gerrit.fd Code Review

l2: handle complete clone fail in l2_flood

vlib_buffer_clone(...) may not manage to produce any buffer clones at
all.

vlib_buffer_clone_256 should not smash the original buffer reference
count if no clones are produced.

Type: fix

Signed-off-by: Dave Barach <dave@barachs.net>
Change-Id: I14d9d53637a220485c7a0036cfc75a4149b264ea
(cherry picked from commit 95e19253320ab07748787f4c8a7620704563f6b8)

misc: check return values from vlib_buffer_copy(...)

vlib_buffer_copy(...) returns NULL if the system is temporarily out of
buffers.

This is NOT correct. Please don't be this person:

c0 = vlib_buffer_copy (vm, p0);
ci0 = vlib_get_buffer_index (vm, c0);

Type: fix
Signed-off-by: Dave Barach <dave@barachs.net>
(cherry picked from commit c25ef58965871ea5d2b40904df9506803f69e47e)
Change-Id: I6cd4f289c4fadc3f36c3203b53546e9a788ef99b

docs: pin down sphinx to avoid crash with Sphinx 3.0.0

Using requirements.txt did not work, just specify the version
in the pip install within the makefile.

For the master and stable/2001,
see change Id98c0f94104e455ea819aacec62f605e53db13ce

Change-Id: I1f6ff53d8d52dc8bad42041932421fc12d7ddebf
Type: fix
Signed-off-by: Aloys Augustin <aloaugus@cisco.com>
Signed-off-by: Andrew Yourtchenko <ayourtch@gmail.com>

virtio: vhost checksum problem for ipv6

When checksum is enable for IPv6, it erroneously set the flag
VNET_BUFFER_F_OFFLOAD_IP_CKSUM. That flag is meant for ip4 packets only.

Type: fix
Ticket: VPP-1857

Signed-off-by: Steven Luong <sluong@cisco.com>
Change-Id: Id03b2937bfa34e2a9b50a36aafe0700bad7fb95e

api: ipsec: add missing IS_INBOUND flag

External IKE daemons need to be able to flag an SA as inbound (just as
the included ike plugin does). This commit adds this flag to the API.
This change is backward bug-compatible as not setting the flag (old
clients) continues to mean all SAs are created as outbound and fib nodes
are created for them. The addition of this flag inhibits this forwarding
node creation as well as properly flagging the SA as inbound.

Ticket: VPP-1845
Type: fix
Signed-off-by: Christian Hopps <chopps@labn.net>
Change-Id: Ifa6fd664587380aa53e95d0e4eb2e1a4b1df7909

misc: fix ip6_neighbor_cmd

The option parsing loop had "break" statements included in each
'if (unformat (line_input, "this-option ...") option_values=xxx;'
statement.

Result: the code would silently ignore all but the first
option. Probably broken forever, not easy to spot because the code
looks OK even though it's badly broken.

Manual cherrypick: the function name has changed, the code has
moved to a different file, and the MAINTAINERS file entry doesn't
exist in 19.08.

Type: fix

Signed-off-by: Dave Barach <dave@barachs.net>
(cherry picked from commit 7249b90ab21c20138907e692dcb6032aea9e2f0f)
Change-Id: Ie06bb083645302848a19ecc9ad2934927de01f62

vppinfra: fix typo in dlmalloc.c

Type: fix

Signed-off-by: Dave Barach <dave@barachs.net>
Change-Id: Idc567717494b4c40c307f20a40d5e10cd26b0a46
(cherry picked from commit 6e6968f06435727e6887abef4669715c9e59de6b)

vppinfra: correct fixed pool header size calculation

Remove duplicate space allocation for the pool header. Not significant
w/ CLIB_CACHE_LINE_BYTES >= 64 since the code rounds the size of the
pool header to an even multiple of the cache line size.

Type: fix

Signed-off-by: Dave Barach <dave@barachs.net>
Change-Id: I923f2a60e7565cf2dfbc18d78264bf82ff30c926
(cherry picked from commit 6e495ce428e110665ee9616e0951015963502cac)

papi: fix socket sendall calls

No point in checking the return value,
as .sendall() raises on error
(and the previous check was missing "not").

Type: fix

Change-Id: I9e07709ddd7093f91ffef87808abbab264b8aa5a
Signed-off-by: Vratko Polak <vrpolak@cisco.com>
(cherry picked from commit 8921dc675458b238fc03c5aed53d3462bcdbdb3c)

vppinfra: manual cherrypick timebase fixes

Gerrit Headline
------ --------
25729  fix corner cases in tw_timer_expire
25763  improve timebase resilience
25837  remove time jump workaround

Automatic cherry-picking failed miserably.

Type: fix
Ticket: VPP-1852

Signed-off-by: Dave Barach <dave@barachs.net>
Change-Id: I460effb2b5f4f19ae4548ef01ca3726b7412bd7f

virtio: fix link up/down flag

Type: fix

"set int state <interface> down" puts the virtio device link
down. It will not put the link in "UP" state, when
"set int state <interface up>" will be used again to change
the interface admin up. This patch fixes it.

To test:
create tap
set int state tap0 up
set int state tap0 down
sh hardware
sh int
set int state tap0 up
sh int
sh hardware

Change-Id: I3c0e31539f8a2a1e40220e7fb57eedecf408f067
Signed-off-by: Mohsin Kazmi <sykazmi@cisco.com>
(cherry picked from commit 529f0e97b6064039c500adce0d54b738954b2ffa)

virtio: fix the out of order descriptors in tx

Type: fix

Some vhost-backends give used descriptors back in
out-of-order. This patch fixes the native virtio to
handle out-of-order descriptors.

