Benoît Ganne [Tue, 18 Jan 2022 14:56:41 +0000 (15:56 +0100)]
ipsec: fix AES CBC IV generation (CVE-2022-46397)
For AES-CBC, the IV must be unpredictable (see NIST SP800-38a Appendix
C). Chaining IVs like is done by ipsecmb and native backends for the
VNET_CRYPTO_OP_FLAG_INIT_IV is fully predictable.
Encrypt a counter as part of the message, making the (predictable)
counter-generated IV unpredictable.
Fixes: VPP-2037
Type: fix
Change-Id: If4f192d62bf97dda553e7573331c75efa11822ae
Signed-off-by: Benoît Ganne <bganne@cisco.com>
Juraj Linkeš [Thu, 27 May 2021 10:41:37 +0000 (12:41 +0200)]
dpdk: disable i40evf in favor of iavf patch
Fix an issue where multiple VPP instances with DPDK starting at the
same time would not initialize VFs properly. This is done by using the
iavf PMD (where the issue can't be reproduced) instead of the i40evf
PMD.
Type: fix
Ticket: VPP-1943
Signed-off-by: Juraj Linkeš <juraj.linkes@pantheon.tech>
Change-Id: Idcc48088c7d66a76da2b4675c02c7c115706c8b3
Filip Tehlar [Fri, 4 Dec 2020 17:38:11 +0000 (17:38 +0000)]
ikev2: test responder behind NAT
Type: test
Ticket: VPP-1903
Change-Id: I7fab6931833d6e253b7b921172825387302d8f70
Signed-off-by: Filip Tehlar <ftehlar@cisco.com>
(cherry picked from commit
027d813a509be0f30e05b48b888007b0094e4faf)
Dave Barach [Wed, 20 Jan 2021 17:20:13 +0000 (12:20 -0500)]
docs: vpp stateless traffic generator
Add a use-case writeup.
Type: docs
Signed-off-by: Dave Barach <dave@barachs.net>
Change-Id: Ib6e79e80455edbdeedcc96943dd98f16c57c559e
(cherry picked from commit
b8f6122b4f4c828dee103d1f3116d27e6e3e6f3a)
Dave Wallace [Thu, 14 Jan 2021 21:46:49 +0000 (16:46 -0500)]
build: add missing openssl-devel package for centos-8 vpp-ext-deps
- In a new centos-8 installation, vpp-ext-deps fails on missing
ssl.h header file after 'make install-deps'.
Type: fix
Signed-off-by: Dave Wallace <dwallacelf@gmail.com>
Change-Id: I521d817dd1f1e21aff427d98b9832ea7c7b89339
Paul Vinciguerra [Tue, 24 Mar 2020 20:37:40 +0000 (16:37 -0400)]
docs: update list of plugins
The list of plugins is outdated.
This change introduces a dynamically
generated list of the plugins along with their descriptions,
extracted directly from the sources.
Type: docs
Change-Id: Icb7b65e6b45289e257d71a1c18d10f62ced59cbe
Signed-off-by: Paul Vinciguerra <pvinci@vinciconsulting.com>
(cherry picked from commit
630ca994e0ff210a3de80d73bb395c931d2fd83f)
Paul Vinciguerra [Fri, 3 Apr 2020 03:50:25 +0000 (23:50 -0400)]
docs: fix missing quotes in ubuntu install instructions
type: docs
Change-Id: Ifa09b63924f4b7bf2719bba6ada0e1122407641c
Signed-off-by: Paul Vinciguerra <pvinci@vinciconsulting.com>
(cherry picked from commit
ac9a585c6207ac876025f924aeb96ddcac8c8805)
Elias Rudberg [Tue, 8 Dec 2020 13:21:19 +0000 (14:21 +0100)]
nat: avoid hairpinning infinite loop problem
Fix in nat44 hairpinning code to check if anything was actually
changed in the snat_hairpinning() routine, and return 0 if nothing
changed. This helps avoid an infinite loop repeating the three
nodes nat44-hairpinning-->ip4-lookup-->ip4-local in case there
was no change. Also add a corresponding test case.
This is essentially a cherry-pick of change 30284 but the
automatic cherry-picking did not work because of some filename
changes.
Type: fix
Signed-off-by: Elias Rudberg <elias.rudberg@bahnhof.net>
Change-Id: I21a59ae7423f40abeff9fc0411330da58b3011f0
Dave Wallace [Tue, 8 Dec 2020 15:50:08 +0000 (10:50 -0500)]
build: fix centos-8 'make install-deps' enable PowerTools repo
- The name of the powertools repo was changed [0]
in centos-8 from 'PowerTools' to 'powertools'.
Retrieve the correct name from 'dnf repolist all'
instead of hard coding it.
[0] https://git.centos.org/rpms/centos-repos/c/
b759b17557b9577e8ea156740af0249ab1a22d70
Type: fix
Signed-off-by: Dave Wallace <dwallacelf@gmail.com>
Change-Id: Ic1402e671eb1d70dec429bab82ad18d8251f4eef
(cherry picked from commit
1affb31ef528dcbc90b718bd70a9882a4225a385)
Filip Tehlar [Tue, 1 Dec 2020 14:51:09 +0000 (14:51 +0000)]
ikev2: fix nat traversal
Type: fix
Change-Id: Ie723cf680745ec2292a15e2df05c1821436dba19
Signed-off-by: Filip Tehlar <ftehlar@cisco.com>
(cherry picked from commit
18107c974c24a708e309542d1dbf4a52acc70b08)
Ole Troan [Wed, 21 Oct 2020 09:55:28 +0000 (11:55 +0200)]
stats: missing dimension in stat_set_simple_counter
A simple counter is a two dimensional array by threads and
counter index. 28017 introduced an error missing the first
dimension.
If a vector is updated at the same time as a client reads,
an invalid pointer my result. This will be caught by the
optimistic locking after copying out the data, but if
following a pointer outside of the stat segment then
the stat client would crash. Add suitable boundary checks
for access to stat memory segment.
