Vladimir Ratnikov [Sat, 21 Dec 2019 11:27:52 +0000 (06:27 -0500)]
ip: more detailed show reassembly commands
Options like:
expire_walk_interval_ms,max_reassemblies,timeout_ms
can be configured via API, but it's impossible to
check them using vppctl, but this can be a useful
feature
Type: feature
Signed-off-by: Vladimir Ratnikov <vratnikov@netgate.com>
Change-Id: Iac8a96201a7a70b82e9852edc89b819c5d451a58
Matthew Smith [Wed, 5 Feb 2020 17:46:40 +0000 (11:46 -0600)]
ip6: fix l4 checksum with hop-by-hop header
L4 checksums for IPv6 should be calculated using a pseudo header that
includes the source/destination addresses, payload length, and payload
protocol.
ip6_tcp_udp_icmp_compute_checksum() was using the payload length and
protocol from the IPv6 header. If there is a hop-by-hop header (or any
other extension header), the payload length used for the pseudo header
should only include the upper layer header and payload and not the
extension header bytes. Same deal with the protocol, the upper layer
next header value should be used instead of the extension header.
Type: fix
Fixes:
cb9cadad57
Change-Id: Ifa2c9ad41c0fc4eea674f0671255b637c8e01f71
Signed-off-by: Matthew Smith <mgsmith@netgate.com>
Andrew Yourtchenko [Fri, 7 Feb 2020 11:58:00 +0000 (12:58 +0100)]
misc: fix the MAKE_PARALLEL_JOBS for 'make verify' target
MAKE_PARALLEL_JOBS was prepending "-j", which in case of nested targets like "verify"
resulted in ninja being executed with "-j -j" flags.
Solution: prepend -j only at the moment of setting the MAKE_PARALLEL_FLAGS variable,
this keeps MAKE_PARALLEL_JOBS intact regardless of depth of the job call tree.
Type: make
Signed-off-by: Andrew Yourtchenko <ayourtch@gmail.com>
Change-Id: I10a69fe527758e5a862852a9f2102aeaca30e88f
Dave Wallace [Fri, 7 Feb 2020 22:55:53 +0000 (17:55 -0500)]
tests: skip extended quic tests under development
Type: test
Signed-off-by: Dave Wallace <dwallacelf@gmail.com>
Change-Id: I05c464311e98d149f7bc06aa801fd8aefda1959e
Signed-off-by: Dave Wallace <dwallacelf@gmail.com>
Dave Wallace [Mon, 27 Jan 2020 23:21:15 +0000 (18:21 -0500)]
quic: update config values for large stream tests
- Update vpp and vpp_echo parameters to enable
large data stream tests to pass.
- Standardize stream size nomenclature.
Type: fix
Change-Id: I929ac9f43ecfccf2c3c3fe4d076761154512fac5
Signed-off-by: Dave Wallace <dwallacelf@gmail.com>
Ed Kern [Wed, 5 Feb 2020 22:45:26 +0000 (15:45 -0700)]
build: Makefile dep change for ubuntu
Alter dep name and location for ubuntu-20 package naming
Dropping 14.04 support while keeping 16.04 and 18.04
Dropping python2-dev for ubuntu-20
Type: make
Change-Id: I324aa646cdb6e13d39b7a99722857e59906b0843
Signed-off-by: Ed Kern <ejk@cisco.com>
Benoît Ganne [Tue, 4 Feb 2020 15:45:09 +0000 (16:45 +0100)]
fib: fix non-NULL terminated vectors in cli output
Type: fix
Change-Id: Idbb3f29b13a5c84a8585c4299e51fdfc35f7e1ad
Signed-off-by: Benoît Ganne <bganne@cisco.com>
Ole Troan [Tue, 4 Feb 2020 12:28:13 +0000 (13:28 +0100)]
tests: support python 3.8
Make test framework python3 version independence.
Type: fix
Signed-off-by: Ole Troan <ot@cisco.com>
Change-Id: I1ef1eb77b6c1f422ebc4dad0818f87c8e587b34b
Benoît Ganne [Fri, 7 Feb 2020 10:59:32 +0000 (11:59 +0100)]
svm: use default SVM address in fifo unit tests
Using random addresses can confuse AddressSanitizer
Type: fix
Change-Id: I44368093f899672ac4d511cc5a01ed87c988e63a
Signed-off-by: Benoît Ganne <bganne@cisco.com>
MathiasRaoul [Fri, 7 Feb 2020 09:42:38 +0000 (09:42 +0000)]
quic: fix coverity warning
Type: fix
Change-Id: I24aac10a2943151d5b2fe96a0dff1c5beb7340b9
Signed-off-by: MathiasRaoul <mathias.raoul@gmail.com>
Benoît Ganne [Fri, 7 Feb 2020 10:58:16 +0000 (11:58 +0100)]
misc: address sanitizer: fix vm instrumentation
Type: fix
Change-Id: Ifd61c0683c85fe7340965c225ed23e46ec88e01a
Signed-off-by: Benoît Ganne <bganne@cisco.com>
Filip Varga [Thu, 6 Feb 2020 14:25:27 +0000 (15:25 +0100)]
nat: api & cli command for forcing session cleanup
Ticket: VPP-1836
Type: feature
Signed-off-by: Filip Varga <fivarga@cisco.com>
Change-Id: I8f7fc011bac435445a8916a4948d130ca9162f67
Florin Coras [Tue, 4 Feb 2020 17:48:20 +0000 (17:48 +0000)]
hsa: proxy wnd update only if enough space is available
Type: fix
Signed-off-by: Florin Coras <fcoras@cisco.com>
Change-Id: I2874d3afbf4cc89209b605c35ca4a5bc5b6868b3
Dave Barach [Wed, 5 Feb 2020 22:31:09 +0000 (17:31 -0500)]
vlib: add plugin override support
Allow a plugin to override (suppress loading of) other plugins. This
mechanism allows a developer to prevent specific plugins from being
loaded.
