A poor man's flow switching or policy based rounting.
An ACL is used to match packets and is associated with a [set of] forwarding paths
that determine how to forward matched packets - collectively this association is a
'policy'.
Policies are then 'attached', in a priority order, to an interface when thaey are
encountered as an input feature. If a packet matches no policies it is forwarded
normally in the IP FIB.
This commit is used to test the "ACL-as-a-service" functionality,
which currently compiles, and the existing traffic ACL tests pass in both hash and linear modes.
Change-Id: I0b274ec9f2e645352fa898b43eb54c457e195964
Signed-off-by: Neale Ranns <nranns@cisco.com>
Signed-off-by: Andrew Yourtchenko <ayourtch@gmail.com>
Signed-off-by: Ole Troan <ot@cisco.com>
The vhost binary APIs for add/delete/dump interface were available long ago.
But no unit tests were ever added in make test. This patch is to retrofit
the missing unit tests.
Change-Id: I489521b5ae359a1168ac5880a1f13a5f7e93ce4a
Signed-off-by: Steven <sluong@cisco.com>
This reverts commit 70083ee74c3141bbefb185525315f1b34497dcaa.
Reverting as this patch is causing following crash:
0: /home/damarion/cisco/vpp3/build-data/../src/vnet/devices/devices.h:131 (vnet_get_device_input_thread_index) assertion `queue_id < vec_len (hw->input_node_thread_index_by_queue)' fails
Aborted
Change-Id: Ie2a365032110b1f67be7a9d832885b9899813d39
Signed-off-by: Damjan Marion <damarion@cisco.com>
update the GBP plugin to implement the full NAT feature set of opflex agent
Change-Id: Ic06a039c889445ed0b9087fa1f292634192b0f8d
Signed-off-by: Neale Ranns <neale.ranns@cisco.com>
- Ignore warnings W504 (newline after binary operator) which otherwise
occurs a significant number of times.
- Fix two instances of lines >79 chars.
Change-Id: I8cef56f8afc237187995e638e610c8c0554e2bb5
Signed-off-by: Chris Luke <chrisy@flirble.org>
Allow setting of VPP_PYTHON_PREFIX to alternate location
so the python prereqs can be installed into base image
Also added test-dep trigger to isolate dependency install
from actual test run
Change-Id: Ia80f5dbf71bc24eb46cd6586bcadd474ef822704
Signed-off-by: Ed Kern <ejk@cisco.com>
This change fixes a bug which would corrupt features infra by making
feature infra resistant to double-removal. It also fixes 'out of memory'
issue by properly initializing the bihash tables.
Change-Id: I78ac03139234a9a0e0b48e7bdfac1c38a0069e82
Signed-off-by: Klement Sekera <ksekera@cisco.com>
The default config on Ubuntu 16.04.4 desktop results in truncated cores
when running make test which coredumps. Uninstalling the filter program
(apport) makes the corefiles normal size. Print a warning about that fact,
so the others potentially affected didn't have to wonder.
Change-Id: Iba4b0a2765a25100d6e24fd7f4de0e0339efd835
Signed-off-by: Andrew Yourtchenko <ayourtch@gmail.com>
Use sw_if_index[VLIB_TX] if set as fib index when doing the urpf check.
Change-Id: I5ec3e7f7a54c6782704d91e9a5614fd0f7f9e3de
Signed-off-by: Florin Coras <fcoras@cisco.com>
Static mapping is not deleted from resolution vector after address is set on
interface.
Change-Id: Ib7c45ca2e307123d101248c5a1b17d130ac32cd0
Signed-off-by: Matus Fabian <matfabia@cisco.com>
- allow to optionally specify the specific MACIP ACL index:
'show acl-plugin macip acl [index N]'
- after showing the MACIP ACL, show the sw_if_index of
interface(s) where it is applied.
Also, add some executions of this debug commands
to the MACIP test case for easy verification.
Change-Id: I56cf8272abc20b1b2581b60d528d27a70d186b18
Signed-off-by: Andrew Yourtchenko <ayourtch@gmail.com>
Add a few dhcp client rx packet/state counters
Temporarily disable the dhcp client unit test, since it trips over the
newly-added hardware address check.
Change-Id: I7f68607e6ed3d738cba357c3fe76664a99b71cd8
Signed-off-by: Dave Barach <dave@barachs.net>
Parsing the list of applied ACLs from the debug CLI output
is not a good idea, since the debug CLI can and will change.
Fix that.