Fixes:
7d29e320fb2855a1ddb7a6af09078b8ed636de01
Type: fix
Signed-off-by: Ole Troan <ot@cisco.com>
Change-Id: I94f124ec71d98218c4eda5d124ac5594743d93d6
(cherry picked from commit
65c56c83ce4e58178b5ad90a8f325692c9904381)
Signed-off-by: Elias Rudberg <elias.rudberg@bahnhof.net>
Mohammed Hawari [Tue, 24 Nov 2020 17:36:33 +0000 (18:36 +0100)]
rdma: fixed UAR writing at tx
Change-Id: Id81b4d27845c4e91cef90a4b8649662942d3cba1
Signed-off-by: Mohammed Hawari <mohammed@hawari.fr>
Type: fix
(cherry picked from commit
3ef653aa886e6a07afba106b4f03c40e392e1307)
Neale Ranns [Fri, 20 Nov 2020 13:05:59 +0000 (13:05 +0000)]
ip-neighbor: Send API event when neighbor is removed
Type: fix
Signed-off-by: Neale Ranns <neale.ranns@cisco.com>
Change-Id: I9952497a108bac26445af95c28d4eed46099c2fc
Filip Tehlar [Sat, 21 Nov 2020 21:30:45 +0000 (21:30 +0000)]
ikev2: better handling when no IKE DH configured
Type: improvement
Change-Id: I4289d20adaa3f2872889d5dbaafd9c025df8aca8
Signed-off-by: Filip Tehlar <ftehlar@cisco.com>
(cherry picked from commit
e1ab06c14deaff5cc0870f7ec76f36613ffcc2d3)
Filip Tehlar [Thu, 19 Nov 2020 21:34:48 +0000 (21:34 +0000)]
ikev2: fix issue when sending multiple requests at once
Type: fix
Change-Id: I8ed556de4370a03d10c56cce101cd5ea0d0aaf8b
Signed-off-by: Filip Tehlar <ftehlar@cisco.com>
(cherry picked from commit
38340fa32c96e9c6cb1593f03117dd504efbd5f4)
Benoît Ganne [Thu, 12 Nov 2020 09:29:23 +0000 (10:29 +0100)]
ikev2: respect punting only for ipv4
IPSec punting to IKEv2 is valid only for NAT-T in IPv4.
Fix coverity CID 214915.
Type: fix
Change-Id: I6f2db38abf179565316f50c5d47c78acce3a0d01
Signed-off-by: Benoît Ganne <bganne@cisco.com>
(cherry picked from commit
d9ed0b67866fa6b8a5f449fdb8da8d6aacb5f225)
Filip Tehlar [Tue, 10 Nov 2020 09:32:13 +0000 (09:32 +0000)]
ikev2: fix memleak when tunnel protect fails
Type: fix
Change-Id: I1d278fc2b03b948c054ff1686315635ac0278ae8
Signed-off-by: Filip Tehlar <ftehlar@cisco.com>
Signed-off-by: Benoît Ganne <bganne@cisco.com>
(cherry picked from commit
727082016f8822edcf40662d0059d3e8fab5e2ef)
Filip Tehlar [Mon, 9 Nov 2020 13:23:24 +0000 (13:23 +0000)]
ikev2: add tests for DPD
Type: test
Change-Id: I9c1129a8596344551f3f8f2e029846d22511482e
Signed-off-by: Filip Tehlar <ftehlar@cisco.com>
(cherry picked from commit
2008e314537500975acbd666e38d3fa6e7261bf5)
Filip Tehlar [Sat, 31 Oct 2020 02:17:16 +0000 (02:17 +0000)]
ikev2: fix msg IDs generation
Type: fix
Change-Id: Id922895c269f0d2450e55fcb6871b6857f443462
Signed-off-by: Filip Tehlar <ftehlar@cisco.com>
(cherry picked from commit
f6b02e0d0bfd7e0f1d79e8ee426f48ca37ae5ff3)
Filip Tehlar [Fri, 6 Nov 2020 11:00:42 +0000 (11:00 +0000)]
ikev2: fix udp encap
Type: fix
Change-Id: I8c66f79f2d8cfff7c6d45e1fc5b529ffb3941491
Signed-off-by: Filip Tehlar <ftehlar@cisco.com>
(cherry picked from commit
67b8a7fa76d8ec2d73f1b2380e11bf8e2793448e)
Filip Tehlar [Fri, 30 Oct 2020 04:47:44 +0000 (04:47 +0000)]
ikev2: add option to disable NAT traversal
Type: feature
Ticket: VPP-1935
Change-Id: I705f84047b112279377590157a1c7b4a34f693d2
Signed-off-by: Filip Tehlar <ftehlar@cisco.com>
(cherry picked from commit
d7fc12f07313f9147159f2562f6fcc928af7a963)
Filip Tehlar [Fri, 30 Oct 2020 05:28:11 +0000 (05:28 +0000)]
ikev2: fix reply during rekey
Type: fix
Change-Id: If87f4b8ae92508215fe91178958fe2ddb91e5a35
Signed-off-by: Filip Tehlar <ftehlar@cisco.com>
(cherry picked from commit
68ad6258374201ba8f0dc052e6f44d6250555249)
Filip Tehlar [Fri, 30 Oct 2020 05:59:55 +0000 (05:59 +0000)]
ikev2: increase tick interval in process node
This helps to resolve sporadic failures in unit tests.