To do so, provide an "overrides" list in the plugin definition:
VLIB_PLUGIN_REGISTER () =
{
<snip>
.overrides = "avf_plugin.so,ioam_plugin.so,dpdk_plugin.so",
};
or some such. Simply list the plugins in question as shown above. The
.overrides structure member is limited to 256 octets. The named .elf
section mechanism used to discover the vlib_plugin_registration_t's
precludes the use of a variable-length array of strings.
Use the vlib log to eliminate plugin and built-in vat plugin loader
console spew.
Added vlib_log_register_class_rate_limit(...) to allow procedural
configuration of the log rate-limit. We *never* want to rate-limit
plugin loader messages.
Type: feature
Signed-off-by: Dave Barach <dave@barachs.net>
Change-Id: I0a9327b8cf5508482f057342783252112cb44170
Florin Coras [Mon, 3 Feb 2020 16:00:56 +0000 (16:00 +0000)]
vcl: fix session closing error
Type: fix
Signed-off-by: Florin Coras <fcoras@cisco.com>
Change-Id: I94f1365569e98d43486d9528faafc6d7c3ad88f7
MathiasRaoul [Thu, 6 Feb 2020 10:31:03 +0000 (10:31 +0000)]
quic: fix coverity warning
Type: fix
Change-Id: I7299b3b0a6d32c1cbe213dc1aadb8260cdec8062
Signed-off-by: MathiasRaoul <mathias.raoul@gmail.com>
Andrew Yourtchenko [Fri, 24 Jan 2020 11:50:43 +0000 (12:50 +0100)]
misc: VPP 20.01 Release Notes
Type: docs
Change-Id: Iee518fbb9c72716cc90a3ea8efbf3ecbaa969a84
Signed-off-by: Andrew Yourtchenko <ayourtch@gmail.com>
(cherry picked from commit
fce396738f865293f0a023bc7f172086f81da456)
Dave Barach [Tue, 21 Jan 2020 17:34:55 +0000 (12:34 -0500)]
vppinfra: numa vector placement support
Type: feature
Signed-off-by: Dave Barach <dave@barachs.net>
Change-Id: I7e7d95a089dd849c1f01ecea84529d8dbf239f21
Ed Kern [Wed, 5 Feb 2020 15:30:00 +0000 (08:30 -0700)]
build: Makefile dep change
Alter dep name and location for centos-8 package naming
Change-Id: I50eb702d0541b658ea98fd3f190ba0de60c3fc49
Type: make
Signed-off-by: Ed Kern <ejk@cisco.com>
Ole Troan [Thu, 19 Dec 2019 10:55:54 +0000 (11:55 +0100)]
nat: move dslite to separate sub-plugin
Type: refactor
Change-Id: If3d9f16f3a06c10b354f1eef674e8db5f3c44de7
Signed-off-by: Ole Troan <ot@cisco.com>
Vladimir Isaev [Tue, 4 Feb 2020 08:54:27 +0000 (11:54 +0300)]
stats: fix state counter removal
Avoid using vec_del1() for directory vector to keep indexes valid all
the time.
There are state counters for each slave in LACP bond mode which can be
dynamically created and removed. Vector index is used to access these
counters. But also vec_del1() is used to remove counter from vector.
This function changes the index of the last element, so after this we
are unable to access ex-last element using old index.
As a result it is not possible to add-del-add two interfaces to the LACP
bond:
DBGvpp# create bond mode lacp
BondEthernet0
DBGvpp# create packet-generator interface pg1
DBGvpp# create packet-generator interface pg2
DBGvpp# bond add BondEthernet0 pg1
DBGvpp# bond add BondEthernet0 pg2
DBGvpp# bond del pg1
DBGvpp# bond del pg2
DBGvpp# bond add BondEthernet0 pg1
DBGvpp# bond add BondEthernet0 pg2
bond add: /if/lacp/1/3/partner-state is already register
Type: fix
Signed-off-by: Vladimir Isaev <visaev@netgate.com>
Change-Id: I2c86e13905eefdef6233369cd4ab5c1b53d123bd
Chenmin Sun [Tue, 14 Jan 2020 00:47:22 +0000 (08:47 +0800)]
api: fix vl_api_clnt_node process stack overflow
Type: fix
Some simple settings(e.g. bringing up an i40e/ice interface) through
vnat consume more than the currently available stack space.
This root cause of this issue is same with commit
b2dbb36fc265b8996fc7fa310dda447d5b0479cb "vlib: fix startup-config \
-process stack overflow" and commit
2fd44a00aa26188ca75f0accd734f2 \
1758c199bf "vlib: fix cli process stack overflow"
Signed-off-by: Chenmin Sun <chenmin.sun@intel.com>
Change-Id: I312e4fed96a679aa68b859e28a90a2a4b6eb0c6e
John Lo [Sat, 1 Feb 2020 04:48:30 +0000 (23:48 -0500)]
ipsec: set l2_len for GRE-TEB tunnel decap
Type: fix
Ticket: VPP-1831
Signed-off-by: John Lo <loj@cisco.com>
Change-Id: I655964b22021ac38cbced577091a1156286d4fd6
Dave Barach [Tue, 4 Feb 2020 21:10:17 +0000 (16:10 -0500)]
vppinfra: deal with 0 return from os_cpu_clock_frequency()
Sporadic reports of os_cpu_clock_frequency() returning 0.0 in highly
parallel container environments.
