Commit Graph

768 Commits (master)

Author SHA1 Message Date
Naveen Joy 9028203f95 set devstack vpp ver to 2009
Change-Id: I0b9104bd00ecff537a7beb6fa09f99759634c29c
2020-12-03 17:00:48 -08:00
Naveen Joy 8d854a9b19 Updated readme for 2009-rc0
Change-Id: Ia9b85a7307e32f20999b6092ce7b8c122a05fdaa
2020-12-03 16:43:02 -08:00
Zuul 5b9408280e Merge "Fix bug in IPv6 default route setting" 2020-10-21 17:04:52 +00:00
Yichen Wang 2f7b4e574f Fix dump-tags and dump-acls script
Change-Id: I01528cbd5026c36ac22fc6040da3e277528c4c59
2020-10-16 14:13:43 -07:00
Onong Tayeng 41c0220696 Fix bug in IPv6 default route setting
A buggy if check causes the code to attempt setting the IPv6 default
route through an IPv4 gateway causing PAPI to produce the following

    TypeError: object of type 'IPv4Address' has no len()

Change-Id: Ia455cb983f26f171994e45d30ac0575300fdbdb3
Closes-Bug: #1899772
2020-10-14 22:44:54 +05:30
Yichen Wang 5a9c69e211 Fix security group encodings for VPP 20.05
VPP 20.05 changed the API definition of acl_add_replace() and its
macip equivalent.. Fix to support it.

Some tidyups in the way things are constructed.

Change-Id: Ib6c58c46f87b705bd03c38407ad9e6b948687e8b
2020-09-23 10:23:49 -07:00
Zuul cbbad8594a Merge "Remove 'helper' ipaddress functions" 2020-09-23 03:25:06 +00:00
Zuul b28ed55200 Merge "Update MAC typing" 2020-09-22 17:27:42 +00:00
Ian Wells a928175b4c Remove 'helper' ipaddress functions
These date from when ipaddress required unicode input.  That's no
longer true, and these obscure the type information from the
original calls.  Sub in the orginals.

Change-Id: I105661c532b3f9c9919c74d6f1effa156cb2f397
2020-09-22 09:55:50 -07:00
Ian Wells 618457ad76 Update MAC typing
Remove dead function.  Make mac_t and mac_str_t strong types that
require casting to and from; propagate type checking outwards.

Change-Id: If5c82665bdea849d437677b79a08bc967b9f35dd
2020-09-22 16:28:32 +00:00
Ian Wells 0743b98d5c Py3 update to some CLI debug tools
dump_acl_info and dump_tag_info use - should be x.__next__()
or more idiomatically next(x)

Change-Id: Ic99b318900bd9cba6d4c7fcd24357151590542f2
2020-09-22 12:05:38 +00:00
Zuul 64a3192f0a Merge "Simplify _to_acl_rule" 2020-09-22 03:29:44 +00:00
Ian Wells 0ac56f9362 Simplify _to_acl_rule
Change-Id: I07c1bfadc483870990ff875277ef3dab38bf15b5
2020-09-22 03:12:56 +00:00
Ian Wells 584d9fe80f Add strong-type checks on set_interface_ip etc.
These now use ip_interface types to set, list and delete IP addresses.
Calling code has been very lightly touched to make this work, as
we plan on propagating the type change outward from

Change-Id: Ia19ac1b1e478e310737be462ba5733ebc26b16bf
2020-09-22 03:11:29 +00:00
Zuul e56319a0d4 Merge "Improve SNAT add/clear function typing" 2020-09-22 02:08:10 +00:00
Onong Tayeng bcd6734f23 vxlan-gpe: no data flow across compute nodes due to incorrect lisp remote-mapping
The remote locator's IP address is not programmed correctly in VPP
which implies that the l3 underlay network is effectively broken and
no communication is possible across compute nodes.

