Compare commits
15 Commits
v18.07.1
...
v18.04-rc2
| Author | SHA1 | Date | |
|---|---|---|---|
|
18744ee680 | ||
|
|
1a2b9e6d73 | ||
|
|
70e1ae2659 | ||
|
|
9c4ae7f6d0 | ||
|
|
1286a15a6e | ||
|
|
e5cbccf35f | ||
|
|
45d9ba1b32 | ||
|
|
c1a30f61ec | ||
|
|
405b0732e1 | ||
|
|
52e947dfae | ||
|
|
decc3c52d7 | ||
|
|
88f0a3d930 | ||
|
|
24c3733f1f | ||
|
|
ca3c508401 | ||
|
|
7ace56b9d8 |
@ -2,3 +2,4 @@
|
||||
host=gerrit.fd.io
|
||||
port=29418
|
||||
project=vpp
|
||||
defaultbranch=stable/1804
|
||||
|
||||
6
Makefile
6
Makefile
@ -84,19 +84,21 @@ RPM_DEPENDS += apr-devel
|
||||
RPM_DEPENDS += numactl-devel
|
||||
RPM_DEPENDS += check check-devel
|
||||
RPM_DEPENDS += boost boost-devel
|
||||
RPM_DEPENDS += subunit subunit-devel
|
||||
RPM_DEPENDS += selinux-policy selinux-policy-devel
|
||||
RPM_DEPENDS += mbedtls-devel
|
||||
|
||||
ifeq ($(OS_ID)-$(OS_VERSION_ID),fedora-25)
|
||||
RPM_DEPENDS += subunit subunit-devel
|
||||
RPM_DEPENDS += openssl-devel
|
||||
RPM_DEPENDS += python-devel python2-ply
|
||||
RPM_DEPENDS += python2-virtualenv
|
||||
RPM_DEPENDS += mbedtls-devel
|
||||
RPM_DEPENDS_GROUPS = 'C Development Tools and Libraries'
|
||||
else ifeq ($(shell if [ "$(OS_ID)" = "fedora" ]; then test $(OS_VERSION_ID) -gt 25; echo $$?; fi),0)
|
||||
RPM_DEPENDS += subunit subunit-devel
|
||||
RPM_DEPENDS += compat-openssl10-devel
|
||||
RPM_DEPENDS += python2-devel python2-ply
|
||||
RPM_DEPENDS += python2-virtualenv
|
||||
RPM_DEPENDS += mbedtls-devel
|
||||
RPM_DEPENDS_GROUPS = 'C Development Tools and Libraries'
|
||||
else
|
||||
RPM_DEPENDS += openssl-devel
|
||||
|
||||
@ -3,8 +3,7 @@
|
||||
%define _vpp_build_dir build-tool-native
|
||||
%define _unitdir /lib/systemd/system
|
||||
%define _builddir %{_topdir}
|
||||
%define _tmp_build_dir %{name}-%{_version}.0
|
||||
%define _mu_build_dir %{_topdir}/%{_tmp_build_dir}/build-root
|
||||
%define _mu_build_dir %{_topdir}/%{name}-%{_version}/build-root
|
||||
%define _vpp_tag %{getenv:TAG}
|
||||
%if "%{_vpp_tag}" == ""
|
||||
%define _vpp_tag vpp
|
||||
@ -50,14 +49,17 @@ Release: %{_release}
|
||||
Requires: vpp-lib = %{_version}-%{_release}, vpp-selinux-policy = %{_version}-%{_release}, net-tools, pciutils, python
|
||||
BuildRequires: systemd, chrpath
|
||||
BuildRequires: check, check-devel
|
||||
BuildRequires: subunit, subunit-devel
|
||||
%if 0%{?fedora} >= 26
|
||||
BuildRequires: subunit, subunit-devel
|
||||
BuildRequires: compat-openssl10-devel
|
||||
BuildRequires: python2-devel, python2-virtualenv
|
||||
BuildRequires: mbedtls-devel
|
||||
%else
|
||||
%if 0%{?fedora} == 25
|
||||
BuildRequires: subunit, subunit-devel
|
||||
BuildRequires: openssl-devel
|
||||
BuildRequires: python-devel, python2-virtualenv
|
||||
BuildRequires: mbedtls-devel
|
||||
%else
|
||||
BuildREquires: openssl-devel
|
||||
BuildRequires: python-devel, python-virtualenv
|
||||
@ -70,7 +72,6 @@ BuildRequires: numactl-devel
|
||||
BuildRequires: autoconf automake libtool byacc bison flex
|
||||
BuildRequires: boost boost-devel
|
||||
BuildRequires: selinux-policy selinux-policy-devel
|
||||
BuildRequires: mbedtls-devel
|
||||
|
||||
Source: %{name}-%{_version}-%{_release}.tar.xz
|
||||
# Source: vpp-latest.tar.xz
|
||||
@ -149,20 +150,13 @@ Requires(post): selinux-policy-base >= %{selinux_policyver}, selinux-policy-targ
|
||||
This package contains a tailored VPP SELinux policy
|
||||
|
||||
%prep
|
||||
# Unpack into dir with longer name as work around of debugedit bug in in rpm-build 4.13
|
||||
rm -rf %{name}-%{_version}
|
||||
rm -rf %{_tmp_build_dir}
|
||||
/usr/bin/xz -dc '%{_sourcedir}/%{name}-%{_version}-%{_release}.tar.xz' | /usr/bin/tar -xf -
|
||||
mv %{name}-%{_version} %{_tmp_build_dir}
|
||||
cd '%{_tmp_build_dir}'
|
||||
/usr/bin/chmod -Rf a+rX,u+w,g-w,o-w .