To avoid immediate division by zero:
Step 1: try estimate_clock_frequency(1e-3).
Step 2: give up. Pretend we have a 2gHz clock.
Type: fix
Signed-off-by: Dave Barach <dave@barachs.net>
Change-Id: I19d0fe5259b757ab778599c7026ce485153b43fa
Haggai Eran [Tue, 4 Feb 2020 12:32:19 +0000 (14:32 +0200)]
dpdk: use port_id as interface name suffix for representors
Type: feature
Representor devices include a port ID as part of their switch_info struct, and
it is helpful to use that in the interface name.
Signed-off-by: Haggai Eran <haggai.eran@gmail.com>
Change-Id: Id24627e7daf857f8b0e8ace2f592c098678081c7
Haggai Eran [Tue, 4 Feb 2020 12:09:04 +0000 (14:09 +0200)]
dpdk: output switch information
Type: feature
Output DPDK switch information to allow finding out which DPDK ports are
associated with which DPDK representor ports.
Signed-off-by: Haggai Eran <haggai.eran@gmail.com>
Change-Id: I612cbd5a97e04787eca13423f53c7283d5945e37
Mohsin Kazmi [Tue, 4 Feb 2020 10:36:17 +0000 (11:36 +0100)]
misc: add new type for commit message
Type: style
Change-Id: Ibfa8bd1c0987fd2a5050be6c454f665666eb0210
Signed-off-by: Mohsin Kazmi <sykazmi@cisco.com>
Florin Coras [Tue, 4 Feb 2020 19:04:34 +0000 (19:04 +0000)]
vcl: switch to closed state after app close
Type: fix
Signed-off-by: Florin Coras <fcoras@cisco.com>
Change-Id: I851db474538de76d5f70dd6d6f83a6487a5a02bd
Filip Varga [Mon, 3 Feb 2020 11:14:29 +0000 (12:14 +0100)]
nat: pool allocation function fix
Type: fix
Change-Id: I75b20db66fb58e1724a212253c51315836079f4b
Signed-off-by: Filip Varga <fivarga@cisco.com>
Ole Troan [Tue, 4 Feb 2020 08:12:00 +0000 (09:12 +0100)]
vppapigen: fix options representation
Type: fix
Signed-off-by: Ole Troan <ot@cisco.com>
Change-Id: Ief77110160120ea0e1291cc79949a73404cdbfda
Steven Luong [Wed, 8 Jan 2020 18:25:52 +0000 (10:25 -0800)]
virtio: update FEATURE.yaml to include description for vhost-user
Add features supported by vhost-user
Type: docs
Signed-off-by: Steven Luong <sluong@cisco.com>
Change-Id: Iba4c5244c40324b603e2803ade8ecc0816326de8
Neale Ranns [Mon, 3 Feb 2020 10:55:09 +0000 (10:55 +0000)]
teib: Rename NHRP to TEIB
Type: refactor
The Tunnel Endpoint Informatiob Base (TEIB) is a better
description of what it is (a mapping between tunnel endpoint
address, in the overlay, and next-hop address, in the underlay)
whereas NHRP is one instanc eof a control protocol that might add
such endpoints.
Signed-off-by: Neale Ranns <nranns@cisco.com>
Change-Id: Idcb2ad0b6543d3e5d9f6e96f9d14dafb5ce2aa85
Matthew Smith [Fri, 31 Jan 2020 21:39:21 +0000 (15:39 -0600)]
dpdk: patch ixgbe driver to solve race condition
Type: fix
Some fiber ports that are managed by the ixgbe PMD have the
possibility to get into a state where link can never be brought up.
This patch should fix it and will be submitted to upstream DPDK.
Change-Id: Ia4d0df2e70d098b2151e513b96e8bd742151e8ce
Signed-off-by: Matthew Smith <mgsmith@netgate.com>
Alexander Chernavin [Fri, 31 Jan 2020 14:19:49 +0000 (09:19 -0500)]
ip: translate fragmented icmp to fragmented icmp6
The first translated ICMPv6 packet of a fragmented ICMP message does
not have a IPv6 fragment header. All subsequent have.
With this commit, add a IPv6 fragment header to the first translated
ICMPv6 packet.
Type: fix
Change-Id: Id89409ce7273cbeed801e2e18a09d3e7c3c4e4bc
Signed-off-by: Alexander Chernavin <achernavin@netgate.com>
Dave Barach [Mon, 3 Feb 2020 16:57:41 +0000 (11:57 -0500)]
vppinfra: fix typo in tw_timer_template.c
Fix minor memory leak
Type: fix
Ticket: VPP-1833
Fixes:
4af9ba1dab
Signed-off-by: Dave Barach <dave@barachs.net>
Change-Id: Id10fba70471ca78f73f14146054f6b12c5d4431f
Yu Ping [Mon, 20 Jan 2020 21:07:30 +0000 (05:07 +0800)]
tls: refactor for tls async event handling
Type: refactor
Make sure one tls ctx has one event availble
Thus ctx has the same life time with event, which can simplify the
management.
Change-Id: I1f4240e7316025d81bb97644946ffa399c00cd76
Signed-off-by: Yu Ping <ping.yu@intel.com>
Steven Luong [Thu, 30 Jan 2020 23:18:45 +0000 (15:18 -0800)]
virtio: vhost gso is broken in some topology
Recent modification added a call to vnet_gso_header_offset_parser in the
beginning of vhost_user_handle_tx_offload. The former routine may set tcp or
udp->checksum to 0. While it is appropriate to set it to 0 for the GSO packet,
it is broken and causes checksum error if the aformentiooned routine is called
by a non-GSO packet. The fix is to not call vhost_user_handle_tx_offload
if the buffer does not indicate checksum offload is needed.