Refactoring included: push the construction of VPP-specific data
structures into and make the call parameters more neutral.

Change-Id: Id12c6b1ce226dd65a7fe88e0d4044c44149db3c1
Closes-Bug: #1892765
2020-09-21 15:58:46 +00:00
Ian Wells 63dfd779be Improve SNAT add/clear function typing
Apply the rules for the boundary to ipaddress types only.

Change-Id: I092bc5a18f7f6185a030b96d7a0a2ba6858cdb52
2020-09-21 15:56:37 +00:00
Ian Wells a54e1f4904 Add typing to macip ACL fetching
We're still using PAPI's return, but we assign a type to it which
makes it explicit what we're getting and what callers can do with it.

'get_macip_acl_dumo' is a redundant and cumbersome name; _dump is
more PAPI parlance, so I went with get_macip_acls.

Removed the proxy function, it only makes things less clear.

Change-Id: Ib9d9a888d734ef7f8fbe23475c04ac75029014cd
2020-09-18 09:38:15 -07:00
Ian Wells 016b502430 Increase type checking of has a lot of functions in, not all of which have signatures,
so we can't go full-on with type checking, but we can at least make it
check the bodies of all its functions.

Note the spot where bvi_if_idx can be None ('not found') - the checks
would rule out 0 (valid ifidx) and in some cases aren't made (go do
things with None that are unacceptable).  All patched up.

Change-Id: Ib90d3e3e141379ec1729dc8218e0be687b95069e
2020-09-17 21:10:05 -07:00
Ian Wells 7dab91ba7c Add type annotations in
Change-Id: I9a3028c479030c24b41e51916b150f76f622b96f
2020-09-18 00:14:28 +00:00
Zuul a7f5e636d6 Merge "Tidy up removing of local IPs" 2020-09-17 22:15:17 +00:00
Ian Wells 1f5d46fead Tidy up removing of local IPs
Refactored code.  It makes a list of IPs, but the list is length 1
or 0.

Change-Id: If0fb851d934837af3ec8cefe76aa9f6d8cee974f
2020-09-17 22:02:44 +00:00
Ian Wells 353635e529 Tidy up vhost watcher code
It's hard to typecheck in its current form, but it also uses 'file'
(conventionally a module) as a variable name.  Slight rework without
functional change, should be possible to eyeball the result and agree
nothing significant has changed here.

Change-Id: I6dda9115f6777a2ad0876bb42370c2bb6830a640
2020-09-17 21:56:51 +00:00
Zuul b3fa7274dc Merge "Fix _delete_external_subinterface" 2020-09-17 21:07:03 +00:00
Zuul 0d0347ca16 Merge "Fix all bool calls to vpp" 2020-09-17 21:07:02 +00:00
Ian Wells 987fa4e1e3 Fix _delete_external_subinterface
Looks like when we created this call was not
properly converted from a get(), and so the network is not correctly

Change-Id: If27cacbb921c6b3a1dc1241e8a19b71c4974327b
2020-09-17 20:44:01 +00:00
Ian Wells f5df1c451b Fix an ifidx!=0 test
loopback_idx == 0 is a valid possiblility, so a test should have read
loopback_idx is not None (i.e. there is no loopback interface).
However, the mocking in the test repo thinks that that 'None' return
value should actually be 'False', which means that correcting the check
in the code breaks the test.

Change-Id: I05310b0547248b364778409e518fc25db792ccf7
2020-09-17 20:43:14 +00:00
Ian Wells c35dabafa7 Fix all bool calls to vpp wants True/False now, not 1/0, for its flags.  Fix calls.