|
||||
%setup -q -n %{name}-%{_version}
|
||||
|
||||
%pre
|
||||
# Add the vpp group
|
||||
groupadd -f -r vpp
|
||||
|
||||
%build
|
||||
cd '%{_tmp_build_dir}'
|
||||
%if %{with aesni}
|
||||
make bootstrap
|
||||
make -C build-root PLATFORM=vpp TAG=%{_vpp_tag} install-packages
|
||||
|
||||
@ -54,6 +54,7 @@
|
||||
#include "public_inlines.h"
|
||||
|
||||
acl_main_t acl_main;
|
||||
acl_main_t *p_acl_main = &acl_main;
|
||||
|
||||
#define REPLY_MSG_ID_BASE am->msg_id_base
|
||||
#include <vlibapi/api_helper_macros.h>
|
||||
|
||||
@ -362,6 +362,13 @@ AH has a special treatment of its length, it is in 32-bit words, not 64-bit word
|
||||
|
||||
|
||||
extern acl_main_t acl_main;
|
||||
/*
|
||||
* pointer to the above.
|
||||
* Needed for some gymnastics to be able to provide
|
||||
* the inline functions from this plugin to other plugins.
|
||||
*/
|
||||
|
||||
extern acl_main_t *p_acl_main;
|
||||
|
||||
void *acl_plugin_set_heap();
|
||||
|
||||
|
||||
@ -201,6 +201,9 @@ void acl_plugin_put_lookup_context_index (u32 lc_index)
|
||||
*/
|
||||
int acl_plugin_set_acl_vec_for_context (u32 lc_index, u32 *acl_list)
|
||||
{
|
||||
int rv = 0;
|
||||
uword *seen_acl_bitmap = 0;
|
||||
u32 *pacln = 0;
|
||||
acl_main_t *am = &acl_main;
|
||||
acl_lookup_context_t *acontext;
|
||||
if (am->trace_acl) {
|
||||
@ -216,6 +219,25 @@ int acl_plugin_set_acl_vec_for_context (u32 lc_index, u32 *acl_list)
|
||||
}
|
||||
void *oldheap = acl_plugin_set_heap ();
|
||||
|
||||
vec_foreach (pacln, acl_list)
|
||||
{
|
||||
if (pool_is_free_index (am->acls, *pacln))
|
||||
{
|
||||
/* ACL is not defined. Can not apply */
|
||||
clib_warning ("ERROR: ACL %d not defined", *pacln);
|
||||
rv = VNET_API_ERROR_NO_SUCH_ENTRY;
|
||||
goto done;
|
||||
}
|
||||
if (clib_bitmap_get (seen_acl_bitmap, *pacln))
|
||||
{
|
||||
/* ACL being applied twice within the list. error. */
|
||||
clib_warning ("ERROR: ACL %d being applied twice", *pacln);
|
||||
rv = VNET_API_ERROR_ENTRY_ALREADY_EXISTS;
|
||||
goto done;
|
||||
}
|
||||
seen_acl_bitmap = clib_bitmap_set (seen_acl_bitmap, *pacln, 1);
|
||||
}
|
||||
|
||||
acontext = pool_elt_at_index(am->acl_lookup_contexts, lc_index);
|
||||
u32 *old_acl_vector = acontext->acl_indices;
|
||||
acontext->acl_indices = vec_dup(acl_list);
|
||||
@ -226,8 +248,11 @@ int acl_plugin_set_acl_vec_for_context (u32 lc_index, u32 *acl_list)
|
||||
apply_acl_vec(lc_index, acontext->acl_indices);
|
||||
|
||||
vec_free(old_acl_vector);
|
||||
|
||||
done:
|
||||
clib_bitmap_free (seen_acl_bitmap);
|
||||
clib_mem_set_heap (oldheap);
|
||||
return 0;
|
||||
return rv;
|
||||
}
|
||||
|
||||
|
||||
|
||||
@ -26,6 +26,19 @@
|
||||
/* check if a given ACL exists */
|
||||
|
||||
#ifdef ACL_PLUGIN_EXTERNAL_EXPORTS
|
||||
|
||||
/*
|
||||
* Define a pointer to the acl_main which will be filled during the initialization.
|
||||
*/
|
||||
acl_main_t *p_acl_main = 0;
|
||||
|
||||
/*
|
||||
* If the file is included more than once, the symbol collision will make the problem obvious.
|
||||
* If the include is done only once, it is just a lonely null var
|
||||
* sitting around.
