There was no test coverage for a scenario of an interface having an
ACL and that interface being deleted. Add a basic sanity test which
applies an ACL to an interface and then deletes that interface.
Change-Id: Ib6462e02cf69f1173125ac2481c608f68eb389ac
Signed-off-by: Andrew Yourtchenko <ayourtch@gmail.com>
During the testing of 94f9a6de3f706243d138e05b63fef1d5c8174f6c
I realized there was no test coverage for the cases where
the ACLs are added then modified while having beein applied.
This change adds some simple shuffling to l2l3 ACL test set,
whereby after each of the ACLs being applied, a few extra ACLs
are applied at the front and the back of the list, and are changed
several times, the base for the changes being the set of all the
ACEs that are being applied previously.
After these few shuffles, the routine restores the applied ACLs
and proceeds to the test as usual.
Change-Id: Ieda2aa5b7963746d62484e54719309de9c1ee752
Signed-off-by: Andrew Yourtchenko <ayourtch@gmail.com>
We were only puting one packet per frame to the output node. Change to
buffer multiple packets per frame. Performance is now on top of dpdk-based
bonding.
Put a spinlock in the tx thread in case the rug is pulled under us.
Change-Id: Ifda5af086a984a7301972cd6c8e428217f676a95
Signed-off-by: Steven <sluong@cisco.com>
This reverts commit 378ac0533e5ac8c3121d8f66ba61a8548e55282f.
Change-Id: If34b1c964453adb0e4c44e3eab4f6e306bd9c9e9
Signed-off-by: Damjan Marion <damarion@cisco.com>
This code implements the functionality required for other plugins wishing
to perform ACL lookups in the contexts of their choice, rather than only
in the context of the interface in/out.
The lookups are the stateless ACLs - there is no concept of "direction"
within the context, hence no concept of "connection" either.
The plugins need to include the
The file acl_lookup_context.md has more info.
Change-Id: I91ba97428cc92b24d1517e808dc2fd8e56ea2f8d
Signed-off-by: Andrew Yourtchenko <ayourtch@gmail.com>
Do not translate packet which go out via nat44-in2out-output and was tranlated
in nat44-out2in before. On way back forward packet to nat44-in2out node.
Change-Id: I934d69856f0178c86ff879bc691c9e074b8485c8
Signed-off-by: Matus Fabian <matfabia@cisco.com>
In version 1 of the protocol sender was always ring producer and
receiver was consumer. In version 2 slave is always producer,
and in case of master-to-slave rings, slave is responsible for
populating ring with empty buffers.
As this is major change, we need to bump version number.
In addition, descriptor size is reduced to 16 bytes.
This change allows zero-copy-slave operation (to be privided in the separate
patch).
Change-Id: I02115d232f455ffc05c0bd247f7d03f47252cfaf
Signed-off-by: Damjan Marion <damarion@cisco.com>
Signed-off-by: Jakub Grajciar <jgrajcia@cisco.com>
This fixes issue with unaligned vector access on gcc-7.
As udp_encap_t is declared as cacheline aligned, alloc also need to be.
Change-Id: Ic30876911baf2c22c135097490075fa7bcf0ca18
Signed-off-by: Damjan Marion <damarion@cisco.com>
- Show interface on which given MACIP ACL is applied
- index is added for show acl-plugin macip acl:
ex) show acl-plugin macip acl [index N]
Change-Id: I3e888c8e3267060fe157dfc1bbe3e65371bd858a
Signed-off-by: Steve Shin <jonshin@cisco.com>
Add bonding driver to support creation of bond interface which composes of
multiple slave interfaces. The slave interfaces could be physical interfaces,
or just any virtual interfaces. For example, memif interfaces.
The syntax to create a bond interface is
create bond mode <lacp | xor | acitve-backup | broadcast | round-robin>
To enslave an interface to the bond interface,
enslave interface TenGigabitEthernet6/0/0 to BondEthernet0
Please see src/plugins/lacp/lacp_doc.md for more examples and additional
options.