Change-Id: I5c94a576a21ff7dc9f89f7e6b20cc001d9718a55
2020-09-17 20:42:23 +00:00
Ian Wells 186fcb6aba Add mypy version constraint
Change-Id: I0580ad6b021b192e13d6d26e8d94a8ccb10739f8
2020-09-14 18:22:44 -07:00
Ian Wells f807426026 Convert all type annotation in to py3
Typing strengthening in

- all functions have py3-style type signatures
  (highlighting inconsistencies in typing)
- Some types added to emphasise where the data has a
  type (e.g. int -> *_idx_t for a lot of the object indices since
  they are not convertible with ints or each other; some less
  strict types where we should be looking at NamedTuple types;
  address types; etc.)
- callers altered where necessary (most are not strictly checked enough
  to notice, since types are only checked in functions with signatures)

Since this file is called by others but does not call out,
this is a fine place to get type-strength started in the VPP code.

Change-Id: I8a266de84e260506e3c4c5340472c0c26e2d0542
2020-09-14 18:22:44 -07:00
Zuul 1ae59d0651 Merge "vxlan-gpe: lisp l2 arp entry fails to delete" 2020-09-12 01:10:22 +00:00
Zuul 4264afe09d Merge "Fix ACLs for fragmentation packets" 2020-09-12 01:02:30 +00:00
Zuul d6a16e01f2 Merge "vxlan-gpe: fix for remote-mapping creation failure" 2020-09-12 01:02:29 +00:00
Zuul 82ca06264c Merge "create_vhost_user_if no longer needs mac param" 2020-09-12 00:56:04 +00:00
Zuul 67ccf3fd03 Merge "vxlan-gpe: packet drop due to incorrect lisp local eid" 2020-09-12 00:54:26 +00:00
Zuul 75f42be2c0 Merge "vxlan-gpe: fix failure to delete lisp remote eid mapping" 2020-09-12 00:54:25 +00:00
Zuul 26f50a1c0d Merge "vxlan-gpe: no data flow across compute nodes due to incorrect l2 arp entries" 2020-09-12 00:47:36 +00:00
Zuul a90600a459 Merge "vxlan-gpe: fix lisp l2 arp entry cleanup failure" 2020-09-12 00:43:52 +00:00
Onong Tayeng 009afc36f6 vxlan-gpe: lisp l2 arp entry fails to delete
When the gpe listener receives a gpe port delete event from etcd, it
deletes the remote mapping entry for the port as well the lisp l2
arp entry. Before deleting the l2 arp entry, it checks for the
existence of the entry in VPP. This check fails because the IP address
returned by PAPI is the Python IPv4Address object whereas the gpe
listener expects the binary address.

Change-Id: I3935daf12c5b96fad56c46c970580582ad47f8a4
Closes-Bug: #1893766
2020-09-01 17:10:37 +05:30
Onong Tayeng 4f114a382d vxlan-gpe: fix for remote-mapping creation failure
As part of a port binding the agent also checks and creates the gpe
remote-mappings for all the ports for which such a mapping does not
exist. But an incorrect regex match leads to failure in creation of
the remote-mappings. This patch fixes it.

Change-Id: I0c9e0deb98072789873bea20726dfa0cc80c7b6a
Closes-Bug: #1893201
2020-08-31 15:27:36 +05:30
Onong Tayeng 86e1812553 create_vhost_user_if no longer needs mac param
The create_vhost_user_if API assigns a random mac to the newly created
vhostuser interface so no need to supply a mac param anymore.

Change-Id: Ie0a8cae4e6870cf6dd5d33314b993942025fa155
2020-08-27 16:09:08 +05:30
Onong Tayeng 74c100a73c vxlan-gpe: packet drop due to incorrect lisp local eid
Instead of the local VM's mac, the vhostuser interface's mac is
programmed as lisp local eid in VPP. This causes VPP to drop outgoing
packets effectively ensuring that no communication can happen between
VMs across compute nodes.