|
||||
*/
|
||||
void *ERROR_ACL_PLUGIN_EXPORTS_FILE_MUST_BE_INCLUDED_ONLY_IN_ONE_PLACE = 0;
|
||||
|
||||
u8 (*acl_plugin_acl_exists) (u32 acl_index);
|
||||
#else
|
||||
u8 acl_plugin_acl_exists (u32 acl_index);
|
||||
@ -128,18 +141,19 @@ acl_plugin_match_5tuple_inline (u32 lc_index,
|
||||
|
||||
#ifdef ACL_PLUGIN_EXTERNAL_EXPORTS
|
||||
|
||||
#define LOAD_SYMBOL_FROM_PLUGIN(p, s) \
|
||||
#define LOAD_SYMBOL_FROM_PLUGIN_TO(p, s, st) \
|
||||
({ \
|
||||
s = vlib_get_plugin_symbol(p, #s); \
|
||||
if (!s) \
|
||||
st = vlib_get_plugin_symbol(p, #s); \
|
||||
if (!st) \
|
||||
return clib_error_return(0, \
|
||||
"Plugin %s and/or symbol %s not found.", p, #s); \
|
||||
})
|
||||
|
||||
#define LOAD_SYMBOL(s) LOAD_SYMBOL_FROM_PLUGIN("acl_plugin.so", s)
|
||||
#define LOAD_SYMBOL(s) LOAD_SYMBOL_FROM_PLUGIN_TO("acl_plugin.so", s, s)
|
||||
|
||||
static inline clib_error_t * acl_plugin_exports_init (void)
|
||||
{
|
||||
LOAD_SYMBOL_FROM_PLUGIN_TO("acl_plugin.so", acl_main, p_acl_main);
|
||||
LOAD_SYMBOL(acl_plugin_acl_exists);
|
||||
LOAD_SYMBOL(acl_plugin_register_user_module);
|
||||
LOAD_SYMBOL(acl_plugin_get_lookup_context_index);
|
||||
@ -345,7 +359,7 @@ always_inline void
|
||||
acl_plugin_fill_5tuple_inline (u32 lc_index, vlib_buffer_t * b0, int is_ip6,
|
||||
int is_input, int is_l2_path, fa_5tuple_opaque_t * p5tuple_pkt)
|
||||
{
|
||||
acl_main_t *am = &acl_main;
|
||||
acl_main_t *am = p_acl_main;
|
||||
acl_fill_5tuple(am, b0, is_ip6, is_input, is_l2_path, (fa_5tuple_t *)p5tuple_pkt);
|
||||
}
|
||||
|
||||
@ -528,7 +542,7 @@ acl_plugin_single_acl_match_5tuple (u32 acl_index, fa_5tuple_t * pkt_5tuple,
|
||||
int is_ip6, u8 * r_action, u32 * r_acl_match_p,
|
||||
u32 * r_rule_match_p, u32 * trace_bitmap)
|
||||
{
|
||||
acl_main_t * am = &acl_main;
|
||||
acl_main_t * am = p_acl_main;
|
||||
return single_acl_match_5tuple(am, acl_index, pkt_5tuple, is_ip6, r_action,
|
||||
r_acl_match_p, r_rule_match_p, trace_bitmap);
|
||||
}
|
||||
@ -538,7 +552,7 @@ linear_multi_acl_match_5tuple (u32 lc_index, fa_5tuple_t * pkt_5tuple,
|
||||
int is_ip6, u8 *r_action, u32 *acl_pos_p, u32 * acl_match_p,
|
||||
u32 * rule_match_p, u32 * trace_bitmap)
|
||||
{
|
||||
acl_main_t *am = &acl_main;
|
||||
acl_main_t *am = p_acl_main;
|
||||
int i;
|
||||
u32 *acl_vector;
|
||||
u8 action = 0;
|
||||
@ -691,7 +705,7 @@ hash_multi_acl_match_5tuple (u32 lc_index, fa_5tuple_t * pkt_5tuple,
|
||||
int is_ip6, u8 *action, u32 *acl_pos_p, u32 * acl_match_p,
|
||||
u32 * rule_match_p, u32 * trace_bitmap)
|
||||
{
|
||||
acl_main_t *am = &acl_main;
|
||||
acl_main_t *am = p_acl_main;
|
||||
applied_hash_ace_entry_t **applied_hash_aces = vec_elt_at_index(am->hash_entry_vec_by_lc_index, lc_index);
|
||||
u32 match_index = multi_acl_match_get_applied_ace_index(am, pkt_5tuple);
|
||||
if (match_index < vec_len((*applied_hash_aces))) {
|
||||
@ -717,7 +731,7 @@ acl_plugin_match_5tuple_inline (u32 lc_index,
|
||||
u32 * r_rule_match_p,
|
||||
u32 * trace_bitmap)
|
||||
{
|
||||
acl_main_t *am = &acl_main;
|
||||
acl_main_t *am = p_acl_main;
|
||||
if (am->use_hash_acl_matching) {
|
||||
return hash_multi_acl_match_5tuple(lc_index, (fa_5tuple_t *)pkt_5tuple, is_ip6, r_action,
|
||||
r_acl_pos_p, r_acl_match_p, r_rule_match_p, trace_bitmap);
|
||||
|
||||
@ -311,7 +311,8 @@ retry:
|
||||
n_free = ring->tail - mq->last_tail;
|
||||
if (n_free >= 16)
|
||||
{
|
||||
vlib_buffer_free_from_ring_no_next (vm, mq->buffers, mq->last_tail,
|
||||
vlib_buffer_free_from_ring_no_next (vm, mq->buffers,
|
||||
mq->last_tail & mask,
|
||||
ring_size, n_free);
|
||||
mq->last_tail += n_free;
|
||||
}
|
||||
|
||||
@ -383,9 +383,13 @@ memif_device_input_inline (vlib_main_t * vm, vlib_node_runtime_t * node,
|
||||
clib_memcpy64_x4 (b0, b1, b2, b3, bt);
|
||||
|
||||
b0->current_length = po[0].packet_len;