Change-Id: Ia47214863f2658a54219f59cb974b5cbc536f862
Signed-off-by: Andrew Yourtchenko <ayourtch@gmail.com>
There was no test coverage for a scenario of an interface having an
ACL and that interface being deleted. Add a basic sanity test which
applies an ACL to an interface and then deletes that interface.
Change-Id: Ib6462e02cf69f1173125ac2481c608f68eb389ac
Signed-off-by: Andrew Yourtchenko <ayourtch@gmail.com>
During the testing of 94f9a6de3f706243d138e05b63fef1d5c8174f6c
I realized there was no test coverage for the cases where
the ACLs are added then modified while having beein applied.
This change adds some simple shuffling to l2l3 ACL test set,
whereby after each of the ACLs being applied, a few extra ACLs
are applied at the front and the back of the list, and are changed
several times, the base for the changes being the set of all the
ACEs that are being applied previously.
After these few shuffles, the routine restores the applied ACLs
and proceeds to the test as usual.
Change-Id: Ieda2aa5b7963746d62484e54719309de9c1ee752
Signed-off-by: Andrew Yourtchenko <ayourtch@gmail.com>
Do not translate packet which go out via nat44-in2out-output and was tranlated
in nat44-out2in before. On way back forward packet to nat44-in2out node.
Change-Id: I934d69856f0178c86ff879bc691c9e074b8485c8
Signed-off-by: Matus Fabian <matfabia@cisco.com>
Add bonding driver to support creation of bond interface which composes of
multiple slave interfaces. The slave interfaces could be physical interfaces,
or just any virtual interfaces. For example, memif interfaces.
The syntax to create a bond interface is
create bond mode <lacp | xor | acitve-backup | broadcast | round-robin>
To enslave an interface to the bond interface,
enslave interface TenGigabitEthernet6/0/0 to BondEthernet0
Please see src/plugins/lacp/lacp_doc.md for more examples and additional
options.
LACP is a control plane protocol which manages and monitors the status of
the slave interfaces. The protocol is part of 802.3ad standard. This patch
implements LACPv1. LACPv2 is not supported.
To enable LACP on the bond interface, specify "mode lacp" when the bond
interface is created. The syntax to enslave a slave interface is the same as
other bonding modes.
Change-Id: I06581d3b87635972f9f0e1ec50b67560fc13e26c
Signed-off-by: Steven <sluong@cisco.com>
This change makes ip reassembly an interface feature, while adding
concurrency support. Due to this, punt is no longer needed to test
reassembly.
Change-Id: I467669514ec33283ce935be0f1dd08f07684f0c7
Signed-off-by: Klement Sekera <ksekera@cisco.com>
The interpose source allows the source/provider to insert/interpose
a DPO in the forwarding chain of the FIB entry ahead of the forwarding
provided by the next best source. For example if the API source (i.e
the 'control plane') has provided an adjacency for forwarding, then
an interpose source (e.g. a monitoring service) couold interpose a
replicatte DPO to copy the traffic to another location AND forward
using the API's adjacency.
To use the interose feature an existing source (i.e FIB_SOURCE_PLUGIN_HI)
cn specifiy as a flag FIB_ENTRY_FLAG_INTERPOSE and provide a DPO to
interpose. One might also consider using interpose in conjunction with
FIB_ENTRY_FLAG_COVER_INHERIT to ensure the interpose object affects
all prefixes in the sub-tree.
Change-Id: I8b2737b985f8f7c08123406d0491881def347b52
Signed-off-by: Neale Ranns <nranns@cisco.com>
- host mode:
igmp_listen - API to signal that the host has joined an (S,G)
- route mode:
igmp_enable - API to enable the reception of host IGMP messages
igmp_event - API to report the host join/leave from an (S,G)
Change-Id: Id180ec27dee617d33ab3088f5dcf6125d3aa9c8f
Signed-off-by: Jakub Grajciar <jgrajcia@cisco.com>
- many of the patches fd.io applies in test/patches/2.3.3 are now upstreamed in 2.4
- 2.4 adds support for IGMPv3 which is my main motivation for the upgrade
Change-Id: If2c0a524e3cba320b4a5d8cd07817c6ea2bf0c5a
Signed-off-by: Neale Ranns <nranns@cisco.com>
Add API call to send Router Solicitation messages.
Save info from incoming Router Advertisement messages and notify listeners.
Change-Id: Ie518b5492231e03291bd4c4280be4727bfecab46
Signed-off-by: Juraj Sloboda <jsloboda@cisco.com>