Change-Id: I74ba03a2111dc601be4396c0fa800c33db5554b4
Signed-off-by: Mohsin Kazmi <sykazmi@cisco.com>
(cherry picked from commit 7f6d145accc6e63b150ab4efc282f19cbe996b57)

rdma: fix bug related to ring buffer

Fix a bug that caused some input packets to be dropped due to errors of
the type 'ip4 length > l2 length'. The change is related to the second
call to the rdma_device_input_bufs() function that happens when the end
of the ring buffer is reached.

Type: fix
Change-Id: I332d69ab22242b3443a0baca6e5dd86349a54765
Signed-off-by: Elias Rudberg <elias.rudberg@bahnhof.net>
(cherry picked from commit e5ecf3ea4b456afb710f4ed903cd7e4c1ae87859)

mpls: adjust mpls-frag size to account for mpls header

Type: fix

Signed-off-by: John Lo <loj@cisco.com>
Change-Id: I0b3042317c58c5a4d64d82b16f62e70f0461e578

tap: misc fixes

Ticket: VPPSUPP-58

1) Previously, host mtu can't be set if tap interface is in namespace.
2) generate the host mac address, if it is not provided.
3) fix the parameters for tap_create_v2 in vat.
4) fix the pretty print of parameters for tap_create_v2 in custom dump.

Type: fix

Change-Id: I18898af90dbd37d773a40b6535dd9c03c9984679
Signed-off-by: Mohsin Kazmi <sykazmi@cisco.com>

dpdk: TSO does not work for Cisco VIC

While TSO is supported for Intel NIC, Cisco VIC does not work.
The problem is due to txmode offloads is not properly set for
the Cisco VIC when enable-tcp-udp-checksum is configured.

Type: fix
Ticket: VPP-1838

Signed-off-by: Steven Luong <sluong@cisco.com>
Change-Id: I72c41db9b327ed8d08ef70d74e8cc6206d4a102f

avf: Handle chain buffer in TX properly

For chain buffer, need to traverse b->next_buffer to transmit all buffers
in the chain. Only set EOP at the last descriptor in the chain to signal
this is a chain descriptor.

Introduce slow path to handle ring wrap. This is needed because chain
buffer may consist of multiple pieces and it may span from near the end of
the ring to the beginning of the ring.

Type: fix
Ticket: VPP-1843

Signed-off-by: Steven Luong <sluong@cisco.com>
Change-Id: Id7c872f3e39e09f3566aa63f3cdba8f40736d508
(cherry picked from commit f7ab7b2d9bc0f42c1e766d22d49dd0dc4f28abb6)

mactime: remove unnecessary function declaration

Type: fix

Change-Id: I80cb666d9eae9d0f780d51fb95454d97ed320454
Signed-off-by: Neale Ranns <nranns@cisco.com>
(cherry picked from commit bb688a4dc188b097a2dbca91da58fc5585ab6838)

papi: harden socket handling

In the previous implementation of socket transport for PAPI,
socket methods .send and .recv_into were used.
But they are not guaranteed to send/receive all the data
for the full message. The receive part contained a loop,
but it handled only the main message, not the header.

This patch replaces .send with .sendall
and uses newly defined _read_fixed method.

Also, removed Paul from maintainers,
as he is not active much, lately.

Type: fix

Change-Id: Iae1a68bf8f9e666856b7c7d62ebfe22defc5dfe1
Signed-off-by: Vratko Polak <vrpolak@cisco.com>
(cherry picked from commit 6df2c7954126a316f86908526c3bb4d649f06597)

papi: introduce read_blocking

Previously, self.transport.q got the messages
(at least for socket transport), stored in the encoded (packed) form.
In order to avoid accessing internals for async reads,
a new method is introduced, to perform
blocking reads of decoded (unpacked) messages.

The method is also used in _call_vpp(),
so sync and async reads are kept compatible.

Type: feature

Change-Id: Id49792dfa57c00b1a14a198031c5398d09a9ba20
Signed-off-by: Vratko Polak <vrpolak@cisco.com>
(cherry picked from commit 0938547eaaf5440de28877fa4f873c21bcb8cfbf)

api: comment, simplify and fix api socket read

The function vl_socket_read_ready did contain some comments already,
but as they stated, the logic has to be tricky to cover multiple cases.

Comment:
+ Add function-level comment
+ Add comments to describe some of local variables
+ Add many comments to describe internal state at particular lines.

Simplify:
+ Remov mbp_set as it is never needed.
+ Replace msg_len with msgbuf_len to save "+ sizeof (msgbuf_t)".

Improve:
+ Early exit on EAGAIN.

Fix:
+ "n" now only tracks input_buffer.
  Previously, it was entering the detection of additional messages
  even for unprocessed_input.
+ Set up msg_buffer (including appending to unprocessed_input)
  outside full-message-detection loop now,
  so it cannot be executed multiple times as before.

Type: fix
Ticket: VPP-1785

Change-Id: I256e34b435be06844458744a13ea37a0e86a96f9
Signed-off-by: Vratko Polak <vrpolak@cisco.com>
(cherry picked from commit 6a6af6ea1a77b5818e717047b5d01251ef6d024a)

classify: fix "show classify filter" debug CLI

Null pointer bug, memory leak. D'oh!