|
||||
n_rx_bytes += b0->current_length;
|
||||
b1->current_length = po[1].packet_len;
|
||||
n_rx_bytes += b1->current_length;
|
||||
b2->current_length = po[2].packet_len;
|
||||
n_rx_bytes += b2->current_length;
|
||||
b3->current_length = po[3].packet_len;
|
||||
n_rx_bytes += b3->current_length;
|
||||
|
||||
memif_add_to_chain (vm, b0, ptd->buffers + fbvi0 + 1, buffer_size);
|
||||
memif_add_to_chain (vm, b1, ptd->buffers + fbvi1 + 1, buffer_size);
|
||||
@ -455,6 +459,7 @@ memif_device_input_inline (vlib_main_t * vm, vlib_node_runtime_t * node,
|
||||
b0 = vlib_get_buffer (vm, bi0);
|
||||
clib_memcpy (b0, bt, 64);
|
||||
b0->current_length = po->packet_len;
|
||||
n_rx_bytes += b0->current_length;
|
||||
|
||||
memif_add_to_chain (vm, b0, ptd->buffers + fbvi0 + 1, buffer_size);
|
||||
|
||||
@ -534,15 +539,16 @@ memif_device_input_zc_inline (vlib_main_t * vm, vlib_node_runtime_t * node,
|
||||
u32 n_rx_packets = 0, n_rx_bytes = 0;
|
||||
u32 *to_next = 0, *buffers;
|
||||
u32 bi0, bi1, bi2, bi3;
|
||||
u16 s0, s1, s2, s3;
|
||||
memif_desc_t *d0, *d1, *d2, *d3;
|
||||
vlib_buffer_t *b0, *b1, *b2, *b3;
|
||||
u32 thread_index = vlib_get_thread_index ();
|
||||
memif_per_thread_data_t *ptd = vec_elt_at_index (mm->per_thread_data,
|
||||
thread_index);
|
||||
vlib_buffer_t *bt = &ptd->buffer_template;
|
||||
u16 cur_slot, last_slot, ring_size, n_slots, mask, head;
|
||||
i16 start_offset;
|
||||
u32 buffer_length;
|
||||
u16 n_alloc;
|
||||
u16 n_alloc, n_from;
|
||||
|
||||
mq = vec_elt_at_index (mif->rx_queues, qid);
|
||||
ring = mq->ring;
|
||||
@ -568,8 +574,6 @@ memif_device_input_zc_inline (vlib_main_t * vm, vlib_node_runtime_t * node,
|
||||
CLIB_CACHE_LINE_BYTES);
|
||||
while (n_slots && n_rx_packets < MEMIF_RX_VECTOR_SZ)
|
||||
{
|
||||
u16 s0;
|
||||
memif_desc_t *d0;
|
||||
vlib_buffer_t *hb;
|
||||
|
||||
s0 = cur_slot & mask;
|
||||
@ -582,7 +586,7 @@ memif_device_input_zc_inline (vlib_main_t * vm, vlib_node_runtime_t * node,
|
||||
hb = b0 = vlib_get_buffer (vm, bi0);
|
||||
b0->current_data = start_offset;
|
||||
b0->current_length = start_offset + d0->length;
|
||||
|
||||
n_rx_bytes += d0->length;
|
||||
|
||||
if (0 && memif_desc_is_invalid (mif, d0, buffer_length))
|
||||
return 0;
|
||||
@ -597,7 +601,7 @@ memif_device_input_zc_inline (vlib_main_t * vm, vlib_node_runtime_t * node,
|
||||
d0 = &ring->desc[s0];
|
||||
bi0 = mq->buffers[s0];
|
||||
|
||||
/*previous buffer */
|
||||
/* previous buffer */
|
||||
b0->next_buffer = bi0;
|
||||
b0->flags |= VLIB_BUFFER_NEXT_PRESENT;
|
||||
|
||||
@ -606,6 +610,7 @@ memif_device_input_zc_inline (vlib_main_t * vm, vlib_node_runtime_t * node,
|
||||
b0->current_data = start_offset;
|
||||
b0->current_length = start_offset + d0->length;
|
||||
hb->total_length_not_including_first_buffer += d0->length;
|
||||
n_rx_bytes += d0->length;
|
||||
|
||||
cur_slot++;
|
||||
n_slots--;
|
||||
@ -617,10 +622,7 @@ memif_device_input_zc_inline (vlib_main_t * vm, vlib_node_runtime_t * node,
|
||||
/* release slots from the ring */
|
||||
mq->last_tail = cur_slot;
|
||||
|
||||
u32 n_from = n_rx_packets;
|
||||
|
||||
vnet_buffer (bt)->sw_if_index[VLIB_RX] = mif->sw_if_index;
|
||||
|
||||
n_from = n_rx_packets;
|
||||
buffers = ptd->buffers;
|
||||
|
||||
while (n_from)
|
||||
@ -769,12 +771,12 @@ refill:
|
||||
head = ring->head;
|
||||
n_slots = ring_size - head + mq->last_tail;
|
||||
|
||||
if (n_slots < 8)
|
||||
if (n_slots < 32)
|
||||
goto done;
|
||||
|
||||
memif_desc_t *dt = &ptd->desc_template;
|
||||
memset (dt, 0, sizeof (memif_desc_t));
|
||||
dt->length = VLIB_BUFFER_DEFAULT_FREE_LIST_BYTES - start_offset;
|
||||
dt->length = buffer_length;
|
||||
|
||||
n_alloc = vlib_buffer_alloc_to_ring (vm, mq->buffers, head & mask,
|
||||
ring_size, n_slots);
|
||||
@ -785,15 +787,64 @@ refill:
