Mohammed Hawari [Mon, 27 Feb 2023 14:33:30 +0000 (15:33 +0100)]
 
udp: fix optimistic assert for UDP RX
Change-Id: I431c4a6f409b129e4290dba2e1acadea460ac797
Signed-off-by: Mohammed Hawari <[email protected]>
Type: improvement
Fan Zhang [Wed, 1 Mar 2023 14:45:46 +0000 (14:45 +0000)]
 
vpp-swan: improve Makefile
Type: improvement
Since VPP-SWAN does not really need StrongSwan to be compiled,
this patch refines the Makefile to reflect the change.
In addition README is updated.
Signed-off-by: Fan Zhang <[email protected]>
Change-Id: I185957167ac71a44f4d12e78e1dac31c194f80f4
Tianyu Li [Mon, 27 Feb 2023 09:14:34 +0000 (09:14 +0000)]
 
vcl: fix undeclared UDP_SEGMENT for centos 8
Old distros Centos 8 / Ubuntu 18.04 header files doesn't have UDP_SEGMENT
declared, define UDP_SEGMENT to right value if not defined.
Type: fix
Fixes: 
eff5f7aea8c7 ("vcl: ldp support for ip_pktinfo")
Signed-off-by: Tianyu Li <[email protected]>
Change-Id: I99314b895e7d09962a36e7f5582c09d0d77563dc
Florin Coras [Tue, 28 Feb 2023 22:51:03 +0000 (14:51 -0800)]
 
hs-test: fix wait for app after ldp change
After gerrit 38370 (
729b9c94), apps are registered via ldp using program
name. Update tests to support that.
Also add make file help for UNCONFIGURE.
Type: test
Signed-off-by: Florin Coras <[email protected]>
Change-Id: I4ad50abfd175664b47b358df1a72e0758f51190d
Florin Coras [Mon, 30 Jan 2023 19:18:36 +0000 (11:18 -0800)]
 
session: consolidate port alloc logic
Move port allocation logic from transports into generic transport layer.
Type: improvement
Signed-off-by: Florin Coras <[email protected]>
Change-Id: I55a21f185d00f5e118c36bcc4a6ffba2cbda885e
Florin Coras [Tue, 28 Feb 2023 20:43:39 +0000 (12:43 -0800)]
 
tcp: add dispatch errors to counters
Type: fix
Signed-off-by: Florin Coras <[email protected]>
Change-Id: I27112947071a757065162f0e50f69983d258525d
Maros Ondrejicka [Tue, 28 Feb 2023 11:49:43 +0000 (12:49 +0100)]
 
hs-test: fill configuration files at runtime
Treat certain configuration files, which contain runtime-dependent
information, as templates. The information is filled at runtime and the
files are copied into containers.
This allows to avoid hard-coding IP addresses into configuration files.
Type: test
Signed-off-by: Maros Ondrejicka <[email protected]>
Change-Id: I1dae8f15f4f76c0bf1779d7c68b7f3859bf5a861
Florin Coras [Tue, 28 Feb 2023 18:58:08 +0000 (10:58 -0800)]
 
vcl: use program invocation name in ldp app name
Type: improvement
Signed-off-by: Florin Coras <[email protected]>
Change-Id: I2c97faa2cdca32d083aabc3344c8fe67c74ff2fd
Maros Ondrejicka [Tue, 28 Feb 2023 18:40:09 +0000 (19:40 +0100)]
 
hs-test: allow nginx suite to unconfigure topology
Type: test
Signed-off-by: Maros Ondrejicka <[email protected]>
Change-Id: I84209e6d2c914d1c7b9dec7efc3898b75552db1b
Maros Ondrejicka [Mon, 27 Feb 2023 12:22:45 +0000 (13:22 +0100)]
 
hs-test: test vpp+nginx mirroring with tap ifaces
Type: test
Signed-off-by: Maros Ondrejicka <[email protected]>
Change-Id: I05bbed8fd9d40929f040574044aed5292a475e91
Florin Coras [Tue, 7 Feb 2023 17:11:47 +0000 (09:11 -0800)]
 
vcl: handle lt events in epoll ctl
Type: fix
Signed-off-by: Florin Coras <[email protected]>
Change-Id: I4e176e9ada32d5f61d10aeca1c68f72114dec9b8
Maros Ondrejicka [Mon, 27 Feb 2023 15:52:57 +0000 (16:52 +0100)]
 
hs-test: add option to unconfigure topology
Adding `UNCONFIGURE=true` argument when running `make test` will skip
test run and unconfigure existing topology for that test.
Type: test
Signed-off-by: Maros Ondrejicka <[email protected]>
Change-Id: I197747a56ca68807f0b2c3f25b6f61c3dcc41ace
Florin Coras [Mon, 6 Feb 2023 21:30:13 +0000 (13:30 -0800)]
 
vcl: improve vls handling of shared listeners
Type: improvement
Signed-off-by: Florin Coras <[email protected]>
Change-Id: I1970408de52e53d24cea06b3ae0cc68a38cbc97a
Maros Ondrejicka [Thu, 23 Feb 2023 12:19:15 +0000 (13:19 +0100)]
 
hs-test: refactor netconfig
This joins separate representations of veth and tap interfaces
into a single struct. It removes the need for type interface
and embedding which simplifies the code.
Type: test
Signed-off-by: Maros Ondrejicka <[email protected]>
Change-Id: I1b2c368bfe90a5bdfaaa9a5129c27d7d96f8fe3b
Gabriel Oginski [Tue, 14 Feb 2023 08:41:07 +0000 (08:41 +0000)]
 