Type: fix

Signed-off-by: Dave Barach <dave@barachs.net>
Change-Id: Ic2865757ed9cbb7f48d23c7c30b64299eb5f6674
(cherry picked from commit 104112f2d412a4576b5e0d3bbb20665d2b5bd615)

ikev2: correct byte order in api handlers

Type: fix

Signed-off-by: Aleksander Djuric <aleksander.djuric@gmail.com>
Change-Id: I186286b8959ae138528a5171c22d3e1b00f46baf
Signed-off-by: Aleksander Djuric <aleksander.djuric@gmail.com>
(cherry picked from commit 50c99b4a8679e6c0d6f48677a5b91455bb612c86)

classify: "classify filter ..." debug CLI cleanup

The pcap trace filter initial table index lives in
cm->filter_set_by_sw_if_index [0], which corresponds to the "local0"
interface. Debug cli makes sure that folks don't accidentally specify
the "local0" interface. At least it does now...

Fix the "vlib format.c code coverage" test in test/test_vlib.py.

Type: fix
Change-Id: I35320bc2c8f0c6f1f8c12e3529d1938548185151
Signed-off-by: Dave Barach <dave@barachs.net>
(cherry picked from commit 29c6132108be68feb11c8d9bfaaf674cba86ee33)

classify: vpp packet tracer support

Configure n-tuple classifier filters which apply to the vpp packet
tracer.

Update the documentation to reflect the new feature.

Add a test vector.

Type: feature

Signed-off-by: Dave Barach <dave@barachs.net>
Change-Id: Iefa911716c670fc12e4825b937b62044433fec36
(cherry picked from commit 87d24db65facb89ca524c951b8379ca2ec4dbc7a)

vppinfra: fix typo in tw_timer_template.c

Fix minor memory leak

Type: fix
Ticket: VPP-1833
Fixes: 4af9ba1dab

Signed-off-by: Dave Barach <dave@barachs.net>
Change-Id: Id10fba70471ca78f73f14146054f6b12c5d4431f

vppinfra: preserve total_cpu_time across clock freq adjustment

If clib_time_verify_frequency() adjusts the clock frequency, transform
total_cpu_time to the new time coordinate space. Otherwise, we break
comparisons with previous clib_time_now() value.

Without this correction, time jumps in one direction or the other
depending on the sign of the frequency change. Reasonably harmless in
most cases, but under perfect storm conditions the wheels fall off.

Type: fix

Signed-off-by: Dave Barach <dave@barachs.net>
Change-Id: I21802c2630e2c87ff817cd732b7d78bc022cd2d7
(cherry picked from commit e52d8d880ac644f07154bc2fb94035a198ed6688)

pmalloc: always lock pages

Type: feature

Change-Id: I5bbf37969c9c51e40a013d1fc3ab966838eeb80d
Signed-off-by: Damjan Marion <damarion@cisco.com>
(cherry picked from commit 801c7016ad90e5f5618f523b3f9284daee0b696c)

lb: lb_add_del_vip and lb_add_del_as doesn't work.

Ticket: FDIO-753
Type: fix

Change-Id: I4a8cf06970b658dfa15768459a3ff76571d6dfff
Signed-off-by: Hongjun Ni <hongjun.ni@intel.com>
(cherry picked from commit e69f4714323e1f7e7754fef58a2d75949e146317)

vlib: autogenerate <node> before <last-in-arc> constraints

If an arc declaration includes '.last_in_arc = "some-node"', assume
that folks mean it and add explicit ordering constraints.

Fix the "arp" arc declaration which claimed that the arc ends at
arp-disabled, but the arc really ends at error-drop.

Type: fix

Signed-off-by: Dave Barach <dave@barachs.net>
Change-Id: Ie2de1fb30091671cbc7c62770903a2e05987f141
(cherry picked from commit 5f9f3c8de8d5d9f83a437661a98e5cc2453705f9)

ikev2: fix memory leak in child SA

traffic selector vector isn't freed when freeing child SA

Type: fix

Change-Id: Icf6c240db5093f45d141451bad6f6627a61821cf
Signed-off-by: Filip Tehlar <ftehlar@cisco.com>
(cherry picked from commit 99eefc2cfee4f71e1aaad1d420e6d9335072eb2c)

api: configurable binary api client rx pthread fcn

Add vl_client_connect_to_vlib_thread_fn (...) and export the
memory_client_main_t definition.

If you use this new API, make sure not to miss the setjmp / longjmp
dance shown in .../src/vlibmemory/memory_client.c:rx_thread_fn(...),
which is required for the rx pthread to terminate cleanly; please
process client delete reply messages in the rx thread...

Type: refactor

Signed-off-by: Dave Barach <dave@barachs.net>
Change-Id: Ia67038ec59e2e14b174c67afca15b2c3f67a4d20
(cherry picked from commit 920180e5e0722c78c258ff26476fd5efa434032d)

session: extra checks in session validation

Type: fix

Adding few extra checks while doign session validationwq!

Signed-off-by: Srikanth Akula <srakula@cisco.com>
Signed-off-by: Florin Coras <fcoras@cisco.com>
Change-Id: I4d18b5ad97d1802ce38a07aeb56b5f35939c1187
(cherry picked from commit e140d5d0255b80f8dda945daf7202b5698d81d9b)

virtio: feature arc have higher priority than redirect

Type: fix
Fixes: 8389fb9

Change-Id: Ie159eb444b28b36a7af86049b80fba4e49be93cb
Signed-off-by: Damjan Marion <damarion@cisco.com>
(cherry picked from commit 06c194d91b6d2d888ed2b0c5cf0df1cdbc7c53a4)

tcp: improve lost rxt heuristic

Type: feature

- retransmit first unacked segment if newer retransmitted packets
are acked
- avoid spurious retransmits if recovery ends with sacked bytes

Change-Id: Ic1b56d22e025822edb7609afb136e47440ea6032
Signed-off-by: Florin Coras <fcoras@cisco.com>
(cherry picked from commit b3dce89a768aaffa2a830ba6579cd3d9c8cd967a)

session: re-set tx fifo event if out of buffers

Type: fix

Change-Id: I7416e827fbc5c63d082273656441c81dd6246d8a
Signed-off-by: Florin Coras <fcoras@cisco.com>
(cherry picked from commit aa43914df656bbd7340b8dbd68f23f8fe0aabfd5)

lacp: add actor steady state check prior to skip processing lacp pdu

In a rare event, we may be skipping processing lacp pdu's when the it is
not in steady state.