|
||||
MEMIF_INPUT_ERROR_BUFFER_ALLOC_FAIL, 1);
|
||||
}
|
||||
|
||||
while (n_alloc--)
|
||||
while (n_alloc >= 32)
|
||||
{
|
||||
u16 s = head++ & mask;
|
||||
memif_desc_t *d = &ring->desc[s];
|
||||
clib_memcpy (d, dt, sizeof (memif_desc_t));
|
||||
b0 = vlib_get_buffer (vm, mq->buffers[s]);
|
||||
d->region = b0->buffer_pool_index + 1;
|
||||
d->offset =
|
||||
(void *) b0->data - mif->regions[d->region].shm + start_offset;
|
||||
bi0 = mq->buffers[(head + 4) & mask];
|
||||
vlib_prefetch_buffer_with_index (vm, bi0, LOAD);
|
||||
bi1 = mq->buffers[(head + 5) & mask];
|
||||
vlib_prefetch_buffer_with_index (vm, bi1, LOAD);
|
||||
bi2 = mq->buffers[(head + 6) & mask];
|
||||
vlib_prefetch_buffer_with_index (vm, bi2, LOAD);
|
||||
bi3 = mq->buffers[(head + 7) & mask];
|
||||
vlib_prefetch_buffer_with_index (vm, bi3, LOAD);
|
||||
|
||||
s0 = head++ & mask;
|
||||
s1 = head++ & mask;
|
||||
s2 = head++ & mask;
|
||||
s3 = head++ & mask;
|
||||
|
||||
d0 = &ring->desc[s0];
|
||||
d1 = &ring->desc[s1];
|
||||
d2 = &ring->desc[s2];
|
||||
d3 = &ring->desc[s3];
|
||||
|
||||
clib_memcpy (d0, dt, sizeof (memif_desc_t));
|
||||
clib_memcpy (d1, dt, sizeof (memif_desc_t));
|
||||
clib_memcpy (d2, dt, sizeof (memif_desc_t));
|
||||
clib_memcpy (d3, dt, sizeof (memif_desc_t));
|
||||
|
||||
b0 = vlib_get_buffer (vm, mq->buffers[s0]);
|
||||
b1 = vlib_get_buffer (vm, mq->buffers[s1]);
|
||||
b2 = vlib_get_buffer (vm, mq->buffers[s2]);
|
||||
b3 = vlib_get_buffer (vm, mq->buffers[s3]);
|
||||
|
||||
d0->region = b0->buffer_pool_index + 1;
|
||||
d1->region = b1->buffer_pool_index + 1;
|
||||
d2->region = b2->buffer_pool_index + 1;
|
||||
d3->region = b3->buffer_pool_index + 1;
|
||||
|
||||
d0->offset =
|
||||
(void *) b0->data - mif->regions[d0->region].shm + start_offset;
|
||||
d1->offset =
|
||||
(void *) b1->data - mif->regions[d1->region].shm + start_offset;
|
||||
d2->offset =
|
||||
(void *) b2->data - mif->regions[d2->region].shm + start_offset;
|
||||
d3->offset =
|
||||
(void *) b3->data - mif->regions[d3->region].shm + start_offset;
|
||||
|
||||
n_alloc -= 4;
|
||||
}
|
||||
while (n_alloc)
|
||||
{
|
||||
s0 = head++ & mask;
|
||||
d0 = &ring->desc[s0];
|
||||
clib_memcpy (d0, dt, sizeof (memif_desc_t));
|
||||
b0 = vlib_get_buffer (vm, mq->buffers[s0]);
|
||||
d0->region = b0->buffer_pool_index + 1;
|
||||
d0->offset =
|
||||
(void *) b0->data - mif->regions[d0->region].shm + start_offset;
|
||||
|
||||
n_alloc -= 1;
|
||||
}
|
||||
|
||||
CLIB_MEMORY_STORE_BARRIER ();
|
||||
@ -831,7 +882,7 @@ CLIB_MULTIARCH_FN (memif_input_fn) (vlib_main_t * vm,
|
||||
n_rx += memif_device_input_zc_inline (vm, node, frame, mif,
|
||||
dq->queue_id, mode_eth);
|
||||
}
|
||||
if (mif->flags & MEMIF_IF_FLAG_IS_SLAVE)
|
||||
else if (mif->flags & MEMIF_IF_FLAG_IS_SLAVE)
|
||||
{
|
||||
if (mif->mode == MEMIF_INTERFACE_MODE_IP)
|
||||
n_rx += memif_device_input_inline (vm, node, frame, mif,
|
||||
|
||||
@ -682,12 +682,12 @@ int snat_add_static_mapping(ip4_address_t l_addr, ip4_address_t e_addr,
|
||||
u32 ses_index;
|
||||
u64 user_index;
|
||||
snat_session_t * s;
|
||||
snat_static_map_resolve_t *rp, *rp_match = 0;
|
||||
|
||||
/* If the external address is a specific interface address */
|
||||
if (sw_if_index != ~0)
|
||||
{
|
||||
ip4_address_t * first_int_addr;
|
||||
snat_static_map_resolve_t *rp, *rp_match = 0;
|
||||
|
||||
for (i = 0; i < vec_len (sm->to_resolve); i++)
|
||||
{
|
||||
@ -830,7 +830,26 @@ int snat_add_static_mapping(ip4_address_t l_addr, ip4_address_t e_addr,
|
||||
}
|
||||
/* External address must be allocated */
|
||||
if (!a && (l_addr.as_u32 != e_addr.as_u32))
|
||||
return VNET_API_ERROR_NO_SUCH_ENTRY;
|
||||
{
|
||||
if (sw_if_index != ~0)
|
||||
{
|
||||
for (i = 0; i < vec_len (sm->to_resolve); i++)
|
||||
{
|
||||