Type: fix
Signed-off-by: Steven Luong <sluong@cisco.com>
Change-Id: I6e699d7a40b7887ff149cd8f77e8f0fa9374ef19
Neale Ranns [Mon, 3 Feb 2020 10:33:51 +0000 (10:33 +0000)]
fib: invalid check for adj types.
Type: fix
coverity found invalid logic.
Change-Id: Ic9144ac805a4e5a18aa299794fedda044dcb65fe
Signed-off-by: Neale Ranns <nranns@cisco.com>
Steven Luong [Thu, 30 Jan 2020 17:11:18 +0000 (09:11 -0800)]
fib: refresh adj pointer after fib_walk_sync due to possible realloc
fib_walk_sync may call adj_alloc which may cause adj_pool to expand. When
that happens, any previous frame which still use the old adj pointer needs to
refresh. Failure to do so may access or update to the old adj memory
unintentionally and crash mysteriously.
Type: fix
Ticket: VPPSUPP-54
Signed-off-by: Steven Luong <sluong@cisco.com>
Change-Id: I173dec4c5ce81c6e26c4fe011b894a7345901b24
Vratko Polak [Fri, 31 Jan 2020 19:43:33 +0000 (20:43 +0100)]
gre: improve .api descriptions
+ Remove fields not present in the typedef.
+ Sort field descriptions by the order in the typedef.
+ Add descriptions to other messages.
+ Add comment lines with de-abbreviated enum values.
Type: style
Change-Id: I2c41e0204ba5c59a53f1cf7b5837118484a16ad0
Signed-off-by: Vratko Polak <vrpolak@cisco.com>
Vratko Polak [Fri, 31 Jan 2020 18:21:25 +0000 (19:21 +0100)]
gre: add missing .api edits
The previous edit has added a new field to a typedef.
That change is backward-compatible for PAPI users,
but not backward compatible for direct binary API users.
This change adds two edits that should have been there already:
+ Copyright year bump.
+ API version bump.
- PAPI users point of view, so bumping minor version only.
Type: fix
Fixes:
e5b94dded0dfd7258d5fd0f4ef897d9ccb48715b
Change-Id: Ib85f457254e38a8e5999a078855848e6a5cfda13
Signed-off-by: Vratko Polak <vrpolak@cisco.com>
Dave Barach [Fri, 31 Jan 2020 20:38:28 +0000 (15:38 -0500)]
vppinfra: write up clib_time_t
Describe the clock rate adjustment algorithm in detail
Type: docs
Signed-off-by: Dave Barach <dave@barachs.net>
Change-Id: I5bcab18efafe05cd1db9a4b01ce6a6ba66e383fa
Florin Coras [Fri, 31 Jan 2020 16:28:02 +0000 (08:28 -0800)]
session: fix chunk batch alloc for large fifos
Type: fix
Change-Id: Ibfac65b516f20d25d91f6d0cf86491353811b8be
Signed-off-by: Florin Coras <fcoras@cisco.com>
MathiasRaoul [Thu, 9 Jan 2020 14:50:53 +0000 (14:50 +0000)]
quic: quicly crypto offloading
- Implement our own quic packet allocator to allocate more memory at the end of the
packet to store crypto offloading related data
- 1RTT packets offloading encryption/decryption using vnet crypto
- Add cli to change max packet per key
Type: feature
Change-Id: I7557fd457d7ba492329d5d8ed192509cbd727f9c
Signed-off-by: MathiasRaoul <mathias.raoul@gmail.com>
Damjan Marion [Fri, 31 Jan 2020 09:24:07 +0000 (10:24 +0100)]
crypto-native: add ARMv8 AES-CBC implementation
Type: feature
Change-Id: I32256061b9509880eec843db2f918879cdafbe47
Signed-off-by: Damjan Marion <dmarion@me.com>
MathiasRaoul [Fri, 31 Jan 2020 10:48:40 +0000 (10:48 +0000)]
quic: update quicly to v0.0.10-vpp
Type: feature
Signed-off-by: MathiasRaoul <mathias.raoul@gmail.com>
Change-Id: I5452f8bbd0ff9e2a57f7bd7d134a8824efa5f30a
Damjan Marion [Thu, 30 Jan 2020 14:46:23 +0000 (15:46 +0100)]
crypto-native: refactor AES code
- use neutral types in preparation for ARMv8 support
- simplify x86 key extraction support
Type: refactor
Change-Id: I947eb37b8c9d9ee6909bb32ef14c4de192d40a46
Signed-off-by: Damjan Marion <damarion@cisco.com>
Damjan Marion [Thu, 30 Jan 2020 19:47:37 +0000 (20:47 +0100)]
misc: deprecate dpdk hqos
Not in functional state for a long time ...
Type: refactor
Change-Id: I2cc1525a6d49518cbc94faf6afbf0d2d0d515f56
Signed-off-by: Damjan Marion <damarion@cisco.com>
Damjan Marion [Thu, 30 Jan 2020 19:39:58 +0000 (20:39 +0100)]
misc: deprecate netmap and ixge drivers
Both are out of sync for long time...
Type: refactor
Change-Id: I7de3170d35330fc172501d87655dfef91998b8fe
Signed-off-by: Damjan Marion <damarion@cisco.com>
Jon Loeliger [Thu, 30 Jan 2020 16:54:58 +0000 (10:54 -0600)]
map: Add several more MAP-T BR tests
Add several more MAP-T BR tests for normal packet flow.