vpp-swan: fix segmentation fault in arp function
This patch adds a missing file descriptor free handler to prevent
invalid dereferencing in the future
Type: fix
Signed-off-by: Gabriel Oginski <[email protected]>
Change-Id: Idc809a70b1fedec9a06446344d5481d467c78c19
Gabriel Oginski [Fri, 24 Feb 2023 10:22:32 +0000 (10:22 +0000)]
 
wireguard: fix potential leaks of async frame
The current implementation can cause memory leaks of async frames
and exhaust the async frames pool. Wireguard can early get async frame,
even when later it turns out it is not needed. Then such frame won't
be freed.
This fix changes the moment of acquiring async frame from the pool, so
it doesn't leak.
Type: fix
Signed-off-by: Gabriel Oginski <[email protected]>
Change-Id: If7696de6a6f5db84e0dffef60caa31d4a5e6280e
Filip Tehlar [Mon, 20 Feb 2023 12:46:32 +0000 (13:46 +0100)]
 
tcp: fix error counters
Type: fix
Signed-off-by: Filip Tehlar <[email protected]>
Change-Id: I9f4944f77ecf94f16f809392f28466e33f7f779d
Maros Ondrejicka [Fri, 24 Feb 2023 10:26:39 +0000 (11:26 +0100)]
 
hs-test: store logs
Type: test
Signed-off-by: Maros Ondrejicka <[email protected]>
Change-Id: I50ad5d8c2e5066d8d24f7959aeb534a2f0a6fae0
Maros Ondrejicka [Fri, 24 Feb 2023 13:16:25 +0000 (14:16 +0100)]
 
hs-test: modify nginx tests
This will make name of the test unique so that executing specifically
this test won't execute also other tests starting with same name.
Type: test
Signed-off-by: Maros Ondrejicka <[email protected]>
Change-Id: I8013aa453c2a1c3c156e6476a93fd58bbb850b93
Filip Tehlar [Tue, 31 Jan 2023 09:34:18 +0000 (10:34 +0100)]
 
hs-test: improve test infra
- add support for building/running debug/release images
- have one point of control (Makefile)
- list all test cases
Type: test
Signed-off-by: Filip Tehlar <[email protected]>
Change-Id: I97949abc2fff85d7a2b3784122be159aeec72b52
Dave Wallace [Thu, 23 Feb 2023 19:26:46 +0000 (14:26 -0500)]
 
srtp: fix build on ubuntu-22.04
- The version of libsrtp2 (2.4.2) on ubuntu-22.04 changed
  the 'ekt' field in srtp_policy_t to 'deprecated_ekt'.
Type: fix
Change-Id: Icb9d8f3b56c8305bcdac5066a5f8e3e5d17d37cf
Signed-off-by: Dave Wallace <[email protected]>
Dave Wallace [Wed, 22 Feb 2023 18:56:06 +0000 (13:56 -0500)]
 
hs-test: fix install/build on new ubuntu instance
Type: test
Signed-off-by: Dave Wallace <[email protected]>
Change-Id: I9c59d98d16e387925057626ba9080210f4334c53
Maros Ondrejicka [Tue, 21 Feb 2023 09:53:20 +0000 (10:53 +0100)]
 
hs-test: clean-up ip address generation
Type: test
Signed-off-by: Maros Ondrejicka <[email protected]>
Change-Id: I74c505920d1363d0ff2b3213fd831c181b70a173
Florin Coras [Mon, 20 Feb 2023 23:14:04 +0000 (15:14 -0800)]
 
session: track app session closes
Make sure applications, especially builtin ones, cannot close a session
multiple times.
Type: improvement
Signed-off-by: Florin Coras <[email protected]>
Change-Id: I960a1ae89a48eb359e7e1873a59d47c298c37ef1
Florin Coras [Wed, 8 Feb 2023 01:36:17 +0000 (17:36 -0800)]
 
vcl: ldp support for ip_pktinfo
Type: improvement
Signed-off-by: Florin Coras <[email protected]>
Change-Id: I3c15f38a4a3f5e92506059277948e7fca9cd8b55
Liangxing Wang [Thu, 16 Feb 2023 09:31:01 +0000 (09:31 +0000)]
 
vcl: fix incorrect ldp worker in ldp_epoll_pwait()
For some apps(e.g. wrk2) upon vpp hoststack, ldp_epoll_pwait()
is called. In this function, epoll fd was created on one thread,
but it is now used on another thread. The vcl worker index is still
invalid, so the fetched ldp worker is also invalid and can corrupt
some already allocated memory.
Just as the ldp_epoll_pwait_eventfd(), make sure the vcl worker is valid
before getting the ldp worker in ldp_epoll_pwait().
Type: fix
Signed-off-by: Liangxing Wang <[email protected]>
Change-Id: I2ec23a4b5d5b0879a06642ffd80f95e948af4274
Maros Ondrejicka [Wed, 15 Feb 2023 16:44:46 +0000 (17:44 +0100)]
 
hs-test: check for missing output in nginx tests
Type: test
Signed-off-by: Maros Ondrejicka <[email protected]>
Change-Id: I08cd492fff4b9d50a1761a29c2b231cc8544313b
Alexander Skorichenko [Thu, 19 Jan 2023 13:26:47 +0000 (14:26 +0100)]
 
wireguard: move buffer when insufficient pre_data left
Currently wg-output-tun() doesn't check if a buffer has enough space for
prepending an ethernet header (wg header over ipv6 vxlan header case
leaves only 8 bytes free).
In such a case move buffer's content.
Type: fix
Change-Id: Iad18860e6b86a3d81f3d96d782de7c59556152d0
Signed-off-by: Alexander Skorichenko <[email protected]>
Florin Coras [Wed, 15 Feb 2023 03:12:30 +0000 (19:12 -0800)]
 