Type: fix
Change-Id: I3abd77ed74310f9729a841e8569eafe6d7758dcb
Signed-off-by: Filip Tehlar <ftehlar@cisco.com>
(cherry picked from commit
761f8f0eaaf43f38fdd9d160ba19ff833de7d210)
Filip Tehlar [Fri, 30 Oct 2020 05:52:19 +0000 (05:52 +0000)]
ikev2: cli for disabling dead peer detection
Type: feature
Change-Id: I0db0a9b2f872753fa64d27335838cb34645a9ee8
Signed-off-by: Filip Tehlar <ftehlar@cisco.com>
(cherry picked from commit
af4a414eb74d1456121023e6b3aa76af6c16f89a)
Filip Tehlar [Fri, 30 Oct 2020 05:00:18 +0000 (05:00 +0000)]
ikev2: fix memory leak
Type: fix
Change-Id: I33c38c791cc9a28898de402ae831c4862073eb2d
Signed-off-by: Filip Tehlar <ftehlar@cisco.com>
(cherry picked from commit
b8bc2f1ef3332a795880f11f1c45a77b1b7851f6)
Filip Tehlar [Sat, 10 Oct 2020 04:39:11 +0000 (04:39 +0000)]
ikev2: support sending requests from responder
Type: improvement
Ticket: VPP-1894
Change-Id: I5a24a48416bca2ffbd346cdaa813fb25801e6c9b
Signed-off-by: Filip Tehlar <ftehlar@cisco.com>
(cherry picked from commit
edf2900ac633ae0d8575b04094b1bca40e1a221f)
Filip Tehlar [Wed, 7 Oct 2020 23:52:37 +0000 (23:52 +0000)]
ikev2: fix setting responder/initiator addresses
Type: fix
Change-Id: Ic406aa914d92e802a5fb0f27c2ffa1b98db012b0
Signed-off-by: Filip Tehlar <ftehlar@cisco.com>
(cherry picked from commit
ec112e5a9eb708c1ee85faf569fef6fa40178294)
Filip Tehlar [Wed, 7 Oct 2020 19:17:00 +0000 (19:17 +0000)]
ikev2: prevent crash after no IP address
Type: fix
Ticket: VPP-1900
This fixes a crash when initiating IKE connection using interface
without any IP address.
It also ensures that the IKE connection is automatically retried once the
interface obtains an address.
Signed-off-by: jan_cavojsky <Jan.Cavojsky@pantheon.tech>
Signed-off-by: Filip Tehlar <ftehlar@cisco.com>
Change-Id: Ia1919c349e64b3a0a4198365e075e177e3ba3de5
(cherry picked from commit
6960da528443ea40b1cdab323c76f978f7b16a8b)
Filip Tehlar [Wed, 23 Sep 2020 11:20:12 +0000 (11:20 +0000)]
ikev2: fix initial contact cleanup
When looking for existing SA connection to clean up search all per
thread data, not only current one.
Type: fix
Change-Id: I59312e08a07ca1f474b6389999e59320c5128e7d
Signed-off-by: Filip Tehlar <ftehlar@cisco.com>
(cherry picked from commit
e7c8396982607634b4c747870499671ffa53868e)
Filip Tehlar [Tue, 6 Oct 2020 08:04:10 +0000 (08:04 +0000)]
ikev2: fix coverity warning
Type: fix
Change-Id: Iee96b3ea3e71ec248c3c3c98d153a08372b5faf0
Signed-off-by: Filip Tehlar <ftehlar@cisco.com>
(cherry picked from commit
dc6378f71bc7c9835845a91dbbc1646ea46df51e)
Filip Tehlar [Mon, 5 Oct 2020 12:30:44 +0000 (12:30 +0000)]
ikev2: fix memory leak in auth routine
Type: fix
Change-Id: I93529b069925fcef32cdb22e27975b802b4c3b97
Signed-off-by: Filip Tehlar <ftehlar@cisco.com>
(cherry picked from commit
623d87fd39c53e2f4d8718014e76836fe07c4245)
Filip Tehlar [Tue, 8 Sep 2020 06:08:05 +0000 (06:08 +0000)]
ikev2: support ipv6 traffic selectors & overlay
Ticket: VPP-1917
Type: feature
Change-Id: Ie9f22e7336aa7807b1967c48de9843df10fb575c
Signed-off-by: Filip Tehlar <ftehlar@cisco.com>
(cherry picked from commit
84962d19ba76eafd5c7658aa86ec61c9b81f7702)
Filip Tehlar [Sat, 26 Sep 2020 16:47:13 +0000 (16:47 +0000)]
ikev2: refactor ikev2 node
Type: refactor
Change-Id: I65acbd5d9724c500a24699de973df08016d9d8d6
Signed-off-by: Filip Tehlar <ftehlar@cisco.com>
(cherry picked from commit
3434cb8fe379791050a85617775bb518cdd0eb5d)
Filip Tehlar [Thu, 16 Jul 2020 07:25:56 +0000 (07:25 +0000)]
ikev2: better packet parsing functions
Ticket: VPP-1918
Type: improvement
Change-Id: I2bc3e30121697404dcd54f1c2127bd85ccc1029e
Signed-off-by: Filip Tehlar <ftehlar@cisco.com>
(cherry picked from commit
558607dc3a96232191f413b9bc894524ff85f2a1)
Filip Tehlar [Mon, 17 Aug 2020 10:59:23 +0000 (10:59 +0000)]
ikev2: show IKE SA command improvements
Ticket: VPP-1898
Type: improvement
Change-Id: I1c56df331965c733a2d0eae63a12d5a4ee5a2e41
Signed-off-by: Filip Tehlar <ftehlar@cisco.com>
(cherry picked from commit
90690f1e8f39904990b4eeeb7851b248a9c908f3)
Benoît Ganne [Wed, 25 Nov 2020 15:43:13 +0000 (16:43 +0100)]
dns: use correct per-thread vlib_main
Using vlib_main of another thread is prohibited.
Type: fix
Change-Id: I7ae294dfaf2526738e91408c9b4865ef9f801b8a
Signed-off-by: Benoît Ganne <bganne@cisco.com>
(cherry picked from commit
7483a7272d15354486371be7a20c4bf35ab2eb38)
Benoît Ganne [Wed, 25 Nov 2020 12:51:33 +0000 (13:51 +0100)]
syslog: use per-thread vlib_main
We should not use main thread vlib_main in workers.