Type: fix

Signed-off-by: Steven Luong <sluong@cisco.com>
Change-Id: I4e4f81dfd4e95433879ee66cdf6edb8d8afbe9b0

fib: refresh adj pointer after fib_walk_sync due to possible realloc

fib_walk_sync may call adj_alloc which may cause adj_pool to expand. When
that happens, any previous frame which still use the old adj pointer needs to
refresh. Failure to do so may access or update to the old adj memory
unintentionally and crash mysteriously.

Type: fix
Ticket: VPPSUPP-54

Signed-off-by: Steven Luong <sluong@cisco.com>
Change-Id: Ia7c6cb03c1ed9ddbbfb12dd42c8abc7f5b3f210c

devices: vhost: fix data offset on input

Regardless of whether the virtio_net_hdr is sent as a separate
descriptors or in the same descriptor as the data, we always want to
skip the header length - maybe moving to the next descriptor along the
way.

Type: fix

Change-Id: Iaa70aeb310e589639b20f8c7029aaa8d3ce5d307
Signed-off-by: Benoît Ganne <bganne@cisco.com>
(cherry picked from commit 5ecc1e4d433a34845c7bfd761dc990413e6c321b)

bfd: reset peer discriminator on timeout

More RFC compliance.

Ticket: VPP-1816 BFD: peer discriminator not reset on timeout
Type: fix

Change-Id: I68063c18097d282b3527e3fb485c1d0d1fd1b0c8
Signed-off-by: Klement Sekera <ksekera@cisco.com>

bonding: Add GSO support

Add GSO support, configurable from the CLI.

Type: feature
Ticket: VPP-1820

Signed-off-by: Steven Luong <sluong@cisco.com>
Change-Id: I65885a071b24c74437e6cfe5eff237b01bc1744b

bonding: process lacp when bond is admin down

Ticket: VPP-1821
Type: fix
Fixes: 6dfd3785e4

When a bond interface is administratively down but the slaves are
up, process inbound LACP packets received over the slaves. This
was the old behavior with bond interfaces in LACP mode and was
altered unintentionally by another change. Restore the old behavior.

Change-Id: I61b0b700211dea4859b6ee447ab83b33197d9d11
Signed-off-by: Matthew Smith <mgsmith@netgate.com>
(cherry picked from commit 854eb6e3ff87ace211a45a8053424d8432bd5755)

fib: Reload the adj after possible realloc (VPP-1822)

Type: fix
Fixes: 418b225931634f6d113d2971cb9550837d69929d

Change-Id: Ia5f4ea24188c4f3de87e06a7fd07b40bcb47cfc1
Signed-off-by: Neale Ranns <nranns@cisco.com>

api: mark api_trace_command_fn thread-safe

Binary API trace replay with multiple worker threads depends in many
cases on worker thread graph replica maintenance. If we (implicitly)
assert a worker thread barrier at the debug CLI level, all graph
replica changes are deferred until the replay operation completes. If
an interface is deleted, the wheels may fall off.

Type: fix
Ticket: VPP-1824

Signed-off-by: Dave Barach <dave@barachs.net>
Change-Id: I9b07d43f8501caa5519e5ff9ae4c19dc2661cc84

fib: Adjacency realloc during rewrite update walk (VPP-1822)

Type: fix

Change-Id: I0e826284c50713d322ee7943d87fd3363cfbdfbc
Signed-off-by: Neale Ranns <nranns@cisco.com>

fib: FIB crash removing labelled route (VPP-1818)

Type: fix

The crash occured trying to retreive a NULL path list to walk the path
extensions. A walk shoul not be required, because there should be no
extensins, since all paths are removed. The problem is that when the
paths were added, they were not sorted, hence neither were the
extensions and when they were updated, duplicate extensions were added,
and hence a path removal did not remove them all.
Fix is to make sure paths are sorted.

Change-Id: I069d937de8e7bc8aae3d92f588db4daff727d863
Signed-off-by: Neale Ranns <nranns@cisco.com>

l2: fix MAC learn counter update on adding MAC entry

Type: fix

Signed-off-by: John Lo <loj@cisco.com>
Change-Id: I711432f589ee4a4527cf795526d3b4031999f71d
(cherry picked from commit b2e73b1dcb8e9eb3bf74a96fff20a9b27f7e6d73)

bonding: drop traffic on backup interface for active-backup mode

For active-backup mode, we transmit on one and only one interface. However,
we might still receive traffic on the backup interface. We should drop them
and strictly process incoming traffic on only the active interface.