rp = sm->to_resolve + i;
|
||||
if (rp->addr_only)
|
||||
continue;
|
||||
if (rp->sw_if_index != sw_if_index &&
|
||||
rp->l_addr.as_u32 != l_addr.as_u32 &&
|
||||
rp->vrf_id != vrf_id && rp->l_port != l_port &&
|
||||
rp->e_port != e_port && rp->proto != proto)
|
||||
continue;
|
||||
|
||||
vec_del1 (sm->to_resolve, i);
|
||||
break;
|
||||
}
|
||||
}
|
||||
return VNET_API_ERROR_NO_SUCH_ENTRY;
|
||||
}
|
||||
}
|
||||
|
||||
pool_get (sm->static_mappings, m);
|
||||
@ -942,7 +961,12 @@ int snat_add_static_mapping(ip4_address_t l_addr, ip4_address_t e_addr,
|
||||
else
|
||||
{
|
||||
if (!m)
|
||||
return VNET_API_ERROR_NO_SUCH_ENTRY;
|
||||
{
|
||||
if (sw_if_index != ~0)
|
||||
return 0;
|
||||
else
|
||||
return VNET_API_ERROR_NO_SUCH_ENTRY;
|
||||
}
|
||||
|
||||
/* Free external address port */
|
||||
if (!(addr_only || sm->static_mapping_only || out2in_only))
|
||||
|
||||
@ -293,7 +293,7 @@ vl_api_bier_imp_add_t_handler (vl_api_bier_imp_add_t * mp)
|
||||
{
|
||||
vl_api_bier_imp_add_reply_t *rmp;
|
||||
vnet_main_t *vnm;
|
||||
index_t bii;
|
||||
index_t bii = ~0;
|
||||
int rv = 0;
|
||||
|
||||
vnm = vnet_get_main ();
|
||||
|
||||
@ -288,8 +288,12 @@ dvr_dpo_inline (vlib_main_t * vm,
|
||||
(u8*)ethernet_buffer_get_header(b0));
|
||||
len1 = ((u8*)vlib_buffer_get_current(b1) -
|
||||
(u8*)ethernet_buffer_get_header(b1));
|
||||
vnet_buffer(b0)->l2.l2_len = len0;
|
||||
vnet_buffer(b1)->l2.l2_len = len1;
|
||||
vnet_buffer(b0)->l2.l2_len =
|
||||
vnet_buffer(b0)->ip.save_rewrite_length =
|
||||
len0;
|
||||
vnet_buffer(b1)->l2.l2_len =
|
||||
vnet_buffer(b1)->ip.save_rewrite_length =
|
||||
len1;
|
||||
b0->flags |= VNET_BUFFER_F_IS_DVR;
|
||||
b1->flags |= VNET_BUFFER_F_IS_DVR;
|
||||
|
||||
@ -349,7 +353,9 @@ dvr_dpo_inline (vlib_main_t * vm,
|
||||
*/
|
||||
len0 = ((u8*)vlib_buffer_get_current(b0) -
|
||||
(u8*)ethernet_buffer_get_header(b0));
|
||||
vnet_buffer(b0)->l2.l2_len = len0;
|
||||
vnet_buffer(b0)->l2.l2_len =
|
||||
vnet_buffer(b0)->ip.save_rewrite_length =
|
||||
len0;
|
||||
b0->flags |= VNET_BUFFER_F_IS_DVR;
|
||||
vlib_buffer_advance(b0, -len0);
|
||||
|
||||
|
||||
@ -621,6 +621,10 @@ vnet_create_loopback_interface (u32 * sw_if_indexp, u8 * mac_address,
|
||||
{
|
||||
vnet_sw_interface_t *si = vnet_get_hw_sw_interface (vnm, hw_if_index);
|
||||
*sw_if_indexp = si->sw_if_index;
|
||||
|
||||
/* By default don't flood to loopbacks, as packets just keep
|
||||
* coming back ... If this loopback becomes a BVI, we'll change it */
|
||||
si->flood_class = VNET_FLOOD_CLASS_NO_FLOOD;
|
||||
}
|
||||
|
||||
return 0;
|
||||
|
||||
@ -556,11 +556,15 @@ typedef struct
|
||||
|
||||
typedef enum
|
||||
{
|
||||
/* THe BVI interface */
|
||||
VNET_FLOOD_CLASS_BVI,
|
||||
/* Always flood */
|
||||
VNET_FLOOD_CLASS_NORMAL,
|
||||
VNET_FLOOD_CLASS_TUNNEL_MASTER,
|
||||
/* Does not flood when tunnel master is in the same L2 BD */
|
||||
VNET_FLOOD_CLASS_TUNNEL_NORMAL
|
||||
VNET_FLOOD_CLASS_TUNNEL_NORMAL,
|
||||
/* Never flood to this type */
|
||||
VNET_FLOOD_CLASS_NO_FLOOD,
|
||||
} vnet_flood_class_t;
|
||||
|
||||
/* Software-interface. This corresponds to a Ethernet VLAN, ATM vc, a
|
||||
|
||||
@ -36,7 +36,6 @@
|
||||
#include <vnet/fib/fib_table.h>
|
||||
#include <vnet/fib/ip6_fib.h>
|
||||
#include <vnet/plugin/plugin.h>
|
||||
#include <vpp/app/version.h> // Really needed?
|
||||
|
||||
extern vlib_node_registration_t ip4_sixrd_node;
|
||||
|
||||
|
||||
@ -128,38 +128,46 @@ bd_delete (bd_main_t * bdm, u32 bd_index)
|
||||
static void
|
||||
update_flood_count (l2_bridge_domain_t * bd_config)
|
||||
{
|
||||
bd_config->flood_count = vec_len (bd_config->members) -
|
||||
(bd_config->tun_master_count ? bd_config->tun_normal_count : 0);
|
||||
bd_config->flood_count = (vec_len (bd_config->members) -
|
||||
(bd_config->tun_master_count ?