session: ignore zero length dgrams
Type: fix
Signed-off-by: Florin Coras <[email protected]>
Change-Id: I70596ffcf90fa4cd57092584cb7a454f44208943
Maros Ondrejicka [Tue, 14 Feb 2023 11:56:49 +0000 (12:56 +0100)]
 
hs-test: clean-up obsolete code
Type: test
Signed-off-by: Maros Ondrejicka <[email protected]>
Change-Id: I52cd825f903e41c35f6c4a9db71f00dbedbb8680
Tianyu Li [Sat, 28 Jan 2023 07:58:45 +0000 (07:58 +0000)]
 
build: add missing dependences for centos 8
VPP build failed on Centos stream 8 when build xdp-tool
and dpdk mlx driver, Add the missing tools, libraries and headers.
Type: fix
Signed-off-by: Tianyu Li <[email protected]>
Change-Id: Ie705dc8f558ceb872029f9ab4f1351b514c87405
Dmitry Valter [Fri, 27 Jan 2023 12:49:55 +0000 (12:49 +0000)]
 
tests: support tmp-dir on different filesystem
Support running tests with `--tmp-dir` on a filesystem different from /tmp.
os.rename withs only within a single FS whereas shutil.move works accross
different filesystems.
Type: improvement
Signed-off-by: Dmitry Valter <[email protected]>
Change-Id: I5371f5d75386bd2b82a75b3e6c1f2c850bc62356
Gabriel Oginski [Fri, 3 Feb 2023 08:12:36 +0000 (08:12 +0000)]
 
vpp-swan: removed adding the same rule in SPD
The current implementation of vpp-swan plugin adds the same policy rule
in SPD twice, and it is not necessary to have two the same rules in
inbound-protect database.
This patch fixes an issue that prevents the addition of a second
identical policy rule in SPD.
Type: fix
Signed-off-by: Gabriel Oginski <[email protected]>
Change-Id: Ieef74288e5301455658e4e101433147d6d2482e9
Nathan Brown [Fri, 30 Dec 2022 20:04:39 +0000 (20:04 +0000)]
 
rdma: always use 64 byte CQEs for MLX5
When DPDK MLX PMDs are built, and the DPDK plugin is loaded, DPDK may
set the MLX5_CQE_SIZE environment variable to 128. This causes the RDMA
plugin to be unable to create completion queues. Since the RDMA plugin
expects the CQEs to be 64 bytes, set the cqe_size explicitly when
creating the CQ. This avoids any issues with different values for the
MLX5_CQE_SIZE environment variable.
Type: improvement
Signed-off-by: Nathan Brown <[email protected]>
Change-Id: Idfd078d3045a4dcb674325ef36f85a89df6fbebc
Dave Wallace [Sat, 11 Feb 2023 00:20:28 +0000 (19:20 -0500)]
 
misc: VPP 22.10.1 Release Notes
Type: docs
Signed-off-by: Dave Wallace <[email protected]>
Change-Id: I70374ea376c895d92d5789debf4b437113e3d884
(cherry picked from commit 
57302fe52f141c19b5448997774271d2eedf5cb1)
Dave Wallace [Fri, 10 Feb 2023 18:28:46 +0000 (13:28 -0500)]
 
misc: VPP 22.06.1 Release Notes
Type: docs
Signed-off-by: Dave Wallace <[email protected]>
Change-Id: I8770a35c801126ffd2de8f58d79e6616642709a9
(cherry picked from commit 
1513b381d8879d9d437bbbc9a270b4ff5f4b19ba)
Takeru Hayasaka [Fri, 30 Dec 2022 07:41:44 +0000 (16:41 +0900)]
 
sr: support define src ipv6 per encap policy
Can to define src ip of outer IPv6 Hdr for each encap policy.
Along with that, I decided to develop it as API version V2.
This is useful in the SRv6 MUP case.
For example, it will be possible to handle multiple UPF destinations.
Type: feature
Change-Id: I44ff7b54e8868619069621ab53e194e2c7a17435
Signed-off-by: Takeru Hayasaka <[email protected]>
Maros Ondrejicka [Tue, 7 Feb 2023 19:40:27 +0000 (20:40 +0100)]
 
hs-test: refactor test cases from no-topo suite
This converts remaining tests to configation of VPP from test context.
Type: test
Change-Id: I386714f6b290e03d1757c2a033a25fae0340f5d6
Signed-off-by: Maros Ondrejicka <[email protected]>
Maros Ondrejicka [Thu, 2 Feb 2023 07:58:04 +0000 (08:58 +0100)]
 
hs-test: refactor test cases from ns suite
This converts more tests to configure VPP from test context.
Type: test
Signed-off-by: Maros Ondrejicka <[email protected]>
Change-Id: Idf26b0c16f87e87c97b198412af39b99d947ced6
Naveen Joy [Wed, 1 Feb 2023 00:51:58 +0000 (16:51 -0800)]
 
tests: use existing pip compiled req file for building the run.py venv
pip compiled requirements file named requirements-3.txt exists in the
test directory. No need to auto-generate it again
Type: improvement
Change-Id: Ib2b51c983af8d0e4b000e4544012b6cd94405519
Signed-off-by: Naveen Joy <[email protected]>
Naveen Joy [Thu, 2 Feb 2023 21:56:59 +0000 (13:56 -0800)]
 
tests: use iperf3 for running interface tests on the host
Type: improvement
Change-Id: I7123591932d51ce0c5b372893454945bbd3913b2
Signed-off-by: Naveen Joy <[email protected]>
Maros Ondrejicka [Thu, 26 Jan 2023 09:07:29 +0000 (10:07 +0100)]
 