Change-Id: I786888793bb474802b0294f5b3fd73c2507ad147
Closes-Bug: #1892766
2020-08-27 14:05:03 +05:30
Onong Tayeng 5d4f0ab541 vxlan-gpe: fix failure to delete lisp remote eid mapping
When agent is restarted, it re-creates its in-memory remote eid
mappings by querying VPP which results in the mac field containing
the new PAPI MACAddress object instead of string. This causes the

Change-Id: I303cdf3e51a2fc38c5cddfb03643ba6493503846
CLoses-Bug: #1892862
2020-08-25 17:44:56 +05:30
Onong Tayeng c061fe9fd7 vxlan-gpe: no data flow across compute nodes due to incorrect l2 arp entries
Instead of the VM's mac, the vhostuser interface's mac is programmed
as the remote VM's l2 arp entry in VPP. This effectively ensures that
no communication can happen between VMs running on separate compute

Change-Id: Ib703ae543421b4555c9ecc6b0d52ef34bd45b6f3
Closes-Bug: #1892762
2020-08-25 14:02:23 +05:30
Onong Tayeng 04e56086ff vxlan-gpe: fix agent crash due to lisp_add_del_local_eid API call failure
Before trying to add a new lisp local eid in VPP, ML2 agent
checks against the in-memory map of local eids. But when the agent
is restarted, it builds the map of local eids by querying VPP. This
results in the in-memory map to contain MACAddress object from PAPI
instead of a string. This causes the check to fail and the attempt
to create the local eid fails causing the agent to crash.

Change-Id: Ib342260407100f6aa3e53a531f2130be9d4a9d83
Closes-Bug: #1892749
2020-08-24 21:10:44 +05:30
Onong Tayeng 53e59cf786 vxlan-gpe: fix lisp l2 arp entry cleanup failure
During deletion of a gpe port, the cleanup of the l2 arp entry fails.
This happens because PAPI returns the mac address as the new
MACAddress object whereas ML2 agent assumes it to be a string.

Change-Id: I46a132fe5aa4b6505bbb3479a9ced2b38df3a46b
Closes-Bug: #1892700
2020-08-24 17:56:58 +05:30
Yichen Wang feba991613 Fix ACLs for fragmentation packets
First noticed with ICMPv6, there's an 'implicit' ACL that
matches later parts fragments of fragmented packets which reflects
the first (permit *or* deny) ACL added for a specific traffic type.

The match is conducted on what's in the fragmented packet - source
and destination address, protocol - but cannot match things like ports
because fragmentation is at the IP level where ports don't exist.

What we're seeing is that the first rule for some types of traffic is
a deny, and it dictates fragmentation filtering.  We change this to
ensure that there's a permit first so that all fragments are unfiltered.

Change-Id: I097401d2ef91632390fab43f3e7194124af1b1a4
2020-08-18 13:06:24 -07:00
Ian Wells 8027ba0ad7 Use AFTER_SPAWN not AFTER_INIT in Neutron to start watcher
We want one additional thread in Neutron for the return worker,
and we really only need one additional thread per formward worker.

When we have multiple threads (with AFTER_INIT) this seems to be
upsetting the process of port binding, particularly on router and
DHCP ports, because of the multiple almost simultaneous binding
messages that trigger in the herd of threads.

Change-Id: I68dbd02b8a235b128779357d4bf3df26b5bf604a
2020-08-03 20:48:16 +00:00
Ian Wells b0d9a2d98f Remove unused binary_type function
Change-Id: Ie73b7d6264681c86a987e581bc88dfab8c1a0ddf
2020-07-31 00:10:57 +00:00
Onong Tayeng 4ce2dfda4a cleanup asynchronous event related code
ML2 agent uses synchronous mode API calls and it does not solicit
any async notifications/events from VPP. Making the following

1. Set async_thread=False so that PAPI does not spawn the
   background thread for async msg handling.
2. Remove the asynchronous event handling code.
3. Remove the threading.Lock which was required for the
   asynchronous event handling thread.

Change-Id: I21ace1bc4982a8e557893d3d2d5e785906d74e1d
2020-07-29 01:32:42 +00:00