Type: fix
Change-Id: I58c0a8cadf2dc7f768b20ac90e7ec7921e2e8ca4
Signed-off-by: Benoît Ganne <bganne@cisco.com>
(cherry picked from commit
0a2fde105a5a0c996333d67d2901b4eaedf7cbe1)
Benoît Ganne [Wed, 25 Nov 2020 12:53:21 +0000 (13:53 +0100)]
dns: fix double-unlock
dns cache should no longer be unlocked by caller.
Type: fix
Fixes:
84a563ae4050cc0389dcd438fbe9ea882f2b8404
Change-Id: I3708718ae8f00e4e4f4e04381caa0095c8494b82
Signed-off-by: Benoît Ganne <bganne@cisco.com>
(cherry picked from commit
2113c7f28b154df16af3637f67484971759a00a7)
Ray Kinsella [Fri, 13 Nov 2020 09:29:44 +0000 (09:29 +0000)]
crypto-native: fix multi-arch variant initialization
crypto_native/main.h is being built as default,
and crypto_native_main is initialized with a size of 64 bytes.
crypto_native/aes_gcm.c and crypto_native/aes_cbc.c are march
variants, their ICL variants are expecting crypto_native_main
to be 256 bytes.
Type: fix
Signed-off-by: Georgii Tkachuk <georgii.tkachuk@intel.com>
Signed-off-by: Fan Zhang <roy.fan.zhang@intel.com>
Signed-off-by: Ray Kinsella <mdr@ashroe.eu>
Change-Id: I4cddb75b712ea83c9cfca621887605d7bae104ec
Benoît Ganne [Fri, 6 Nov 2020 13:14:23 +0000 (14:14 +0100)]
ipsec: add support for tx-table-id in cli + example
Type: improvement
Change-Id: I840741dfe040718b682935cdbcb0ba958d45a591
Signed-off-by: Benoît Ganne <bganne@cisco.com>
(cherry picked from commit
40aa27ef7cf63daa11974d0b06ea9ee1a102cb32)
Benoît Ganne [Wed, 4 Nov 2020 09:02:03 +0000 (10:02 +0100)]
feature: reset interface feature arc on interface deletion
When removing an interface we must reset all per-interface per-feature
arc data to ensure we do not get wrong feature arc config data when the
sw_if_index is recycled.
Type: fix
Change-Id: I8c9d850d7c62b7b77193da4258ab5fb9bdda85a6
Signed-off-by: Benoît Ganne <bganne@cisco.com>
(cherry picked from commit
6178bdafa6a318d50cc8ad82f07c6c798c7024ef)
Benoît Ganne [Mon, 19 Oct 2020 07:49:09 +0000 (09:49 +0200)]
af_xdp: fix NUMA node parsing
Non-NUMA systems might report -1 as NUMA node.
Type: fix
Change-Id: I092c817ea670009d6f530cc70ad13d45e15fd363
Signed-off-by: Benoît Ganne <bganne@cisco.com>
(cherry picked from commit
4317b8efb1c4a4163b2585b9abd71ec38cd0862c)
Benoît Ganne [Tue, 20 Oct 2020 12:12:20 +0000 (14:12 +0200)]
wireguard: reset secret data before freeing it
Type: fix
Change-Id: I880bdd55ae5da0b9775a3fb548d44512348a7bc6
Signed-off-by: Benoît Ganne <bganne@cisco.com>
(cherry picked from commit
2531d50101991011fb1c7755d48f11b41f092628)
Benoît Ganne [Tue, 15 Sep 2020 08:45:55 +0000 (10:45 +0200)]
vpp: fix main heap init
NUMA node parsing with vlib_get_thread_core_numa() can failed on single
socket systems. Use clib_get_current_numa_node() instead as we already
pinned the main thread to the requested core.
Type: fix
Change-Id: I22339516d0305689a58584c92ded7c96eb53be39
Signed-off-by: Benoît Ganne <bganne@cisco.com>
(cherry picked from commit
33ce5e568f8b4fb1254bf5ee32865e9443c0185a)
Benoît Ganne [Fri, 6 Nov 2020 09:51:47 +0000 (10:51 +0100)]
ipsec: fix unformat types
ipsec_{crypto,integ}_alg_t are packed and smaller than u32. Callers are
using those enums so unformat functions should too instead of u32 to
not overflow the stack.