Type: test
Change-Id: Ica880dd23c923795279e9d08dca2796f2925069a
Signed-off-by: Jon Loeliger <jdl@netgate.com>
Dave Barach [Wed, 29 Jan 2020 23:05:24 +0000 (18:05 -0500)]
vppinfra: improve clocks_per_second convergence
Apply exponential smoothing to the clock rate update calculation in
clib_time_verify_frequency(), with a half-life of 1 minute and a
sampling frequency of 16 seconds. Within 5 minutes or so, the
calculation converges
With each rate recalculation: reset total_cpu_time based on the kernel
timebase delta since vpp started, and the new clock rate
Improve the "show clock [verbose]" debug CLI command.
BFD echo + echo fail tests marked off until the BFD code can be
reworked a bit.
Type: fix
Signed-off-by: Dave Barach <dave@barachs.net>
Change-Id: I24e88a78819b12867736c875067b386ef6115c5c
Mohsin Kazmi [Thu, 30 Jan 2020 15:08:08 +0000 (16:08 +0100)]
tap: fix host mtu configuration setting
host mtu can't be set if tap interface is in namespace.
This patch fixes this issue.
Type: fix
Change-Id: I63811c4b56c708fe708061a8afbaec41994f08ca
Signed-off-by: Mohsin Kazmi <sykazmi@cisco.com>
Mohsin Kazmi [Thu, 30 Jan 2020 12:36:02 +0000 (13:36 +0100)]
tap: fix the host mac address
Tap configuration code sets the host mac address
two time. This patch fixes it.
Type: fix
Change-Id: I7bebb9b7f25352a8a9a98bae6a0636757c0cea9c
Signed-off-by: Mohsin Kazmi <sykazmi@cisco.com>
Damjan Marion [Thu, 30 Jan 2020 20:18:39 +0000 (21:18 +0100)]
misc: move configs to extras/configs
Type: refactor
Change-Id: I64665b290e2c42bbd9b0e877e9e4b028090b0ede
Signed-off-by: Damjan Marion <damarion@cisco.com>
Paul Vinciguerra [Thu, 30 Jan 2020 17:49:20 +0000 (12:49 -0500)]
fib: fix typos in doxygen
cleaned up some trivial typo's while reading through adj.h
Type: docs
Change-Id: I1b6cd815dc10ed3da8db2024b3e015e076235d50
Signed-off-by: Paul Vinciguerra <pvinci@vinciconsulting.com>
Neale Ranns [Tue, 31 Dec 2019 05:13:14 +0000 (05:13 +0000)]
gre: Tunnel encap/decap flags
Type: feature
common funcitons across IP-in-IP and GRE tunnels for encap/decap
functions
Signed-off-by: Neale Ranns <nranns@cisco.com>
Change-Id: I325b66824878d843af167adfe5a7a96b0ab90566
Florin Coras [Mon, 28 Oct 2019 20:14:17 +0000 (13:14 -0700)]
vcl session: propagate cleanup notifications to apps
Type: feature
Change-Id: I7f8e3763d7f8364563a25d0fcc782976b906b325
Signed-off-by: Florin Coras <fcoras@cisco.com>
Paul Vinciguerra [Tue, 28 Jan 2020 18:00:05 +0000 (13:00 -0500)]
vppapigen: update markdown documentation
- Add newly added typedefs.
- Update string examples.
Change-Id: I1e7ee7cbf5901ba97302472521bf1f42a14765ea
Type: docs
Signed-off-by: Paul Vinciguerra <pvinci@vinciconsulting.com>
Jon Loeliger [Tue, 28 Jan 2020 13:30:28 +0000 (07:30 -0600)]
map: Prevent IPv4 prefix spoofing during IPv6 -> IPv4
Prevent malicious packets with spoofed embedded IPv4 addresses
by limiting the IPv6 ingress packets to known MAP-T domains.
Drop spoofed packets.
Add several tests that ensure spoofing isn't allowed.
Type: fix
Fixes:
fc7344f9be
Change-Id: I80a5dd10d5fe7492e3a1b04de389d649a78065e2
Signed-off-by: Jon Loeliger <jdl@netgate.com>
Alexander Chernavin [Thu, 23 Jan 2020 13:09:40 +0000 (08:09 -0500)]
map: handle ip4 ttl=1 packets in map-t
With this commit, ICMP Time Exceeded is sent to sender when TTL
expires at MAP BR.
Type: fix
Change-Id: I8effe163beab32596883127b819308cc355512c3
Signed-off-by: Alexander Chernavin <achernavin@netgate.com>
Damjan Marion [Wed, 29 Jan 2020 09:31:26 +0000 (10:31 +0100)]
crypto-native: don't expand aes-cbc keys twice
Type: refactor
Change-Id: If0d9ec70f9e8c228c39505864a4a73bf94b67479
Signed-off-by: Damjan Marion <damarion@cisco.com>
Klement Sekera [Wed, 29 Jan 2020 22:59:48 +0000 (22:59 +0000)]
bfd: add missing cast
Add missing cast to time conversion function to to deal with arbitrary
clocks-per-second values.
Type: fix
Change-Id: I5075a823e7a95c972c513ac765252337d5f59fbf
Signed-off-by: Klement Sekera <ksekera@cisco.com>
Alexander Chernavin [Fri, 17 Jan 2020 13:31:04 +0000 (08:31 -0500)]
tests: add map-t fragmentation verifications
Type: test
Change-Id: I5522e88ee178d0563c246895393e835d125f1b81
Signed-off-by: Alexander Chernavin <achernavin@netgate.com>
Dave Barach [Tue, 28 Jan 2020 22:03:05 +0000 (17:03 -0500)]
dhcp: disable extraneous vlib_log spew
When there are no dhcp client interfaces configured, it's not
useful to make periodic / timeout log entries.