|
||||
bd_config->tun_normal_count : 0));
|
||||
bd_config->flood_count -= bd_config->no_flood_count;
|
||||
}
|
||||
|
||||
void
|
||||
bd_add_member (l2_bridge_domain_t * bd_config, l2_flood_member_t * member)
|
||||
{
|
||||
u32 ix;
|
||||
u32 ix = 0;
|
||||
vnet_sw_interface_t *sw_if = vnet_get_sw_interface
|
||||
(vnet_get_main (), member->sw_if_index);
|
||||
|
||||
/*
|
||||
* Add one element to the vector
|
||||
* vector is ordered [ bvi, normal/tun_masters..., tun_normals... ]
|
||||
* vector is ordered [ bvi, normal/tun_masters..., tun_normals... no_flood]
|
||||
* When flooding, the bvi interface (if present) must be the last member
|
||||
* processed due to how BVI processing can change the packet. To enable
|
||||
* this order, we make the bvi interface the first in the vector and
|
||||
* flooding walks the vector in reverse.
|
||||
* flooding walks the vector in reverse. The flood-count determines where
|
||||
* in the member list to start the walk from.
|
||||
*/
|
||||
switch (sw_if->flood_class)
|
||||
{
|
||||
case VNET_FLOOD_CLASS_NO_FLOOD:
|
||||
bd_config->no_flood_count++;
|
||||
ix = vec_len (bd_config->members);
|
||||
break;
|
||||
case VNET_FLOOD_CLASS_BVI:
|
||||
ix = 0;
|
||||
break;
|
||||
case VNET_FLOOD_CLASS_TUNNEL_MASTER:
|
||||
bd_config->tun_master_count++;
|
||||
/* Fall through */
|
||||
default:
|
||||
/* Fall through */
|
||||
case VNET_FLOOD_CLASS_NORMAL:
|
||||
ix = (member->flags & L2_FLOOD_MEMBER_BVI) ? 0 :
|
||||
vec_len (bd_config->members) - bd_config->tun_normal_count;
|
||||
ix = (vec_len (bd_config->members) -
|
||||
bd_config->tun_normal_count - bd_config->no_flood_count);
|
||||
break;
|
||||
case VNET_FLOOD_CLASS_TUNNEL_NORMAL:
|
||||
ix = vec_len (bd_config->members);
|
||||
ix = (vec_len (bd_config->members) - bd_config->no_flood_count);
|
||||
bd_config->tun_normal_count++;
|
||||
break;
|
||||
}
|
||||
|
||||
@ -78,6 +78,9 @@ typedef struct
|
||||
/* Tunnels (Unicast vxlan) are flooded if there are no masters */
|
||||
u32 tun_normal_count;
|
||||
|
||||
/* Interface on which packets are not flooded */
|
||||
u32 no_flood_count;
|
||||
|
||||
/* hash ip4/ip6 -> mac for arp/nd termination */
|
||||
uword *mac_by_ip4;
|
||||
uword *mac_by_ip6;
|
||||
|
||||
@ -49,6 +49,9 @@ typedef struct
|
||||
/* next node index for the L3 input node of each ethertype */
|
||||
next_by_ethertype_t l3_next;
|
||||
|
||||
/* Next nodes for each feature */
|
||||
u32 feat_next_node_index[32];
|
||||
|
||||
/* convenience variables */
|
||||
vlib_main_t *vlib_main;
|
||||
vnet_main_t *vnet_main;
|
||||
@ -109,7 +112,6 @@ static char *l2fwd_error_strings[] = {
|
||||
typedef enum
|
||||
{
|
||||
L2FWD_NEXT_L2_OUTPUT,
|
||||
L2FWD_NEXT_FLOOD,
|
||||
L2FWD_NEXT_DROP,
|
||||
L2FWD_N_NEXT,
|
||||
} l2fwd_next_t;
|
||||
@ -201,13 +203,13 @@ l2fwd_process (vlib_main_t * vm,
|
||||
if (PREDICT_FALSE (try_flood))
|
||||
{
|
||||
/*
|
||||
* lookup miss, so flood
|
||||
* TODO:replicate packet to each intf in bridge-domain
|
||||
* For now just drop
|
||||
* lookup miss, so flood which is typically the next feature
|
||||
* unless some other feature is inserted before uu_flood
|
||||
*/
|
||||
if (vnet_buffer (b0)->l2.feature_bitmap & L2INPUT_FEAT_UU_FLOOD)
|
||||
{
|
||||
*next0 = L2FWD_NEXT_FLOOD;
|
||||
*next0 = vnet_l2_feature_next (b0, msm->feat_next_node_index,
|
||||
L2INPUT_FEAT_FWD);
|
||||
}
|
||||
else
|
||||
{
|
||||
@ -469,7 +471,6 @@ VLIB_REGISTER_NODE (l2fwd_node,static) = {
|
||||
/* edit / add dispositions here */
|
||||
.next_nodes = {
|
||||
[L2FWD_NEXT_L2_OUTPUT] = "l2-output",
|
||||
[L2FWD_NEXT_FLOOD] = "l2-flood",
|
||||
[L2FWD_NEXT_DROP] = "error-drop",
|
||||
},
|
||||
};
|
||||
@ -483,6 +484,13 @@ VLIB_NODE_FUNCTION_MULTIARCH (l2fwd_node, l2fwd_node_fn)
|
||||
mp->vlib_main = vm;
|
||||
mp->vnet_main = vnet_get_main ();
|
||||
|
||||
/* Initialize the feature next-node indexes */