Type: fix
Change-Id: Ifc86366f1928ca6352f06f390a88ac64668289d5
Signed-off-by: Benoît Ganne <bganne@cisco.com>
(cherry picked from commit
f6422ffbc82c55f50d06c8c7a2e230db7001ee35)
Benoît Ganne [Wed, 21 Oct 2020 09:13:24 +0000 (11:13 +0200)]
svm: fix fifo unit test
- fix fifo initialization overflowing chunk size
- stick to the default base virtual address to initialize fifo. ASAN
can be picky about address space
Type: fix
Change-Id: If9a29138d2c207859d72845e928290c808c4a982
Signed-off-by: Benoît Ganne <bganne@cisco.com>
(cherry picked from commit
07b94558087facbb16c0fa82a79fcbbd9b44c485)
Benoît Ganne [Wed, 30 Sep 2020 16:35:27 +0000 (18:35 +0200)]
ikev2: fix cli memory leak
Type: fix
Change-Id: Ibdd83fa336427ec0c66224ecebb1b6bd36d1d1ba
Signed-off-by: Benoît Ganne <bganne@cisco.com>
(cherry picked from commit
1f6a6b8b2b4efd4d6735ffd6fa683a0190f232e2)
Benoît Ganne [Fri, 16 Oct 2020 15:12:41 +0000 (17:12 +0200)]
rdma: add RSS support for IPv6 and TCP
Type: feature
Change-Id: I8b0d918e6f13325954b29bf34e4ef224c1315c51
Signed-off-by: Benoît Ganne <bganne@cisco.com>
(cherry picked from commit
91603958d1d4fc3114739f9b264808940942e5c8)
Benoît Ganne [Thu, 8 Oct 2020 12:08:47 +0000 (14:08 +0200)]
build: better detection of libbpf dependencies
Type: fix
Change-Id: Ib496e6eb0a76e6268aea09d5f4495f3ecd921ec2
Signed-off-by: Benoît Ganne <bganne@cisco.com>
(cherry picked from commit
24b5107edd21b191fac3d6f9f2ae58c6ede59a9e)
Benoît Ganne [Tue, 15 Sep 2020 13:25:43 +0000 (15:25 +0200)]
af_xdp: add option to claim all available rx queues
Type: feature
Change-Id: I97176c2c90ea664a68078b3a7b7d44eb237a7f13
Signed-off-by: Benoît Ganne <bganne@cisco.com>
(cherry picked from commit
d4e109138279fcfbfce9d82384f0fa53b8f43ae1)
Benoît Ganne [Fri, 6 Nov 2020 09:55:22 +0000 (10:55 +0100)]
ipsec: fix outer table id lookup in ipsec tun script
Type: fix
Change-Id: I195949b610dca1b860baca18a059d39949627961
Signed-off-by: Benoît Ganne <bganne@cisco.com>
(cherry picked from commit
27632cae3dbed6afbaaf12d8da7798d7ecaa2ddb)
Benoît Ganne [Tue, 20 Oct 2020 12:36:55 +0000 (14:36 +0200)]
ip: fix doxygen doc for address add/del command
Type: docs
Change-Id: I96d5cdb41bd938f06d2d72f2625bf1b3d2c5b1b4
Signed-off-by: Benoît Ganne <bganne@cisco.com>
(cherry picked from commit
7bed48cb79ea13dc34ef263942b4a74030aeb11c)
Benoît Ganne [Tue, 20 Oct 2020 12:31:55 +0000 (14:31 +0200)]
svm: fix ASAN annotations for external chunks
Chunks can be allocated from another process. We need to manually
mark them as accessible for ASAN.
Type: fix
Change-Id: Ifbeef3346e9cee2c1231f80cbcf7f9673b5b54be
Signed-off-by: Benoît Ganne <bganne@cisco.com>
(cherry picked from commit
df601ae2d16ed127a9506a7a865484632ee1afe1)
Mohammed Hawari [Mon, 2 Nov 2020 13:05:03 +0000 (14:05 +0100)]
rdma: various fixes for chained buffers tx
Type: fix
Signed-off-by: Mohammed Hawari <mohammed@hawari.fr>
Change-Id: I428c87e581db335362fef30e274db8947a896416
(cherry picked from commit
a210433d534fe0039ddc2a9aa9840895aef0405d)
Mohammed Hawari [Wed, 21 Oct 2020 14:41:30 +0000 (16:41 +0200)]
pci: set PCI memory enable before mapping PCI BAR
This change mitigates software faults issued by some versions of the
linux kernel vfio-pci driver when VF PCI BARs are used without setting
the memory enable bit in the PCI configuration. This problem is
mentionned in https://lkml.org/lkml/2020/6/25/628
Change-Id: Idc177be4a5adb6ee467b4dd8f055f133ff267fe1
Type: improvement
Signed-off-by: Mohammed Hawari <mohammed@hawari.fr>
(cherry picked from commit
70fc36f26855fb4c7a56c5d1563d541b395f8f5d)
Steven Luong [Mon, 12 Oct 2020 17:43:28 +0000 (10:43 -0700)]
virtio: checksum error reported for ip6 traffic with GSO enable
When GSO is enabled, vhost clears the checksum field prior to transmitting
the packet. Some newer kernel version does not like that and complains
about checksum error. This was seen with ip6 traffic.
Type: fix
Signed-off-by: Steven Luong <sluong@cisco.com>
Change-Id: I7c6f2a6148f4a30107bfa8b078f5990e64300cf1
(cherry picked from commit
ac0f5363881fdce2721287bc5c756282166d9991)
Dave Wallace [Fri, 23 Oct 2020 13:35:12 +0000 (09:35 -0400)]
build: fix typo in dpdk-20.08 patch #0003
Type: fix
Signed-off-by: Dave Wallace <dwallacelf@gmail.com>
Change-Id: Id0b3264e723f1df161a606e4dbdcd70c36d448a4
Dave Wallace [Wed, 21 Oct 2020 23:27:05 +0000 (19:27 -0400)]
build: fix external patch application to not create .orig files
- Generation of patched original files (eg. dpdk-devbind.py.orig)
causes build breakage of 'make install-ext-deps' on CentOS-8.
Note: this only occurs on builds using 'make' for dpdk instead
of 'meson'. Thus only applies to stable/2009.
Type: fix
Signed-off-by: Dave Wallace <dwallacelf@gmail.com>
Change-Id: I3f1f70781b7a5564cd38e8876644d817e2eb4aad
Dave Wallace [Mon, 19 Oct 2020 18:57:55 +0000 (14:57 -0400)]
build: fix broken debian dependencies on ubuntu-18.04 & debian-9
- Installation vpp-plugin-core from packagecloud.io/master
& packagecloud.io/2009 breaks due to invalid dependencies
on newer versions of libmbedtls & libmbedcrypto
Type: fix
Fixes:
641467406
Signed-off-by: Dave Wallace <dwallacelf@gmail.com>
Change-Id: If736dabcc4a91a04b46515620dd87662b7b14260
Signed-off-by: Dave Wallace <dwallacelf@gmail.com>
Dave Wallace [Thu, 15 Oct 2020 19:53:50 +0000 (15:53 -0400)]
build: backport dpdk usertools support python3 only patch
- On Centos-8, 'make install-ext-deps' fails due to the
bpr-mangle-shebangs script failing the dpdk usertools
python scripts containing '#!/usr/bin/env python'.