hs-test: configure VPP from test context
Instead of configuring VPP instances running inside of a container,
now the configuration is going to be done from within the test context
by using binary API and shared volume that exposes api socket.
This converts just some of the test cases, rest is to follow.
Type: test
Signed-off-by: Maros Ondrejicka <[email protected]>
Change-Id: I87e4ab15de488f0eebb01ff514596265fc2a787f
Florin Coras [Wed, 8 Feb 2023 17:47:54 +0000 (09:47 -0800)]
 
session: accept lcl ip updates on cl sessions
Allow apps/vcl to provide updated local ips for dgrams. In particular,
allow sessions bound to 0/0 to send data with valid local ips.
Type: improvement
Signed-off-by: Florin Coras <[email protected]>
Change-Id: I50a086b1c252731a32a15b6a181ad3dba0c687e0
Mohammed Hawari [Thu, 2 Feb 2023 12:29:28 +0000 (13:29 +0100)]
 
build: allow skipping external-deps
Change-Id: I0e5090ec6978af0dc4baecc7654918cf40663f42
Signed-off-by: Mohammed Hawari <[email protected]>
Type: feature
Ting Xu [Tue, 13 Dec 2022 03:10:54 +0000 (03:10 +0000)]
 
avf dpdk: fix incorrect handling of IPv6 src address in flow
In current flow creating process in native avf and dpdk-plugins, when
parsing the input arguments, it does not copy IPv6 src address correctly,
so that IPv6 src address will not be configured in any flow rule, and
any packet with the same address will not be matched.
Type: fix
Signed-off-by: Ting Xu <[email protected]>
Change-Id: Ic957c57e3e1488b74e6281f4ed1df7fd491af35c
Ting Xu [Tue, 17 Jan 2023 02:34:37 +0000 (02:34 +0000)]
 
avf: fix incorrect flag for flow director
When parsing flow action type in avf, there is an incorrect flag for
flow director, which makes flow director rule created unexpectedly.
Type: fix
Signed-off-by: Ting Xu <[email protected]>
Change-Id: Id9fed5db8ccacd5cc6c2f4833183364d763188c1
Ting Xu [Thu, 2 Feb 2023 02:06:12 +0000 (02:06 +0000)]
 
avf: fix checksum offload configuration
Fix some configurations of avf checksum offload to get the correct
udp and tcp checksum. Change Tx checksum offload capability since
avf supports ipv4, tcp and udp offload all. Remove the operation to
swap bit of checksum.
Type: fix
Signed-off-by: Ting Xu <[email protected]>
Change-Id: I55a916cc9ee6bef5b2074b5b6bb5f517fc2c178d
Ting Xu [Mon, 6 Feb 2023 03:01:10 +0000 (03:01 +0000)]
 
avf: fix bit calculation function fls_u32
In avf the function fls_u32 is used to calculate the power of 2.
Fix the expression of this function.
Type: fix
Signed-off-by: Ting Xu <[email protected]>
Change-Id: I27160de8588a5efb3f24306597a5a240deb3ab74
Alexander Chernavin [Thu, 2 Feb 2023 14:22:56 +0000 (14:22 +0000)]
 
ip6-nd: support dump/details for IPv6 RA
Type: improvement
With this change, add support for dumping IPv6 Router Advertisements
details on a per-interface basis (or all). Also, cover that with a test.
Signed-off-by: Alexander Chernavin <[email protected]>
Change-Id: I89fa93439d33cc36252377f27187b18b3d30a1d4
Benoît Ganne [Tue, 18 Jan 2022 14:56:41 +0000 (15:56 +0100)]
 
ipsec: fix AES CBC IV generation (CVE-2022-46397)
For AES-CBC, the IV must be unpredictable (see NIST SP800-38a Appendix
C). Chaining IVs like is done by ipsecmb and native backends for the
VNET_CRYPTO_OP_FLAG_INIT_IV is fully predictable.
Encrypt a counter as part of the message, making the (predictable)
counter-generated IV unpredictable.
Fixes: VPP-2037
Type: fix
Change-Id: If4f192d62bf97dda553e7573331c75efa11822ae
Signed-off-by: Benoît Ganne <[email protected]>
Florin Coras [Tue, 7 Feb 2023 17:01:59 +0000 (09:01 -0800)]
 
vcl: drop lock on segment attach failure
Type: fix
Signed-off-by: Florin Coras <[email protected]>
Change-Id: I3bc2c7986f492b7b7dfbc84e4893202354223790
Florin Coras [Fri, 3 Feb 2023 06:56:03 +0000 (22:56 -0800)]
 
vcl: add ldp implementation for recvmmsg
Type: improvement
Signed-off-by: Florin Coras <[email protected]>
Change-Id: I7322abc3d3b0aa81399667bf02b03786fc62c958
Florin Coras [Thu, 2 Feb 2023 20:56:16 +0000 (12:56 -0800)]
 
vcl: better handlig of ldp apis that rely on gnu source
Control use of apis that rely on _GNU_SOURCE being defined with compile
time macro.
Also fixes sendmmsg and recvmmsg which were not probably wrapped.
Type: improvement
Signed-off-by: Florin Coras <[email protected]>
Change-Id: I207de23210d4b9dc960bb4289159502760c5614d
Ting Xu [Mon, 30 Jan 2023 03:42:20 +0000 (03:42 +0000)]
 