Type: fix
Signed-off-by: Dave Barach <dave@barachs.net>
Change-Id: I16b68fe15ad9de789e49ad1b782b3b0e536bad60
Florin Coras [Tue, 28 Jan 2020 03:21:28 +0000 (19:21 -0800)]
session tcp: fix packet tracing
Type: fix
Change-Id: Ib823d016c64998779fb1d00b8aad3acb5e8340be
Signed-off-by: Florin Coras <fcoras@cisco.com>
Florin Coras [Mon, 27 Jan 2020 18:34:13 +0000 (18:34 +0000)]
hsa: proxy rcv wnd update acks after full fifos
Avoid rcv wnd probing after zero window advertisments by registering for
tx dequeue notifications and forcing acks that open the rcv wnd.
Type: feature
Signed-off-by: Florin Coras <fcoras@cisco.com>
Change-Id: I8f33e3cf917f8c83d412f370ca66013aa4cd6e67
Damjan Marion [Tue, 28 Jan 2020 08:55:25 +0000 (09:55 +0100)]
crypto-native: rename crypto_ia32 to crypto_native
Type: refactor
Change-Id: I9f21b3bf669ff913ff50afe5459cf52ff987e701
Signed-off-by: Damjan Marion <damarion@cisco.com>
Vladimir Ratnikov [Tue, 14 Jan 2020 14:48:31 +0000 (09:48 -0500)]
map: ip4-map-t more RFC compliant
When MTU is not set, ignore_df and mtu check
always returns true and packets are dropped.
This patch puts MTU checks after it was
compared with 0 and set to maximum if not set.
Added trace node.
If MTU is less than the total length value of
the IPv4 packet plus 20, the translator MUST
send an ICMPv4 "Fragmentation Needed" error message
to the IPv4 source address
Type: fix
Fixes:
87663cdf644fb7c94c0fec9460829b7e4e7c35ca
Signed-off-by: Vladimir Ratnikov <vratnikov@netgate.com>
Change-Id: I35b99bc2648984cdbf5b6a57ddec91c586b15bef
Damjan Marion [Thu, 19 Dec 2019 12:27:28 +0000 (13:27 +0100)]
crypto-ia32: add VAES support for AES-CBC
Type: feature
Change-Id: Ic8aa6c48913677537301971469f9627b70c1cec8
Signed-off-by: Damjan Marion <damarion@cisco.com>
Ignas Bacius [Fri, 3 Jan 2020 13:05:46 +0000 (15:05 +0200)]
sr: fix possible null-pointer dereference
Steps to reproduce VPP crash:
1. configure localsid End behavior
2. ping the localsid address
Type: fix
Signed-off-by: Ignas Bacius <ignas@noia.network>
Change-Id: Id780e0875ec9cdb25252217990919fb3dddbf06a
Damjan Marion [Wed, 18 Dec 2019 17:45:19 +0000 (18:45 +0100)]
vppinfra: use CPUID provided base frequency if available
Type: fix
Change-Id: Ifb007207be97119e07c3a0eba4714eb519de043c
Signed-off-by: Damjan Marion <damarion@cisco.com>
Damjan Marion [Wed, 18 Dec 2019 15:09:48 +0000 (16:09 +0100)]
vppinfra: add x86 CPU definitions
Type: feature
Change-Id: I9d1f9f00ac011a93709850186dcf4cf5ea3bf88a
Signed-off-by: Damjan Marion <damarion@cisco.com>
Dave Barach [Mon, 27 Jan 2020 14:56:58 +0000 (09:56 -0500)]
classify: pcap / packet trace debug CLI bugs
"classify filter trace ... " and "classify filter pcap ..." are
mutually exclusive.
vnet_pcap_dispatch_trace_configure needs to check for
set->table_indices == NULL.
Type: fix
Ticket: VPP-1827
Signed-off-by: Dave Barach <dave@barachs.net>
Change-Id: I43733364087ffb0a43de92e450955033431d559d
Steven Luong [Mon, 27 Jan 2020 18:37:56 +0000 (10:37 -0800)]
interface: Add missing ip4 udp->checksum = 0 prior to computing checksum
For ip4 tcp, ip6 tcp, and ip6 udp packet, we set checksum = 0 prior to
computing the checksum. We missed ip4 udp case. This oversight requires all
clients to set udp->checksum = 0 if ip4 udp checksum offload is needed.
Type: fix
Signed-off-by: Steven Luong <sluong@cisco.com>
Change-Id: Ic608811e82099f3bec469e123671e9b281f38d76
Neale Ranns [Sun, 29 Dec 2019 23:55:18 +0000 (23:55 +0000)]
ipip: Multi-point interface
Type: feature
plus fixes for gre
Signed-off-by: Neale Ranns <nranns@cisco.com>
Change-Id: I0eca5f94b8b8ea0fcfb058162cafea4491708db6
Neale Ranns [Sun, 29 Dec 2019 23:55:18 +0000 (23:55 +0000)]
tunnel: Common types for IP tunnels
Type: refactor
Signed-off-by: Neale Ranns <nranns@cisco.com>
Change-Id: I18dcdb7af3e327f6cacdbcb1e52b89f13d6ba6e2
Benoît Ganne [Tue, 21 Jan 2020 17:24:44 +0000 (18:24 +0100)]
map: api: fix tag overflow and leak
The 'tag' parameter is expected to be a NULL-terminated C-string in
callees:
- make sure it is null-terminated in both API and CLI cases
- do not allocate & copy the string into a non-NULL-terminated vector
in API case
- fix leak in CLI case
Type: fix
Change-Id: I221a489a226240548cdeb5e3663bbfb94eee4600
Signed-off-by: Benoît Ganne <bganne@cisco.com>
Klement Sekera [Fri, 17 Jan 2020 10:01:52 +0000 (10:01 +0000)]
bfd: reset peer discriminator on timeout
More RFC compliance.