Type: fix

Signed-off-by: Steven Luong <sluong@cisco.com>
Change-Id: Idb6b798b30033e84044b151c616be3c157329731
(cherry picked from commit 6dfd3785e4d65418f4330a73bf837912c37b8ec2)

gso: fix the number of buffers required for segmentation

Ticket: VPPSUPP-51
Type: fix

Change-Id: I34d4237eb0644705ce0f523fdd0d6b70308e8bcd
Signed-off-by: Mohsin Kazmi <sykazmi@cisco.com>

fib: Adjacency walk fix for IPv6

Type: fix

Change-Id: Id3a1950e49d5eb1883af06a14df97e98f55162a8
Signed-off-by: Neale Ranns <nranns@cisco.com>
(cherry picked from commit e7ee300923d23b6a6eab42676c8dcce85da89bed)

vxlan: reuse inner packet flow hash for tunnel outer header load balance

Type: fix

Several tunnels encapsulation use udp as outer header and udp src port
is set by inner header flow hash, such as gtpu, geneve, vxlan, vxlan-gbd
Since flow hash of inner header is already been calculated, keeping it
to vnet_buffere[b]->ip.flow_hash should save load-balance node work to
select ECMP uplinks.

Change-Id: I0e4e2b27178f4fcc5785e221d6d1f3e8747d0d59
Signed-off-by: Shawn Ji <xiaji@tethrnet.com>
(cherry picked from commit 623b4f85e6ee4611ae15bb3103fe30725ca977ed)

api: fix dead client scan heap issue

Type: fix

On multiworker setup when an app client dies, the
vec_reset_length call fails the assert in
clib_mem_is_heap_object. Same thing might happen for
the clib_warnings

Change-Id: I369f9d2dbe60407c84994a4e8d25f6df7848ca93
Signed-off-by: Nathan Skrzypczak <nathan.skrzypczak@gmail.com>
(cherry picked from commit 5ed3fe3dd4320a7b4080f18de32ef491b5a1c7f0)

vxlan: fix vxlan hw offload issue

Type: fix

Since Vxlan hw offload jumps the ethernet-input node, so needs to
adjust the data offset accordingly

In original code, the current_data is 0 when arriving vxlan-flow-input
node(due to no graph node before it, except the dpdk-input), so this
code block cannot find the correct vxlan header:
enum
{ payload_offset = sizeof (ip4_vxlan_header_t) };
vlib_buffer_advance (b0, payload_offset);
see code in src/vnet/vxlan/decap.c, function vxlan4_flow_input_node

This patch fixes this issue

Signed-off-by: Chenmin Sun <chenmin.sun@intel.com>
Change-Id: Iab4af7a7dc3b69a117a4c9ea1c59662669a6438c
(cherry picked from commit 1ec9fdbf29aedcdd4040feb635971c3f87a1cfdf)

tcp: fix ip check in lookup validation

Type: fix

Change-Id: Ia18632c8fe22bdcfdf3cb48a4234f8703a7ac1d7
Signed-off-by: Florin Coras <fcoras@cisco.com>
(cherry picked from commit 07df79150f15291af9793397d6182a4168c6bfc5)

ip: IP address and prefix types (moved from LISP)

Type: refactor

Change-Id: I2c6b59013bfd21136a2955442c779685f951932b
Signed-off-by: Neale Ranns <nranns@cisco.com>
(cherry picked from commit ea93e48cf6e918937422638cb574964b88a146b6)

classify: debug cli %v not %s

Type: fix

Signed-off-by: Dave Barach <dave@barachs.net>
Change-Id: I294f0b773375f6dce020b771db0726ceb5d812cc
(cherry picked from commit 3268a64d3c9e60d69b3b12d6c6bf1987394275d2)

vcl: if the ldp user send buf with 0 len, it will assert failed.

Type: fix

Change-Id: I8ff60cf8726c463491c687e170ad0b1026a1303a
Signed-off-by: jiangxiaoming <jiangxiaoming@outlook.com>
(cherry picked from commit ff31ac6809d9913ebd2f58a3a4153a0f419b9a77)

dpdk: fix non-NULL terminated string

Type: fix

Change-Id: Ic221cd4fcad89aece71239ed96152bf0311f3286
Signed-off-by: Benoît Ganne <bganne@cisco.com>
(cherry picked from commit ab9b9a5c0e3257136701cde6cdfdc66c35bf8f3d)

virtio: fix use-after-free

Type: fix

Change-Id: Ic67d9da65d937f56ecf994a5504c6351624b32ff
Signed-off-by: Benoît Ganne <bganne@cisco.com>
(cherry picked from commit 8f011830b2e01dfdbf8449b3145a4dd806b5515f)

vlib: pci: fix non-NULL terminated C-string

Type: fix

Change-Id: I6f25d9295b973ab7133071b6dc325ecd86386898
Signed-off-by: Benoît Ganne <bganne@cisco.com>
(cherry picked from commit 0b91bd6c52460c3bff9ae7b1c0405d258a016c32)

tcp: close session on retransmit failure

Type: fix

Since the connection is closed, also mark the session as closed.

Change-Id: Ica3849c3ff12fa7a65ba64e563a60d6c94f5ceca
Signed-off-by: Florin Coras <fcoras@cisco.com>
(cherry picked from commit 52be67435eb4615b899950b42b8ff72d258fbcb3)

tests: Add UT to test incomplete MPLS adjacencies send ARP requests

Type: test

Change-Id: I81e07233aec54c786e4e9beb8c4f06d0a3dca90f
Signed-off-by: Neale Ranns <nranns@cisco.com>
(cherry picked from commit 1976f36b09ead86874feb630277dfaeceed9c0fe)

interface: send proper link/admin status in event

Type: fix

Change-Id: I7cba9f911abe1ae82d8381a48f65e81b615ede76
Signed-off-by: Alexander Chernavin <achernavin@netgate.com>
(cherry picked from commit aa27dcb84cb312277370b77370a69b2a3596c4c5)

vcl: Handle newer Glibc (>2.28) where fcntl is actually fcntl64

Glibc 2.28 now provides fcntl64 which is used instead of fcntl
by defining fcntl as fcntl64 in fcntl.h

Type: fix

Change-Id: I87fedfbf3e0d241aafdc920e90f824d71353e0e6
Signed-off-by: Carl Smith <carl.smith@alliedtelesis.co.nz>
(cherry picked from commit e16707b5b2195fda47c1a3db7ba61f30055d2dbc)

vcl: fix nonblocking accept with >1 event in the queue

We discard unwanted events until we get an ACCEPTED.
But if we are non-blocking we need to check the queue
length every time and EAGAIN if empty before waiting.