packetforge: fix lack of edge for ipv6 after gtppsc
Add one new edge for ipv6 after gtppsc so that packetforge can parse
this protocol combination.
Type: fix
Signed-off-by: Ting Xu <[email protected]>
Change-Id: I1bae1ec617c4867de2e0b3de27eda77b89e5580c
Filip Tehlar [Fri, 27 Jan 2023 12:14:34 +0000 (13:14 +0100)]
 
hs-test: add nginx perf tests
Type: test
Signed-off-by: Filip Tehlar <[email protected]>
Change-Id: Ic609cf70c1d381afa78f393700359434c8bd0452
Damjan Marion [Mon, 30 Jan 2023 10:48:38 +0000 (11:48 +0100)]
 
vppinfra: refactor clib_socket_init, add linux netns support
Type: improvement
Change-Id: Ida2d044bccf0bc8914b4fe7d383f827400fa6a52
Signed-off-by: Damjan Marion <[email protected]>
Arthur de Kerhor [Wed, 16 Nov 2022 17:45:24 +0000 (18:45 +0100)]
 
ipsec: fix SA names consistency in tests
In some IPsec tests, the SA called scapy_sa designs the SA that
encrypts Scapy packets and decrypts them in VPP, and the one
called vpp_sa the SA that encrypts VPP packets and decrypts them
with Scapy. However, this pattern is not consistent across all
tests. Some tests use the opposite logic. Others even mix both
correlating scapy_tra_spi with vpp_tra_sa_id and vice-versa.
Because of that, sometimes, the SA called vpp_sa_in is used as an
outbound SA and vpp_sa_out as an inbound one.
This patch forces all the tests to follow the same following logic:
- scapy_sa is the SA used to encrypt Scapy packets and decrypt
them in VPP. It matches the VPP inbound SA.
- vpp_sa is the SA used to encrypt VPP packets and decrypt them in
Scapy. It matches the VPP outbound SA.
Type: fix
Signed-off-by: Arthur de Kerhor <[email protected]>
Change-Id: Iadccdccbf98e834add13b5f4ad87af57e2ea3c2a
Benoît Ganne [Tue, 3 Jan 2023 17:35:04 +0000 (18:35 +0100)]
 
ipsec: fix async crypto linked keys memory leak
Type: fix
Change-Id: I7bd2696541c8b3824837e187de096fdde19b2c44
Signed-off-by: Benoît Ganne <[email protected]>
Florin Coras [Fri, 3 Feb 2023 04:07:19 +0000 (20:07 -0800)]
 
session: fix out of bounds event memcpy
Type: fix
Signed-off-by: Florin Coras <[email protected]>
Change-Id: If5300653edd2dad470985f4591959d00cad2a43b
Dmitry Valter [Fri, 9 Dec 2022 19:34:22 +0000 (19:34 +0000)]
 
nat: fix accidental o2i deletion/reuse
Nat session is allocated before the port allocation. During port allocation
candidate address+port are set to o2i 6-tuple and tested against the flow hash.
If insertion fails, the port is busy and rejected. When all N attempts are
unsuccessful, "out-of-ports" error is recorded and the session is to be
deleted.
During session deletion o2i and i2o tuples are deleted from the flow hash.
In case of "out-of-ports" i2o tuple is not valid, however o2i is and it refers
to **some other** session that's known to be allocated.
By backing match tuple up session should be invalidated well enough not to
collide with any valid one.
Type: fix
Signed-off-by: Dmitry Valter <[email protected]>
Change-Id: Id30be6f26ecce7a5a63135fb971bb65ce318af82
Atzm Watanabe [Wed, 25 Jan 2023 05:11:10 +0000 (14:11 +0900)]
 
vpp-swan: allow SAs to be used to the route-based IPsec
This patch adds a "charon.plugins.kernel-vpp.use_tunnel_mode_sa"
key into strongswan.conf.  If this is turned off, SAs will be
installed without tunnel information and can be used to
"ipsec tunnel protect".  For the route-based IPsec, it will be
used with turning "policies" off in swanctl.conf.
Type: feature
Signed-off-by: Atzm Watanabe <[email protected]>
Change-Id: I58fb94bfe56627fa7002d9b95c48930a32993d2d
Ondrej Fabry [Fri, 3 Feb 2023 10:33:39 +0000 (11:33 +0100)]
 
vppapigen: fix incorrect comments in json
Type: fix
Signed-off-by: Ondrej Fabry <[email protected]>
Change-Id: I241cefbbce98cf6fef83f36bd87ae2c1f4b067f0
Ofer Heifetz [Thu, 2 Feb 2023 14:57:26 +0000 (06:57 -0800)]
 
tls: openssl: fix SSL_read partial read scenario
When application performs SSL_read from the app rx-fifo, it can
pre-allocate multiple segments, but there is an issue if the OpenSSL
manages to partially fill in the first segment, in this case, since
data is assumed to be copied over by OpenSSL to the pre-allocated
segments(s), vpp uses svm_fifo_enqueue_nocopy API which performs
zero copy by passing the pre-allocated segment to SSL_read.
If the decrypted data size is smaller than the pre-allocated fifo
segment buffer size, application will fetch buffers including zero
in the area not filled in by SSL_read.
Type: fix
Signed-off-by: Ofer Heifetz <[email protected]>
Change-Id: I941a89b17d567d86e5bd2c35785f1df043c33f38
Stanislav Zaikin [Thu, 2 Feb 2023 08:54:17 +0000 (09:54 +0100)]
 
linux-cp: fix auto-sub-int
lcp_itf_pair_pool could grew during sub-interface creation.
Type: fix
Signed-off-by: Stanislav Zaikin <[email protected]>
Change-Id: Ideafe392f9bb2b418ce9d6faa4f08dfe26f4a273
Benoît Ganne [Fri, 18 Nov 2022 16:05:10 +0000 (17:05 +0100)]
 