Ticket: VPP-1816 BFD: peer discriminator not reset on timeout
Type: fix
Change-Id: I68063c18097d282b3527e3fb485c1d0d1fd1b0c8
Signed-off-by: Klement Sekera <ksekera@cisco.com>
Jakub Grajciar [Thu, 14 Nov 2019 09:47:25 +0000 (10:47 +0100)]
libmemif: memif_control_fd_update always pass context from libmemif_main
Event polling instance is always identified by libmemif main private context.
Fixes event polling handled by libmemif.
Type: fix
Signed-off-by: Jakub Grajciar <jgrajcia@cisco.com>
Change-Id: I51dcdb279b18f8ce97bad3b2695848e0b25a232d
Neale Ranns [Thu, 23 Jan 2020 22:46:06 +0000 (22:46 +0000)]
fib: Reload the adj after possible realloc (VPP-1822)
Type: fix
Fixes:
418b225931634f6d113d2971cb9550837d69929d
Change-Id: Ia5f4ea24188c4f3de87e06a7fd07b40bcb47cfc1
Signed-off-by: Neale Ranns <nranns@cisco.com>
Benoît Ganne [Fri, 24 Jan 2020 17:06:01 +0000 (18:06 +0100)]
devices: vhost: fix data offset on input
Regardless of whether the virtio_net_hdr is sent as a separate
descriptors or in the same descriptor as the data, we always want to
skip the header length - maybe moving to the next descriptor along the
way.
Type: fix
Change-Id: Iaa70aeb310e589639b20f8c7029aaa8d3ce5d307
Signed-off-by: Benoît Ganne <bganne@cisco.com>
Paul Vinciguerra [Thu, 19 Dec 2019 16:51:22 +0000 (11:51 -0500)]
docs nat: fix nat-ha ascii art
See: https://docs.fd.io/vpp/19.08/nat_ha_doc.html
Type: docs
Change-Id: I43ecf1dfb6976ebafee04d820f0e1b07393a0b93
Signed-off-by: Paul Vinciguerra <pvinci@vinciconsulting.com>
Florin Coras [Wed, 18 Dec 2019 17:38:40 +0000 (09:38 -0800)]
session: fix node runtime in pre-input queue handler
Call session queue node with the right node runtime instead of the
pre-input node runtime.
Type: fix
Change-Id: I43d20bed4930fc877b187ce7ecdce62034b393c5
Signed-off-by: Florin Coras <fcoras@cisco.com>
John DeNisco [Fri, 24 Jan 2020 19:04:41 +0000 (14:04 -0500)]
docs: Update the requirements and fix the build
Signed-off-by: John DeNisco <jdenisco@cisco.com>
Change-Id: I30e37f7e549083337b11ace95b4ff4f427d9fc8c
Matthew Smith [Thu, 16 Jan 2020 19:48:52 +0000 (13:48 -0600)]
nat: in2out-output nodes work with acl reflect
Type: feature
The current feature ordering of NAT44 nodes with respect to the
ACL plugin's IPv4 input/output features is:
ip4-output: acl-plugin-out-ip4-fa runs before any NAT44 nodes
ip4-unicast: acl-plugin-in-ip4-fa runs before any NAT44 nodes
ACL rules with action permit+reflect can keep track of outbound
flows and allow the replies inbound without an explicit inbound rule.
If ACL permit+reflect rules are configured on an interface that also
has NAT44 configured with output-feature/postrouting translation of
outbound packets, the ACL rules cannot allow inbound packets. The
ACL state that was stored on the outbound flow contains the IP
addresses of the original packet, prior to translation. The inbound
packets are being evaluated by the ACL node using the translated
addresses.
The order of processing inbound needs to be the opposite of what it
was outbound for this to work. Change the NAT44 features on
ip4-output so that they run before outbound ACL nodes. This matches
the existing behavior of the NAT44 nodes which rewrite
source addresses as an input feature instead of an output feature.
This was only done for endpoint dependent mode because the regular
endpoint independent in2out-output node currently selects an
explicit next node rather than using the next node on the feature
arc.
Unit test added to configure both NAT and an ACL and ensure that
out2in packets matching an in2out flow are permitted by the ACL
and translated by NAT.