|
||||
feat_bitmap_init_next_nodes (vm,
|
||||
l2fwd_node.index,
|
||||
L2INPUT_N_FEAT,
|
||||
l2input_get_feat_names (),
|
||||
mp->feat_next_node_index);
|
||||
|
||||
/* init the hash table ptr */
|
||||
mp->mac_table = get_mac_table ();
|
||||
|
||||
|
||||
@ -579,6 +579,8 @@ set_int_l2_mode (vlib_main_t * vm, vnet_main_t * vnet_main, /* */
|
||||
/* undo any BVI-related config */
|
||||
if (bd_config->bvi_sw_if_index == sw_if_index)
|
||||
{
|
||||
vnet_sw_interface_t *si;
|
||||
|
||||
bd_config->bvi_sw_if_index = ~0;
|
||||
config->bvi = 0;
|
||||
|
||||
@ -591,6 +593,10 @@ set_int_l2_mode (vlib_main_t * vm, vnet_main_t * vnet_main, /* */
|
||||
"ethernet-input",
|
||||
VNET_SIMULATED_ETHERNET_TX_NEXT_ETHERNET_INPUT);
|
||||
ASSERT (slot == VNET_SIMULATED_ETHERNET_TX_NEXT_ETHERNET_INPUT);
|
||||
|
||||
/* since this is a no longer BVI interface do not to flood to it */
|
||||
si = vnet_get_sw_interface (vnm, sw_if_index);
|
||||
si->flood_class = VNET_FLOOD_CLASS_NO_FLOOD;
|
||||
}
|
||||
|
||||
/* Clear MACs learned on the interface */
|
||||
@ -673,6 +679,8 @@ set_int_l2_mode (vlib_main_t * vm, vnet_main_t * vnet_main, /* */
|
||||
/* Do BVI interface initializations */
|
||||
if (bvi)
|
||||
{
|
||||
vnet_sw_interface_t *si;
|
||||
|
||||
/* ensure BD has no bvi interface (or replace that one with this??) */
|
||||
if (bd_config->bvi_sw_if_index != ~0)
|
||||
{
|
||||
@ -693,6 +701,10 @@ set_int_l2_mode (vlib_main_t * vm, vnet_main_t * vnet_main, /* */
|
||||
"l2-input",
|
||||
VNET_SIMULATED_ETHERNET_TX_NEXT_ETHERNET_INPUT);
|
||||
ASSERT (slot == VNET_SIMULATED_ETHERNET_TX_NEXT_ETHERNET_INPUT);
|
||||
|
||||
/* since this is a BVI interface we want to flood to it */
|
||||
si = vnet_get_sw_interface (vnm, sw_if_index);
|
||||
si->flood_class = VNET_FLOOD_CLASS_BVI;
|
||||
}
|
||||
|
||||
/* Add interface to bridge-domain flood vector */
|
||||
|
||||
@ -196,7 +196,7 @@ checkstyle: verify-python-path
|
||||
@virtualenv $(PYTHON_VENV_PATH) -p $(PYTHON_INTERP)
|
||||
@bash -c "source $(PYTHON_VENV_PATH)/bin/activate && pip install pycodestyle"
|
||||
@bash -c "source $(PYTHON_VENV_PATH)/bin/activate &&\
|
||||
pycodestyle --show-source --ignore=E126,E241,E226,E305,E704,E741,E722 -v $(WS_ROOT)/test/*.py ||\
|
||||
pycodestyle --show-source --ignore=W504,E126,E241,E226,E305,E704,E741,E722 -v $(WS_ROOT)/test/*.py ||\
|
||||
(echo \"*******************************************************************\" &&\
|
||||
echo \"* Test framework PEP8 compliance check FAILED \" &&\
|
||||
echo \"*******************************************************************\" &&\
|
||||
|
||||
@ -1093,7 +1093,8 @@ class TestACLplugin(VppTestCase):
|
||||
self.logger.info("ACLP_TEST_FINISH_0020")
|
||||
|
||||
def test_0021_udp_deny_port_verify_fragment_deny(self):
|
||||
""" deny single UDPv4/v6, permit ip any, verify non-initial fragment blocked
|
||||
""" deny single UDPv4/v6, permit ip any, verify non-initial fragment
|
||||
blocked
|
||||
"""
|
||||
self.logger.info("ACLP_TEST_START_0021")
|
||||
|
||||
|
||||
@ -346,7 +346,7 @@ class TestIpIrb(VppTestCase):
|
||||
all_rules = []
|
||||
for old_acl in orig_acls:
|
||||
for rule in old_acl.r:
|
||||
all_rules.append(dict(vars(rule)))
|
||||
all_rules.append(dict(rule._asdict()))
|
||||
|
||||
# Add a few ACLs made from shuffled rules
|
||||
shuffle(all_rules)
|
||||
|
||||
@ -568,7 +568,8 @@ class VppPapiProvider(object):
|
||||
'enable': enable})
|
||||
|
||||
def bridge_flags(self, bd_id, is_set, feature_bitmap):
|
||||
"""Enable/disable required feature of the bridge domain with defined ID.
|
||||
"""Enable/disable required feature of the bridge domain with defined
|
||||
ID.
|
||||
|
||||
:param int bd_id: Bridge domain ID.
|
||||
:param int is_set: Set to 1 to enable, set to 0 to disable the feature.
|
||||
|
||||
Reference in New Issue
Block a user