ip: fix ip ACL traces
If we match a next table, we must save its index in the trace instead of
the index of the 1st table.
Type: fix
Change-Id: Idd862242e7fc200eb3ab29b17a26131b844af2c0
Signed-off-by: Benoît Ganne <[email protected]>
Yulong Pei [Wed, 25 Jan 2023 08:05:03 +0000 (08:05 +0000)]
 
af_xdp: update custom XDP program example
Update custom XDP program example to work with libbpf 0.8.0 and
libxdp 1.2.9.
Type: fix
Signed-off-by: Yulong Pei <[email protected]>
Change-Id: Ib8d03f0be7f71fe996dfb7da0cfe35165711ebb0
Signed-off-by: Yulong Pei <[email protected]>
Ting Xu [Wed, 18 Jan 2023 04:22:00 +0000 (04:22 +0000)]
 
packetforge: fix order of dst/src address of mac
In the defination of mac node, the order of dst and src address is
reversed. Swap their order in this patch.
Type: fix
Signed-off-by: Ting Xu <[email protected]>
Change-Id: I039accc0a881eef12f13c75c5becf8b7df97d525
Yulong Pei [Wed, 25 Jan 2023 07:41:19 +0000 (07:41 +0000)]
 
af_xdp: fix default xdp program unload fail
Change to get ad->linux_ifindex in af_xdp_create_if() instead of in
af_xdp_load_program(), previous if did not load custom XDP program,
ad->linux_ifindex will be none, but bpf_xdp_detach() need it, so default
xdp program will be not unloaded when delete af_xdp interface.
Type: fix
Signed-off-by: Yulong Pei <[email protected]>
Change-Id: Id8a640204e8d29152f03349a0b58104b275635aa
Maxime Peim [Fri, 6 Jan 2023 11:57:38 +0000 (11:57 +0000)]
 
policer: API policer selection by index
Policer API calls were only by policer name. It is now possible to
select a policer by its index.
Some functionalities are also added to allow updating a policer
configuration and to refill its token buckets.
Some dead codes are being removed, and small fixes made.
Type: improvement
Signed-off-by: Maxime Peim <[email protected]>
Change-Id: I4cc8fda0fc7c635a4110da3e757356b150f9b606
Benoît Ganne [Thu, 26 Jan 2023 16:16:54 +0000 (17:16 +0100)]
 
fib: keep AddressSanitizer happy
adj_delegate_remove() makes 'ad' invalid, invalidate it only after its
use.
Type: fix
Change-Id: I6908d3dd2962ebd3fdf37e946cb19dae727bda09
Signed-off-by: Benoît Ganne <[email protected]>
Damjan Marion [Tue, 31 Jan 2023 19:14:13 +0000 (20:14 +0100)]
 
memif: improve error reporting
Type: improvement
Change-Id: I12b120d988347cced3df82810e86dc2fd5cfca80
Signed-off-by: Damjan Marion <[email protected]>
Artem Glazychev [Tue, 24 Jan 2023 08:34:00 +0000 (15:34 +0700)]
 
wireguard: update ESTABLISHED flag
We cannot confidently say that if we have received and processed
the handshake_initiation message, then the connection has been established.
Because we also send a response.
The fact that the connection is established can only be considered if a keepalive packet was received.
Type: fix
Signed-off-by: Artem Glazychev <[email protected]>
Change-Id: I61731916071990f28cdebcd1d0e4d302fa1dee15
Dave Wallace [Thu, 26 Jan 2023 17:44:01 +0000 (12:44 -0500)]
 
tests: refactor quic tests to use app-socket-api
- clean up nomenclature & use f-strings where applicable
Type: test
Signed-off-by: Dave Wallace <[email protected]>
Change-Id: I561b7808cfc3fbfa463f7698732d19759d9ddcd4
Benoît Ganne [Thu, 26 Jan 2023 18:23:19 +0000 (19:23 +0100)]
 
vppinfra: keep AddressSanitizer happy
The vector size must be increased before setting the element so that
AddressSanitizer can keep track of the accessible memory.
Type: fix
Change-Id: I7b13ce98ff29d98e643f399ec1ecb4681d3cec92
Signed-off-by: Benoît Ganne <[email protected]>
Damjan Marion [Thu, 26 Jan 2023 19:23:11 +0000 (20:23 +0100)]
 
vlib: chdir to runtime_dir
Type: improvement
Change-Id: Id8ab75ef4384a1029ab7ee84048f347708307830
Signed-off-by: Damjan Marion <[email protected]>
Benoît Ganne [Thu, 26 Jan 2023 18:28:16 +0000 (19:28 +0100)]
 
api: keep AddressSanitizer happy
Playing with vector length prevents AddressSanitizer to track accessible
memory. Make sure we update the size of the vector once we received the
data.
Type: fix
Change-Id: If7808254d46d7ab37d516e3de49e3583d07bb9ff
Signed-off-by: Benoît Ganne <[email protected]>
Benoît Ganne [Thu, 26 Jan 2023 16:04:58 +0000 (17:04 +0100)]
 
api: keep AddressSanitizer happy
socket_tx_buffer is a vector, update its length accordingly so that
AddressSanitizer can keep track of the allowed memory area.
By doing so we can get rid of socket_tx_nbytes which becomes redundant
with the vector length.
Type: fix
Change-Id: Ied7cb430b5dd40d5ed1390aa15bd5f455a0dba62
Signed-off-by: Benoît Ganne <[email protected]>
Benoît Ganne [Thu, 26 Jan 2023 18:27:20 +0000 (19:27 +0100)]
 