Type: fix

Signed-off-by: Carl Smith <carl.smith@alliedtelesis.co.nz>
Change-Id: Ie0c7e5cb00f0d37d2e1534f8bb384221ff56f2e3
(cherry picked from commit 592a909a302262cf4088a5468b8e427f577725e8)

crypto: not use vec api with opt_data[VNET_CRYPTO_N_OP_IDS]

opt_data is defined as a array, while in some code, e.g., function
vnet_crypto_get_op_type, it's used as vec.
vec api is not applicable to static arraies.

src/vnet/crypto/crypto.h:234:70: error: address of array 'cm->opt_data' will always evaluate to 'true' [-Werror,-Wpointer-bool-conversion]
vnet_crypto_op_data_t *od = ({ do { if ((0 > 0) && ! ((id) < ((cm->opt_data) ? (((vec_header_t *) (cm->opt_data) - 1)->len) : 0)))

Type: fix

Change-Id: I0b6754406e4216ca975bc1da4b5d4ce293a9bb45
Signed-off-by: Lijian Zhang <Lijian.Zhang@arm.com>
(cherry picked from commit b15d796dbf1da6a229df4e10a3a2bdd700f0354e)

svm: improve fifo segment verbose cli

Type: feature

Also make sure that size for dlmalloc allocated private segments is
accurate.

Change-Id: I6ec81ff99a13dd29b9664d768835a68019f0c96c
Signed-off-by: Florin Coras <fcoras@cisco.com>
(cherry picked from commit f8461bfb4822ca20f64df19dfbb3170e99f7e89d)

vcl: fix epoll connected events sid

Type: fix

Use sid returned by vcl_session_connected_handler instead of trying to
infer it from vpp session handle.

Change-Id: Ic0fbb90ec2bd851b435fc3f2a34265ac9a8ab29f
Signed-off-by: Florin Coras <fcoras@cisco.com>
(cherry picked from commit f1653e62fe41e3df429aadaaab22d0cc8aaa227a)

tcp: validate the IP address while checking TCP connection

Type: feature

Along with the port information, we need to validate the IP address details as well.
This is very useful in the case port re-use scenario

Signed-off-by: Srikanth Akula <srakula@cisco.com>
Change-Id: I11e1ebcd3e56aae47ac235a89606a83c928aa6bb
(cherry picked from commit cf4c2102d9dc3ccc939cca1137b24a75341f1b0c)

session tcp: refactor pacer time

Type: refactor

Change-Id: Ic1c3e1f7987702cd88972acc34849dc1f585d5fe
Signed-off-by: Florin Coras <fcoras@cisco.com>
(cherry picked from commit a8e71c8981f039588a7ca94e6ab66b4ebac784a5)

tests: test tls case

Type: feature

Signed-off-by: haiyanx1.zhang <haiyanx1.zhang@intel.com>
Change-Id: I071f5face0d489dc967cce1edcffbc1f8fac5c7e
Signed-off-by: haiyanx1.zhang <haiyanx1.zhang@intel.com>
(cherry picked from commit 419d31f817af0436c699c0b565e2d6a058c487db)

tests: add cli_return_response to vpp_papi_provider

To improve gcov/lcov code coverage stats, it's necessary to send
incorrect debug CLI commands; to force vpp into debug CLI error paths.

cli_return_response() sends commands and returns the response object,
so test vectors can handle failures.

Type: feature

Signed-off-by: Dave Barach <dave@barachs.net>
Change-Id: I4fab591c9d2e30c996f016e18e4fd69b9c5bed06
(cherry picked from commit 5932ce17e128c096fcc56eb04b27e780da3cf255)

ipsec: fix trailing data overflow

IPsec writes trailing data at the end of the buffer without checking
if there is enough space. If the packet length equals buffer size this
leads to rewiting of the next buffer header in the pool.

Type: fix

Change-Id: Iceb27bb724c7243863a4b532aad0808051b7d74c
Signed-off-by: Filip Tehlar <ftehlar@cisco.com>

crypto: do not crash if no crypto engine loaded

Do not overflow ops_handlers vector.

Type: fix

Change-Id: I8d5e7fb8125a7bd87ecfe6f4f1390fb9f43dad8f
Signed-off-by: Benoît Ganne <bganne@cisco.com>
(cherry picked from commit 6545df7913b53d71415c7c9643cb824c2ffbaaa7)

session: unify buffer tx dispatching

Type: refactor

Use pending tx buffer vector to postpone dispatching of all buffers,
i.e., either generated as a result of tx events or custom tx event.

Change-Id: Ic5894c4653c338cfb04555d20857f954b245ee83
Signed-off-by: Florin Coras <fcoras@cisco.com>
(cherry picked from commit 8a754f1a55fb16a4d42efd5c606e5a07b4afffe9)

fib: Copy the prefix before use in case the underlying entry reallocs.

Type: fix

all other uses of the fib_entry_get_preifx in the code base don't pass
the prefix into recursive functions.