Backport usertools section of the DPDK patch which
fixes this issue:
http://git.dpdk.org/dpdk/commit/?id=
3f6f83626cf4967a99382a6518a614a1bf3d2c20
- Also fix README to reflect name change of dpdk master
branch to 'main'.
- On stable/2009, the dpdk build using make fails due to rpmbuild
defaulting to using /usr/bin/python (version 2.7) which
fails to build. The build on master uses meson which somehow
resolves this issue. For this cherry-pick, fix the build by
fixing the rpm vpp-ext-deps spec to force the use of python3.
Type: fix
Change-Id: I487b1ff2da786a4a3fd8fb0f859436b0e1885f1b
Signed-off-by: Dave Wallace <dwallacelf@gmail.com>
Chuan Han [Thu, 15 Oct 2020 21:16:49 +0000 (14:16 -0700)]
build: Add missing debian dependencies
Otherwise, vpp install will fail.
Type: improvement
Signed-off-by: Chuan Han <chuan.han.comm@gmail.com>
Change-Id: Ifb4d7b8f6fb7b333b8205ba6b424176f8554cfdc
Dave Wallace [Mon, 21 Sep 2020 17:07:29 +0000 (13:07 -0400)]
build: add missing dnf-plugins-core package on centos-8
Type: fix
Change-Id: I1a4d9a7a8089cbf488dcd6f09eec6b4e0d0d72fe
Signed-off-by: Dave Wallace <dwallacelf@gmail.com>
(cherry picked from commit
858856df162adc095b8ce3c5998c383b0b2f10ff)
Filip Tehlar [Thu, 1 Oct 2020 03:08:52 +0000 (03:08 +0000)]
ikev2: fix leaking pending INIT requests
.. when associated profile is deleted.
Type: fix
Change-Id: Ib05831d79b3b58664ee0a930960513fd465373bf
Signed-off-by: Filip Tehlar <ftehlar@cisco.com>
(cherry picked from commit
6614df53509030f1c3faf52512bcd8a9851dec5c)
Filip Tehlar [Wed, 30 Sep 2020 21:56:01 +0000 (21:56 +0000)]
ikev2: fix issue when decrypting packet with no keys
Type: fix
Change-Id: I0e615d5089587992012a0f280ee902b2906f21c2
Signed-off-by: Filip Tehlar <ftehlar@cisco.com>
Chuan Han [Fri, 25 Sep 2020 22:34:06 +0000 (15:34 -0700)]
build: fix build for debian testing
1. add libelf-dev to default deb deps
2. Also use libffi7 instead of libffi6 for debian-testing
Type: fix
Signed-off-by: Chuan Han <chuan.han.comm@gmail.com>
Change-Id: I9f13955812877422ecb8aac3dd34c5828b9c4607
Andrew Yourtchenko [Wed, 30 Sep 2020 23:53:35 +0000 (23:53 +0000)]
build: fix the version in 'show version' for RPM
The RPM build ends up with "vXX.YY" to vstring,
which is not what we'd expect - so fix it up.
Change-Id: I0af68e69b1e40fc49ade759bb2f0ed9f47614217
Type: fix
Signed-off-by: Andrew Yourtchenko <ayourtch@gmail.com>
Andrew Yourtchenko [Fri, 25 Sep 2020 14:06:34 +0000 (14:06 +0000)]
misc: 20.09 Release Notes
Type: docs
Change-Id: I1b12f1d14a1a68504767c01ceac0eed115fb7ba6
Signed-off-by: Andrew Yourtchenko <ayourtch@gmail.com>
Signed-off-by: Ray Kinsella <mdr@ashroe.eu>
Mohsin Kazmi [Tue, 29 Sep 2020 10:01:25 +0000 (10:01 +0000)]
virtio: fix modern device queue notify
QUEUE_SELECT and QUEUE_NOTIFY_OFF registers are shared between all
workers operating on the same device and operations are not atomic
Type: fix
Change-Id: Ie017b1bfc7e3b6b4e59029f45db78eeffd9f3aeb
Signed-off-by: Mohsin Kazmi <sykazmi@cisco.com>
(cherry picked from commit
162a296756f3dbead55079e4670973d859df1ef9)
Benoît Ganne [Tue, 15 Sep 2020 08:58:07 +0000 (10:58 +0200)]
virtio: fix txq locking
Initialize txq lock only if some txq are shared and check if another
worker is already operating on the txq before processing gro timeouts
in input node.
Type: fix
Change-Id: I89dab6c0e6eb6a7aa621fa1548b0a2c76e6c7581
Signed-off-by: Benoît Ganne <bganne@cisco.com>
(cherry picked from commit
b6b484d01adb8ab2ef5a50d5a3d6f3f097df2e0c)
Vladimir Isaev [Fri, 18 Sep 2020 11:43:29 +0000 (14:43 +0300)]
tap: do not use strlen on vector
sanitizer complains about strlen on hi->name in tap_dump_ifs.
hi->name is a vector which is not null-terminated, so use vec_len.