api: keep AddressSanitizer happy
Type: fix
Change-Id: I793206068b8dca15b2f7f525ae1049139333c5b8
Signed-off-by: Benoît Ganne <[email protected]>
Benoît Ganne [Thu, 26 Jan 2023 15:03:55 +0000 (16:03 +0100)]
 
dns: keep AddressSanitizer happy
Type: fix
Change-Id: I0ae4071ee317f38daa882fec17087a55afe75d1d
Signed-off-by: Benoît Ganne <[email protected]>
Nathan Skrzypczak [Mon, 28 Mar 2022 16:39:58 +0000 (18:39 +0200)]
 
dpdk: add intf tag to dev{} subinput
This patch allows to pass a tag when specifying
the dpdk `dev {  }` interface configuration.
It allows a control plane generating a vpp.conf
file to retreive the resulting mapping between
dpdk interfaces & sw_if_indices in VPP without
having to change the interface name exposed
to the user.
Type: feature
Change-Id: I55907417de0083b82d4a127172816cec3459acf3
Signed-off-by: Nathan Skrzypczak <[email protected]>
Artem Glazychev [Tue, 24 Jan 2023 09:10:29 +0000 (16:10 +0700)]
 
wireguard: sending the first handshake
After creating a peer, we send a handshake request. But it's not quite right
to call wg_send_keepalive() directly.
According to documentation, handshake initiation is sent after (REKEY_TIMEOUT + jitter) ms.
Since it's the first one - we don't need to take REKEY_TIMEOUT into account,
but we still have jitter.
It also makes no sense to immediately send keepalives,
because the connection is not created yet.
Type: fix
Signed-off-by: Artem Glazychev <[email protected]>
Change-Id: I61707e4be79be65abc3396b5f1dbd48ecbf7ba60
Filip Tehlar [Wed, 25 Jan 2023 12:56:38 +0000 (13:56 +0100)]
 
hs-test: handle error in config serialization
Type: test
Signed-off-by: Filip Tehlar <[email protected]>
Change-Id: If5bbf390df08acd1f67d31428b763f246dbcedf2
Maxime Peim [Fri, 13 Jan 2023 08:04:55 +0000 (08:04 +0000)]
 
api: pcap capture api update
Allow enabling and disabling pcap capture via the API.
A little bug is fixed along the way in
vl_api_classify_pcap_set_table_t_handler.
Type: improvement
Signed-off-by: Maxime Peim <[email protected]>
Change-Id: I096129c82aecdc82bee5dbfb5e19c76a51d80aab
Chen Yahui [Wed, 28 Sep 2022 13:30:07 +0000 (21:30 +0800)]
 
af_xdp: fix xdp socket create fail
In libbpf code, xsk_socket__create will call xsk_link_lookup to get the
xdp_sock bpf prog. But xsk_link_lookup can't get any bpf prog. This will
cause Libbpf not to insert the fd into xsks_map and return ERROR.
The solution to this problem is to insert fd into xsks_map ourselves
instead of libbpf.
Type: fix
Change-Id: Ic5d279c6ddc02d67371262d6106a5b53b70e7913
Signed-off-by: Chen Yahui <[email protected]>
Stanislav Zaikin [Thu, 21 Jul 2022 17:06:26 +0000 (19:06 +0200)]
 
vppapigen: enable codegen for stream message types
Enable codegen for C type from 'rpc A returns B stream C' notation
Type: improvement
Change-Id: I05cfce71c385d414d7b177a080009628bc8c8fad
Signed-off-by: Stanislav Zaikin <[email protected]>
Dmitry Valter [Sun, 22 Jan 2023 13:09:15 +0000 (13:09 +0000)]
 
vppinfra: fix random buffer OOB crash with ASAN
Don't truncate with vec_set_len bytes before they can be used. When
built with ASAN, it these bytes are poisoned and trigger SIGSEGV when
read.
Type: fix
Signed-off-by: Dmitry Valter <[email protected]>
Change-Id: I912dbbd83822b884f214b3ddcde02e3527848592
Benoît Ganne [Fri, 20 Jan 2023 08:52:01 +0000 (09:52 +0100)]
 
vlib: make pending_interrupts valid for AddressSanitizer
vec_alloc_aligned() pre-allocates the vector memory but does not
update its size, making ASan unhappy when trying to access it.
Type: fix
Change-Id: I80e753cf2458cf516d1180a24cfaca4f382339d5
Signed-off-by: Benoît Ganne <[email protected]>
Maxime Peim [Wed, 18 Jan 2023 10:57:31 +0000 (10:57 +0000)]
 
vppinfra: clib_bitmap fix
In clib_bitmap_set_region and clib_bitmap_set_multiple the index of
the last bit to set was off by 1. If this index was pointing to the
last bit of the bitmap, another uword would have been allocated,
even though it was unnecessary.
Moreover, in clib_bitmap_set_region, bits in the last word were not
properly set. Indeed, the n_bits_left value is wrong since n_bits
is not decreased by the number of already set bits.
Type: fix
Signed-off-by: Maxime Peim <[email protected]>
Change-Id: I8d7ef6f47abb9f1f64f38297da2c59509d74dd72
Steven Luong [Mon, 24 Oct 2022 16:10:59 +0000 (09:10 -0700)]
 
vxlan: convert vxlan to a plugin
per https://jira.fd.io/browse/VPP-2058
Type: improvement
Signed-off-by: Steven Luong <[email protected]>
Change-Id: Ica0828de218d25ada2d0d1491e373c3b78179ac1
Mohsin Kazmi [Mon, 16 Jan 2023 15:28:26 +0000 (15:28 +0000)]
 