Change-Id: Ibd679c28b64c3fc3cc8c0606ea93123e384e839f
Signed-off-by: Matthew Smith <mgsmith@netgate.com>
Florin Coras [Wed, 22 Jan 2020 15:32:12 +0000 (07:32 -0800)]
vcl: always report EPOLLHUP/EPOLLRDHUP on close
Type: fix
Change-Id: I3d24a7973c7113ffeb9109e89cda7fa960e73a5b
Signed-off-by: Florin Coras <fcoras@cisco.com>
Florin Coras [Wed, 22 Jan 2020 02:33:23 +0000 (18:33 -0800)]
vcl session: udp session migration notifications
Type: feature
Change-Id: I402549818ba6e078802e914293304174dc6625c2
Signed-off-by: Florin Coras <fcoras@cisco.com>
Benoît Ganne [Fri, 29 Nov 2019 16:28:30 +0000 (17:28 +0100)]
docs: add AddressSanitizer mini-howto
Type: docs
Change-Id: I3bb589d04f15a03166a6d457552ffc316fb02f94
Signed-off-by: Benoît Ganne <bganne@cisco.com>
Tetsuya Murakami [Thu, 16 Jan 2020 13:46:29 +0000 (05:46 -0800)]
srv6-mobile: fix the converity issue
Type: fix
Signed-off-by: Tetsuya Murakami <tetsuya.mrk@gmail.com>
Change-Id: I358a290f4ac121f075f7ee52941beabe478bfba0
Dave Barach [Thu, 23 Jan 2020 13:44:40 +0000 (08:44 -0500)]
api: mark api_trace_command_fn thread-safe
Binary API trace replay with multiple worker threads depends in many
cases on worker thread graph replica maintenance. If we (implicitly)
assert a worker thread barrier at the debug CLI level, all graph
replica changes are deferred until the replay operation completes. If
an interface is deleted, the wheels may fall off.
Type: fix
Ticket: VPP-1824
Signed-off-by: Dave Barach <dave@barachs.net>
Change-Id: I9b07d43f8501caa5519e5ff9ae4c19dc2661cc84
Neale Ranns [Tue, 21 Jan 2020 04:58:02 +0000 (04:58 +0000)]
ipsec: re-enable DPDK IPSec for tunnel decap/encap (VPP-1823)
Type: fix
Change-Id: Iff9b1960b122f7d326efc37770b4ae3e81eb3122
Signed-off-by: Neale Ranns <nranns@cisco.com>
Neale Ranns [Sun, 12 Jan 2020 21:16:55 +0000 (21:16 +0000)]
fib: Adjacency realloc during rewrite update walk (VPP-1822)
Type: fix
Change-Id: I0e826284c50713d322ee7943d87fd3363cfbdfbc
Signed-off-by: Neale Ranns <nranns@cisco.com>
Florin Coras [Wed, 22 Jan 2020 00:17:53 +0000 (16:17 -0800)]
hsa: proxy app fixes
Type: fix
Change-Id: Icb4b331c9346d3781f4ddd6f62891c78d4059c1f
Signed-off-by: Florin Coras <fcoras@cisco.com>
Neale Ranns [Mon, 20 Jan 2020 02:28:00 +0000 (02:28 +0000)]
fib: FIB crash removing labelled route (VPP-1818)
Type: fix
The crash occured trying to retreive a NULL path list to walk the path
extensions. A walk shoul not be required, because there should be no
extensins, since all paths are removed. The problem is that when the
paths were added, they were not sorted, hence neither were the
extensions and when they were updated, duplicate extensions were added,
and hence a path removal did not remove them all.
Fix is to make sure paths are sorted.
Change-Id: I069d937de8e7bc8aae3d92f588db4daff727d863
Signed-off-by: Neale Ranns <nranns@cisco.com>
(cherry picked from commit
257749c40946a9269140d322e374d74c3b6eefb8)
Dave Wallace [Tue, 21 Jan 2020 16:56:19 +0000 (16:56 +0000)]
nsim: enable output scheduling on main thread
Type: fix
Change-Id: I5d47cb9bc7eb7f3c8485e3b42f0701e81d87ba2a
Signed-off-by: Dave Wallace <dwallacelf@gmail.com>
Alexander Chernavin [Tue, 14 Jan 2020 11:11:42 +0000 (06:11 -0500)]
nat: fix dhcp client on outside interface with output feature
There was an attempt to fix this problem in the commit:
d3b8c861a44e70c197ab721fa3ce7f38bbeab7fd
But checking the LOCALLY_ORIGINATED flag didn't work because this flag
gets reset before it can reach the NAT nodes.
With this commit, replace the check for the LOCALLY_ORIGINATED flag
with a check to see if the packet is a DHCP broadcast.
Type: fix
Change-Id: I069c08a785b5988b10192f528e4f9c4c7cc2f8a3
Signed-off-by: Alexander Chernavin <achernavin@netgate.com>
Filip Varga [Fri, 17 Jan 2020 18:24:13 +0000 (19:24 +0100)]
nat: removed obsolete fragmentation code
Type: fix
Ticket: VPP-1817
Signed-off-by: Filip Varga <fivarga@cisco.com>
Change-Id: Id4d694ce636b0a213e65ce27c32a8150df9af0f8
Florin Coras [Thu, 16 Jan 2020 19:15:54 +0000 (11:15 -0800)]
classify: fix pcap filter set init
Type: fix
Change-Id: I6a48a6c14bfb84b3460e8211021bc9df6e915dba
Signed-off-by: Florin Coras <fcoras@cisco.com>
Yulong Pei [Wed, 8 Jan 2020 17:12:43 +0000 (01:12 +0800)]
lb: fix that lb_add_del_vip and lb_add_del_as api doesn't work correctly
Currently if user want to set ip4 address to the api, it must convert to ip6
format, e.g. user want to ip4 "90.1.2.1" but must convert to "::5A01:0201",
it is not acceptable, this fix solved the issue.
Ticket: FDIO-753
Type: fix
Change-Id: I2ffa5a3d38400ee176cf601421074f71fc395f03
Signed-off-by: Yulong Pei <yulong.pei@intel.com>
Filip Varga [Thu, 16 Jan 2020 13:58:47 +0000 (14:58 +0100)]
nat: refactor of port/address allocation functions
Change-Id: Ie2a3c0f44322dd8415603b7ce51bb72d72769c95
Ticket: VPP-1815
Type: refactor
Signed-off-by: Filip Varga <fivarga@cisco.com>