Change-Id: Ic1c56acd406a733b215ee2fd98b6bed58b490a4f
Signed-off-by: Neale Ranns <nranns@cisco.com>
(cherry picked from commit 320dfcf2aa8f4617b51a2bb15f3d0f93ee62d4dc)

gtpu: check packet has enough data for gtpu header

Type: fix

Change-Id: I604e4dd2b29962bfcd8e950a0074637dab53c79e
Signed-off-by: Benoît Ganne <bganne@cisco.com>
(cherry picked from commit 318fbfe89d4143824cec1ed81f9f7fbcddc21639)

bonding: fix non-null terminated vector

Type: fix

Change-Id: Iea7d73a304236b525b95bdad3bfdb41e711f8cdb
Signed-off-by: Benoît Ganne <bganne@cisco.com>
(cherry picked from commit a03c7d5b9280e1cd5d89cb7cc15bd05b56062c95)

vlib: fix handoff queue sequencing bug

Set vm->check_frame_queues after actually enqueuing a frame. Under
obscure circumstances, the code managed to set check_frame_queues so
far in advance that 100 dispatch cycles could elapse before the frame
enqueue succeeded. That resulted in permanent lack of queue service.

Type: fix
Ticket: VPP-1734
Fixes: 18191

Signed-off-by: Dave Barach <dave@barachs.net>
Change-Id: If2d398202b4ba2b96581d25e8142daef3f74c9e5
(cherry picked from commit 320998a8126766c0db92d9c7652f765f9565a7b5)

tcp: avoid retransmits post reset

Type: fix

Change-Id: Ib6a8f5ca597389700e5746f089a5cec7eee65ab5
Signed-off-by: Florin Coras <fcoras@cisco.com>
(cherry picked from commit fd4c3fe364becc02527ed5f9088d904c7bc34a6f)

rdma: fix name auto-generation on create

When creating rdma interface without specifying a name, we need to
generate one instead of NULL.

Type: fix

Change-Id: If41870691dec47e8e673d48ac4b4ddffd2385a03
Signed-off-by: Benoît Ganne <bganne@cisco.com>
(cherry picked from commit a50892e1504401e243076f08d9077675eb0b030e)

tap: fix cli parser

Type: fix

Change-Id: I38ee9efd23774cce7790565825527cca9ba6f200
Signed-off-by: Damjan Marion <damarion@cisco.com>
(cherry picked from commit 0ba86cb1bdcc273ebc3d5a92f765639a64894a7a)

dpdk: ipsec gcm fixes

- Fix AAD initialization. With use-esn the aad data consists of the SPI
and the 64-bit sequence number in big-endian order. Fix the u32 swapped
code.

- Remove salt-reinitialization. The GCM code seems inspired by the GCM
RFCs recommendations on IKE keydata and how to produce a salt
value (create an extra 4 octets of keying material). This is not IKE
code though and the SA already holds the configured salt value which
this code is blowing away. Use the configured value instead.

Type: fix

Change-Id: I5e75518aa7c1d91037bb24b2a40fe4fc90bdfdb0
Signed-off-by: Christian Hopps <chopps@labn.net>
(cherry picked from commit d58419f19b33560d224471bc16674a525427308e)

crypto: fix crypto perf unittest crash

Type: fix

crypto perf test crashes for key size different than 16 bytes.
This patch fixes the issue

Signed-off-by: Fan Zhang <roy.fan.zhang@intel.com>
Change-Id: Ic8a8ca83ca189c879815dc5d065b8c6f7826cd41
(cherry picked from commit bc2e640db7533394a3de7bdffd78fadf2a2ffd9f)

svm: fix byte accounting when allocating fifo header

Type: fix

Change-Id: Ie50625271d257da814445ce13c2e6cd98986d523
Signed-off-by: Florin Coras <fcoras@cisco.com>
(cherry picked from commit c9dff181c8d135b95a12297c44bb4aa87b95b21d)

tests: make threads in punt tests join when finished

The 42693521f6046997133c8f63bcfc9d615d96f69d added the timeout
to the child process join + print the name of the offending
child process.

Upon testing the issue furher, appeared the offenders were
always the same - punt tests. The processes running them
were stuck trying to acquire lock, even if all
the user-accessible execution has finished. Some searching
revealed that one needs to tread carefully when dealing
with Thread and Multiprocessing at the same time.

punt tests used threads but did not call thread.join. Somehow
it worked in some cases but not the others. This fix makes
the threads exit cleanly - which also makes the timeouts
waiting for the process to join disappear.

Type: test
Signed-off-by: Andrew Yourtchenko <ayourtch@gmail.com>
Change-Id: I05d99bb48a9987544bbfe45118755c09d7867aa0
Signed-off-by: Andrew Yourtchenko <ayourtch@gmail.com>
(cherry picked from commit 3f8c87132d63c14f1ba90d7db6cf2a2aba0f8cb9)

nat: NAT udp counter & unit test fixes

Ticket: VPP-1798
Type: fix

Change-Id: I42f02d5824575720e95b9fc99cfa864252221a82
Signed-off-by: Filip Varga <fivarga@cisco.com>
(cherry picked from commit 5854b43de4c04a7c52b0cf03cd548c9cac86c325)

tcp: correct validity check return value

Type: fix

Signed-off-by: Ryujiro Shibuya <ryujiro.shibuya@owmobility.com>
Change-Id: Ib59bf664d8da20516d8f16d716c5e8698675da4b
(cherry picked from commit 3ea17d54a9a00c81bc672a7be1d48b765ac87ed2)

tests: support setting random seed

Log the random seed used when running tests and provide means to re-use
it in a later run.