ip: add the missing offload check
Type: fix
Signed-off-by: Mohsin Kazmi <[email protected]>
Change-Id: I64283648985c98e81f315da32a451cef6e60f933
Mohsin Kazmi [Wed, 18 Jan 2023 19:34:00 +0000 (19:34 +0000)]
 
af_packet: add the missing header-len for packets with checksum offload
Type: fix
Signed-off-by: Mohsin Kazmi <[email protected]>
Change-Id: Ifb790c25b38b2b1865cda7d95891bddd4195c601
Andrew Yourtchenko [Wed, 18 Jan 2023 13:01:05 +0000 (13:01 +0000)]
 
misc: Initial 23.06-rc0 commit
Type: docs
Signed-off-by: Andrew Yourtchenko <[email protected]>
Change-Id: I28c5cc0d54963389fe513c7de634f1a84c0bf11b
Nobuhiro MIKI [Wed, 28 Sep 2022 06:53:17 +0000 (15:53 +0900)]
 
lb: add source ip based sticky load balancing
This patch adds source ip based sticky session, which is already
implemented in many hardware LBs and software LBs. Note that sticky
sessions may be reset if the hash is recalculated as ASs are added
or deleted.
Since this feature is unrelated to the other existing options, the
lb_add_del_vip API version has been upgraded to v2 and a new option
"src_ip_sticky" has been added.
Type: feature
Signed-off-by: Nobuhiro MIKI <[email protected]>
Change-Id: I3eb3680a28defbc701f28c873933ec2fb54544ab
Guillaume Solignac [Wed, 11 Jan 2023 10:56:29 +0000 (11:56 +0100)]
 
build: use CMAKE_C_COMPILER_LAUNCHER for ccache
In some situations, CMake will find ccache in /usr/bin but /usr/bin
might not present in PATH. The former fix for this was to place the
ccache configuration logic before the project() declaration, but since
CMake 3.4 there is a new variable to be used which handles this case.
For the original problem, see also
https://crascit.com/2016/04/09/using-ccache-with-cmake/
Type: fix
Signed-off-by: Guillaume Solignac <[email protected]>
Change-Id: Ie026e02b2b06e2dca2d62da5fea7b1a104bcc7c3
Ole Troan [Wed, 5 May 2021 21:00:58 +0000 (23:00 +0200)]
 
vppapigen: include comments in json
Type: feature
Signed-off-by: Ole Troan <[email protected]>
Change-Id: Ibd796adea734b64d9209c5e18c5b9800cbaf62c6
Signed-off-by: Dave Wallace <[email protected]>
Florin Coras [Tue, 17 Jan 2023 21:02:51 +0000 (13:02 -0800)]
 
hs-test: zero timeout on docker stop
Should drop execution time for all tests by about 80%.
Type: test
Signed-off-by: Florin Coras <[email protected]>
Change-Id: Ib6b4ef9fb4e7745a61b40c0b34e53e4046ccdbcc
Tianyu Li [Thu, 8 Dec 2022 02:08:32 +0000 (02:08 +0000)]
 
pppoe: fix memcpy out of bounds with gcc-11 on arm
In function ‘memcpy’,
    inlined from ‘clib_memcpy_fast’ at /home/vpp/src/vppinfra/string.h:86:10,
    inlined from ‘memcpy_s_inline’ at /home/vpp/src/vppinfra/string.h:157:7,
    inlined from ‘vnet_pppoe_add_del_session’ at /home/vpp/src/plugins/pppoe/pppoe.c:356:7:
 error: ‘__builtin_memcpy’ offset [0, 5] is out of the bounds [0, 0] [-Werror=array-bounds]
   34 |   return __builtin___memcpy_chk (__dest, __src, __len, __bos0 (__dest));
      |          ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Cc1: all warnings being treated as errors
Hardware address is zero length vector for PPP, use vec_len instead.
Type: fix
Fixes: 
62f9cdd82c52 ("Add PPPoE Plugin")
Signed-off-by: Tianyu Li <[email protected]>
Change-Id: If9fb409cfbbac77c15559d103987f0130bf30255
aihua2013 [Fri, 21 Oct 2022 02:32:08 +0000 (02:32 +0000)]
 
vppinfra:fix pcap write large file(> 0x80000000) error.
Type: improvement
Signed-off-by: aihua2013 <[email protected]>
Change-Id: I22670f49abfb5d1fd728686fc7d65fb40ea6bda2
Klement Sekera [Mon, 14 Nov 2022 10:26:18 +0000 (11:26 +0100)]
 
tests: improve packet checksum functions
Fool-proof assert_checksum_valid so that one does not verify checksum on
wrong layer (because of how scapy internally works).
Make assert_packet_checksums_valid start checksum checking at inner
layers and outwards to make it more obvious where the error is. With old
behaviour, if one received an ICMP packet carrying a truncated TCP
packet, an error would be raised for ICMP checksum, as that one would be
the first to be wrong after recalculating all packet checksums, while
the real issue is TCP header being truncated and thus unsuitable for use
with this function.
Type: improvement
Signed-off-by: Klement Sekera <[email protected]>
Change-Id: I39a2b50ec5610f969cfde9796416ee3a50ae0ba3
Benoît Ganne [Mon, 19 Dec 2022 17:23:03 +0000 (18:23 +0100)]
 
pci: fix musl crash
The musl libc does not support closedir(0) resulting in a crash. Only
call closedir() if we successfully opened it.
Type: fix
Change-Id: I3198454f44735501047afc42b94b2fea273212f4
Signed-off-by: Benoît Ganne <[email protected]>