LACP is a control plane protocol which manages and monitors the status of
the slave interfaces. The protocol is part of 802.3ad standard. This patch
implements LACPv1. LACPv2 is not supported.
To enable LACP on the bond interface, specify "mode lacp" when the bond
interface is created. The syntax to enslave a slave interface is the same as
other bonding modes.
Change-Id: I06581d3b87635972f9f0e1ec50b67560fc13e26c
Signed-off-by: Steven <sluong@cisco.com>
This change makes ip reassembly an interface feature, while adding
concurrency support. Due to this, punt is no longer needed to test
reassembly.
Change-Id: I467669514ec33283ce935be0f1dd08f07684f0c7
Signed-off-by: Klement Sekera <ksekera@cisco.com>
The interpose source allows the source/provider to insert/interpose
a DPO in the forwarding chain of the FIB entry ahead of the forwarding
provided by the next best source. For example if the API source (i.e
the 'control plane') has provided an adjacency for forwarding, then
an interpose source (e.g. a monitoring service) couold interpose a
replicatte DPO to copy the traffic to another location AND forward
using the API's adjacency.
To use the interose feature an existing source (i.e FIB_SOURCE_PLUGIN_HI)
cn specifiy as a flag FIB_ENTRY_FLAG_INTERPOSE and provide a DPO to
interpose. One might also consider using interpose in conjunction with
FIB_ENTRY_FLAG_COVER_INHERIT to ensure the interpose object affects
all prefixes in the sub-tree.
Change-Id: I8b2737b985f8f7c08123406d0491881def347b52
Signed-off-by: Neale Ranns <nranns@cisco.com>
ARP packets need to be allowed for dot1q interface when MACIP is enabled.
Change-Id: I33dd3cb6c6100c49420d57360a277f65c55ac816
Signed-off-by: Steve Shin <jonshin@cisco.com>
- host mode:
igmp_listen - API to signal that the host has joined an (S,G)
- route mode:
igmp_enable - API to enable the reception of host IGMP messages
igmp_event - API to report the host join/leave from an (S,G)
Change-Id: Id180ec27dee617d33ab3088f5dcf6125d3aa9c8f
Signed-off-by: Jakub Grajciar <jgrajcia@cisco.com>
- many of the patches fd.io applies in test/patches/2.3.3 are now upstreamed in 2.4
- 2.4 adds support for IGMPv3 which is my main motivation for the upgrade
Change-Id: If2c0a524e3cba320b4a5d8cd07817c6ea2bf0c5a
Signed-off-by: Neale Ranns <nranns@cisco.com>
After the addition of "qos" cli, "quit" command is not the only match
for "q". Therefore, add a separate "q" cli to avoid ambiguity.
Change-Id: I84f6ddce14ef7d5fa7089537cb62adfecea0e501
Signed-off-by: Florin Coras <fcoras@cisco.com>
Change vlib_buffer_add_data() so it interprets ~0 to mean please
allocate a new buffer, instead of 0. Fixed a couple of calls to pass
~0 instead of 0.
Zero has always been a valid buffer index, we never happened to
actually use it until recent buffer allocator changes.
The presenting symptom: ASSERT failure when running "make
TEST=test_mpls test-debug"
Change-Id: Ic909913c1d464b3434d6d47e0c58f978806854d5
Signed-off-by: Dave Barach <dave@barachs.net>
This introduces a startup config option for configuring stats poller delay.
Use `stats { interval <seconds> }` to configure the delay at startup.
The default value remains unchanged - 10 seconds.
Change-Id: If12cb1f7f6f1f8ecfa461561bc77847cdf260388
Signed-off-by: Klement Sekera <ksekera@cisco.com>
Add API call to send Router Solicitation messages.
Save info from incoming Router Advertisement messages and notify listeners.
Change-Id: Ie518b5492231e03291bd4c4280be4727bfecab46
Signed-off-by: Juraj Sloboda <jsloboda@cisco.com>