Type: fix
Signed-off-by: Vladimir Isaev <visaev@netgate.com>
Change-Id: Icdd5f65369bb51b0c4a9cd86c24899e6febd837c
(cherry picked from commit
84f3d9fba4e1715237a41f0978430193363187c7)
Mohsin Kazmi [Fri, 25 Sep 2020 13:36:19 +0000 (15:36 +0200)]
virtio: fix the gro enable/disable on tx-vrings
Type: fix
Change-Id: I96c30baaf34fe7b0cd899966a507501e58cde934
Signed-off-by: Mohsin Kazmi <sykazmi@cisco.com>
(cherry picked from commit
1017a1d360cc1c38e2aee4b5f19ff1f2869a8cd9)
Filip Tehlar [Fri, 25 Sep 2020 16:55:03 +0000 (16:55 +0000)]
ikev2: fix false positive NAT detection
Type: fix
Change-Id: Id7f865f537c55d00a784eec51624ba28e903a083
Signed-off-by: Filip Tehlar <ftehlar@cisco.com>
Benoît Ganne [Thu, 17 Sep 2020 15:08:07 +0000 (17:08 +0200)]
ikev2: fix memory leaks
Type: fix
Change-Id: I5be19a4923b37e2636621d36155178ac348ee41c
Signed-off-by: Benoît Ganne <bganne@cisco.com>
(cherry picked from commit
a8af7cf253c4e8ab9ba1a2cfed50f6236fea3a62)
Dave Wallace [Thu, 24 Sep 2020 16:30:46 +0000 (12:30 -0400)]
build: remove OS distros which are EOL
Type: fix
Signed-off-by: Dave Wallace <dwallacelf@gmail.com>
Change-Id: If80ff6bfbd42779a663af1e7dcfff80d75f47f1e
Andrew Yourtchenko [Mon, 28 Sep 2020 12:18:05 +0000 (12:18 +0000)]
dpdk: Revert "call the meson-based build instead of Makefiles"
This reverts commit
73903d7e8a6141237637b2011386c7ee6ac969ee.
After discussion with Damjan, the change is more risky than it seemed,
so revert.
Type: fix
Signed-off-by: Andrew Yourtchenko <ayourtch@gmail.com>
Change-Id: Idee82806cd4a12a92540f904397d259b531770d1
Signed-off-by: Andrew Yourtchenko <ayourtch@gmail.com>
Andrew Yourtchenko [Mon, 28 Sep 2020 12:14:51 +0000 (12:14 +0000)]
dpdk: Revert "prevent linking dpdk against libbsd"
This reverts commit
7a7601795171665eb71461c705f3fbb4b6c6f1ad.
After discussion with Damjan, the change is more risky than it seemed,
so revert.
Type: fix
Signed-off-by: Andrew Yourtchenko <ayourtch@gmail.com>
Change-Id: I67defb01a0bebb8ff4231c27690b694f608fcb8e
Andrew Yourtchenko [Fri, 25 Sep 2020 13:07:32 +0000 (13:07 +0000)]
misc: documentation fixes
Change-Id: Id7ae7bbc53e89777892b973008baa93f1a083aac
Type: docs
Signed-off-by: Andrew Yourtchenko <ayourtch@gmail.com>
Klement Sekera [Fri, 25 Sep 2020 09:43:45 +0000 (09:43 +0000)]
bfd: add missing unlock
Thanks to Martin Sustrik for spotting the bug introduced by
a316744
and submitting the fix.
Type: fix
Signed-off-by: Klement Sekera <ksekera@cisco.com>
Change-Id: I4984fc32503b0c7b6db3543834dfbbfed2a1f23c
Florin Coras [Fri, 25 Sep 2020 00:18:13 +0000 (17:18 -0700)]
wireguard: fix uninitialized peer index in handoff
Type: fix
Signed-off-by: Florin Coras <fcoras@cisco.com>
Change-Id: I41513b9aa6ca0db1fb9392a15e5ac329a635ebfa
Artem Glazychev [Mon, 14 Sep 2020 04:36:01 +0000 (11:36 +0700)]
wireguard: add handoff node
All timer and control plane functions happen from main thread
Type: fix
Change-Id: I4fc333c644485cd17e6f426493feef91688d9b24
Signed-off-by: Artem Glazychev <artem.glazychev@xored.com>
(cherry picked from commit
8eb69407c8075e101b773d5a27ea21bd3fc906d7)
Dave Wallace [Thu, 24 Sep 2020 00:19:37 +0000 (20:19 -0400)]
build: fix missing openssl package on debian-10
- libssl-dev missing on debian-10 breaks
'make install-ext-deps'
Type: fix
Signed-off-by: Dave Wallace <dwallacelf@gmail.com>
Change-Id: Ib6a6f120147e8ae0dcfead6fae9f0a7a3434d687
(cherry picked from commit
17569cbeb25c7eba9cd818bea98448b11b05532c)
Damjan Marion [Thu, 17 Sep 2020 07:54:07 +0000 (09:54 +0200)]
vppinfra: allow handoff to main thread
Type: improvement
Change-Id: If2e907967c9b75997b581ff0c058bd5c15e823f5
Signed-off-by: Damjan Marion <damarion@cisco.com>
(cherry picked from commit
f6e6c788070e1421bbe7b10d449d9b65918ba561)
Steven Luong [Wed, 16 Sep 2020 20:10:53 +0000 (13:10 -0700)]
avf: wrong argument passed to avf_log_err
Type: fix
Signed-off-by: Steven Luong <sluong@cisco.com>
Change-Id: Ica4601c9d17e182cbc348989a9f75ab1cb18b78a
(cherry picked from commit
ba3a20082d8e17388bfeca6c2b422e3a11a4eb69)
Dave Wallace [Wed, 23 Sep 2020 15:38:25 +0000 (11:38 -0400)]
build: fix fts.py to run on debian-9/python3.5
Type: fix
Change-Id: I1404e73dd2ee62b51746e9f4760c7c3ca3b5989e
Signed-off-by: Dave Wallace <dwallacelf@gmail.com>
(cherry picked from commit
a079844cf01eea8a7085c2c03226ceb3d942838a)
Mohammed Hawari [Fri, 18 Sep 2020 19:47:04 +0000 (21:47 +0200)]
dpdk: prevent linking dpdk against libbsd
If libbsd is detected by the DPDK build system, DPDK does not provide
implementations for strlcpy and dynamically link against the one
provided by libbsd. When the DPDK plugin is loaded by VPP, a crash
occurs because libbsd is not loaded by VPP.
