence mismatch.
Signed-off-by: Neale Ranns <nranns@cisco.com>
Change-Id: I0fa86629e979e313344eb68442dc35a7b9537a8f
The mheap allocator has been turned off for several releases. This
commit removes the cmake config parameter, parallel support for
dlmalloc and mheap, and the mheap allocator itself.
Type: refactor
Signed-off-by: Dave Barach <dave@barachs.net>
Change-Id: I104f88a1f06e47e90e5f7fb3e11cd1ca66467903