Type: feature

Change-Id: I18d2a36ee802b901d4cca5577df41cec07f09cc0
Signed-off-by: Klement Sekera <ksekera@cisco.com>
(cherry picked from commit 45a95dd782b91e9ae5665b5f95be4b6d7f99b879)

libmemif: reset number of queues on disconnect

Type: fix

Signed-off-by: Jakub Grajciar <jgrajcia@cisco.com>
Change-Id: If4df47b1109ac90d4d5834b3aa7d326f6b3761d2
(cherry picked from commit 718a19b8f9aa3dca26aaf4eb6bd9f60eb6376d30)

tests: avoid test runner hanging on child test process join

In parallel test, the single process is spawning
a bunch of child processes running the tests,
and communicates to them. When the child process
signals that it has finished, the parent calls
child.join(). Sometimes this join never returns.
The result is a lot of defunct python processes,
and the test run just hangs.

I have seen this failure intermittently a fair bit
in a busy containerized environment, and by chance,
consistently reproduced it on a Thinkpad X280
with 8G of RAM and Ubuntu 19.04, which allowed
to diagnose it.

Type: test
Signed-off-by: Andrew Yourtchenko <ayourtch@gmail.com>
Change-Id: If0a3110fc2d23e73d77c310d61c3ea90a2b53610
(cherry picked from commit 42693521f6046997133c8f63bcfc9d615d96f69d)

ipsec: ipsec-input: check for too-short packets

Make sure packet is big enough before processing it.
Policy matching is done speculatively but is discarded if packet is too
short.

Type: fix

Change-Id: I647db2c4e568b0d9bf2cfd5056e1b1c2e25132fe
Signed-off-by: Benoît Ganne <bganne@cisco.com>
(cherry picked from commit f7f49640bbb4339d71f8b713b04b8f401d5fc270)

vlib: fix for vlib_node_add_next_with_slot

- vlib_node_add_next_with_slot was not cleaning the old next node
references to the given slot when replacing it with new next node. This mostly
worked until one tried to set the slot to a previously (but not currently) used
next node for that slot.

Type: fix

Signed-off-by: Christian Hopps <chopps@labn.net>
Change-Id: I7ee607625da874e320158b80f12ddc16e377f8e9
(cherry picked from commit 2e8b0618b12d317f2a4632e69a0663dcd8dde472)

mpls: number of mpls tunnel paths returns zero

The number of paths on the mpls tunnel returned through the bapi is
always zero. Doing a ntohl on a uint32 and poking it into a uint8 causes the problem.

Type: fix
Signed-off-by: IJsbrand Wijnands <ice@cisco.com>
Signed-off-by: Andrew Yourtchenko <ayourtch@gmail.com>
Change-Id: I4135ad43a891e7818ca673c8067ef1f11cb34530
(cherry picked from commit bf103d99e651f3b221361f6d964ae84870fd7a6b)

session: reschedule asap when snd space constrained

Type: feature

Improves fairness for sessions that are snd space or pacer constrained.

Change-Id: Ida5f523090f1dcbfb17bf5116bc7917747ac8593
Signed-off-by: Florin Coras <fcoras@cisco.com>
(cherry picked from commit dd97a48d9fac91c7f16a31aa661dd6c968c3b760)

vlib: Handle race in thread barrier processing

When CLIB_DEBUG is enabled, vlib_foreach_main macro asserts that
vlib_main it currently looks at is safely parked in barrier, by
checkling that vlib_main->parked_at_barrier is not 0.
Unfortunately, the check is racy - workers first increment the
atomic counter to indicate that they have reached the barrier
and _then_ set this_main->parked_at_barrier to 1. For the last
worker to suspend this opens the race - main thread is free
to execute and assert immediately after atomic counter has been
incremented, before worker gets to write to own parked_at_barrier.

Fix this by simply swapping the order of two operations.

Type: fix

Signed-off-by: Alexnader Kabaev <kan@FreeBSD.org>
Signed-off-by: Andrew Yourtchenko <ayourtch@gmail.com>
Change-Id: Iae47abd6ca0be1c5413f5ecaefabc64cd7eac2ed
(cherry picked from commit feda545105106d673fdca61028331c86eeb1f408)

tls: fifo size is u32

- unformat_memory_size() writes to a uword *
- Limit cli input to u32

Type: fix

Signed-off-by: Dave Wallace <dwallacelf@gmail.com>
Change-Id: I453a5633e04f9ee6f2f1a843634f99063a81579b
(cherry picked from commit b1a81aa67942aa1b5a97a4199310c9ffeaab1f5f)

tests: decode worker stdout/stderr output

Type: fix

Signed-off-by: Dave Wallace <dwallacelf@gmail.com>
Change-Id: I309254e9e99920fbeaa50eea503c1c2a9470abfe
(cherry picked from commit 97ea2f4ec0ec337a4d391f5225e89d12ba2ddb38)

vcl: handle segment map errors

Type: fix

Change-Id: Ibd122a4565c067627c4bbc8cac7df2d5b6497392
Signed-off-by: Florin Coras <fcoras@cisco.com>
(cherry picked from commit dbc9c599b9d4453c7433ac59dd21f088778e024b)

session tcp: infra for transports to send buffers

Type: feature

Add infra that allows transpors to enqueue pending buffers without the
need to build and manage their own pending frames. An important benefit
is the fact that buffer wire/tx ordering is ensured by session layer.

Change-Id: I764fd1693d610b321a1d0c84b648a314f14583db
Signed-off-by: Florin Coras <fcoras@cisco.com>
(cherry picked from commit 2a7ea2ee92d6dc4800ee21323d3324a9e8449dcf)