Type: fix
Change-Id: Ib691bbe27edcf0f6f0a3d39952e439027cef72cb
Signed-off-by: Mohammed Hawari <mohammed@hawari.fr>
(cherry picked from commit
1f799bc3cb7a3826395e544cafe587174393e2f0)
Andrew Yourtchenko [Tue, 22 Sep 2020 15:11:51 +0000 (15:11 +0000)]
vppapigen: crcchecker: harmonize the in_progress marking
The format for deprecation is "option deprecated" now,
so harmonize the in-progress marking to logically be
"option in_progress"
At the same time recognize the legacy/erroneous
types of marking, print the warning.
Change-Id: If418dfadd69ffb112550164d63d13420e51cefd7
Type: fix
Signed-off-by: Andrew Yourtchenko <ayourtch@gmail.com>
(cherry picked from commit
6a3d4cc9a11efbe73a1cda35a64c619eebde0b24)
Andrew Yourtchenko [Tue, 22 Sep 2020 16:04:35 +0000 (16:04 +0000)]
build: allow for rc3/rc4 style tags
Historically, there was only rc1/rc2 tags, fix in case we tag
rc3/rc4 during longer release windows.
Type: fix
Change-Id: I4243a1c03663a877f96a06d647e89adb74abd977
Signed-off-by: Andrew Yourtchenko <ayourtch@gmail.com>
(cherry picked from commit
bc31247c921d9bad94f2d4aeca9041aee518e7a6)
Mohammed Hawari [Tue, 15 Sep 2020 12:05:11 +0000 (14:05 +0200)]
dpdk: call the meson-based build instead of Makefiles
Type: feature
Signed-off-by: Mohammed Hawari <mohammed@hawari.fr>
Change-Id: I576d92605da6d43e9b9f12238b18a518a0d69385
(cherry picked from commit
4c4633cad1019d9aa28669ddfedc612f768d71a8)
Neale Ranns [Tue, 22 Sep 2020 11:24:18 +0000 (11:24 +0000)]
vxlan-gbp: Mark APIs as in-progress
Type: fix
The GBP plugin that uses this module is also in-ptogress, hence so is
this module.
Signed-off-by: Neale Ranns <nranns@cisco.com>
Change-Id: I3cb5dd124afac05da013d92d67b2abf6cdf9b769
(cherry picked from commit
b468773aa4164bf52e0751fdf780f67248037cc0)
Yulong Pei [Mon, 21 Sep 2020 20:41:56 +0000 (13:41 -0700)]
crypto: revert crypto set handler all API
This reverts commit
8c91b2ae2b32d428ef35605707788fe064621cb3,
but keep a comment fix.
Type: fix
Signed-off-by: Yulong Pei <yulong.pei@intel.com>
Change-Id: Ia66941bf18d3efac96f41bdf905d877cfb3ab211
(cherry picked from commit
6816c3b3df8c91a319cca56784dca07f842ef178)
Dave Wallace [Fri, 18 Sep 2020 15:35:01 +0000 (15:35 +0000)]
build: remove opensuse build infra
- VPP on opensuse has not been supported
for several releases.
Type: fix
Signed-off-by: Dave Wallace <dwallacelf@gmail.com>
Change-Id: I2b5316ad5c20a843b8936f4ceb473f932a5338d9
(cherry picked from commit
bc35f469c89daf0126937580b6972516b5007d3a)
Dave Wallace [Fri, 18 Sep 2020 20:23:55 +0000 (20:23 +0000)]
build: missing deb pkg on ubuntu-20.04
- The vpp build on the ubuntu-20.04 executor failed
due to the package 'dh-python' not getting
installed by 'make install-dep'
Type: fix
Signed-off-by: Dave Wallace <dwallacelf@gmail.com>
Change-Id: Id9307ad1b4e34c413d90258c6bde2aa5afafec63
(cherry picked from commit
5cc11b1210910d6e56025d87688a52111f730469)
Dave Wallace [Wed, 16 Sep 2020 21:04:24 +0000 (21:04 +0000)]
build: touch files when extracting rpm tarballs
Type: fix
- Long story short, intermittently centos jobs have been
failing with clock skew issues. When someone commits a
patch on a machine with the date ahead of UTC, then clock
skew will be encountered when extracting the RPM source
tarball. See [0] and [1] for details.
- Replace 'make bootstrap' with 'make install-dep' in
RPM package build specfile.
[0] https://unix.stackexchange.com/questions/164807/does-git-archive-use-the-wrong-file-timestamp
[1] https://git.fd.io/vpp/tree/Makefile#n380
Change-Id: Iebfb9eb2e26c1f2e4488e871da86d0c60b9f4048
Signed-off-by: Dave Wallace <dwallacelf@gmail.com>
(cherry picked from commit
27b50fea143f2d45613ef982870cd2052e21fb0f)
Steven Luong [Tue, 15 Sep 2020 16:48:38 +0000 (09:48 -0700)]
vmxnet3: gso fixes
outbound:
wrong header len computation
gso size and header length need to be set in the first segment of the
chain
inbound:
EOP may have zero length descriptor to terminate the chain
missing endian conversion for ethertype
Type: fix
Signed-off-by: Steven Luong <sluong@cisco.com>
Change-Id: Iaa003c0e9af3ead4df6c6c0d5772a179d2ff15c4
(cherry picked from commit
007abe751f2ee86528d0ccc005a3da1c90850868)
Andrew Yourtchenko [Wed, 16 Sep 2020 09:48:59 +0000 (09:48 +0000)]
vppapigen: crcchecker: report in-progress messages
in-progress messages do not give any API stability guarantees,
by design, to allow easy iteration. Provide an easy way
to know which messages are in-progress.
If as a user you see "in-progress" message that you want
to use in production, please contact the feature owner
and discuss the path to removing the "in-progress" status
before that.
Change-Id: I27729995e26a70af373e642b871dbb5cc5526959
Type: improvement
Signed-off-by: Andrew Yourtchenko <ayourtch@gmail.com>
(cherry picked from commit
8b0cd69d31a50e7f4a454d45e903c6cdaf23fbfe)
Yulong Pei [Tue, 15 Sep 2020 02:45:03 +0000 (19:45 -0700)]
crypto: Crypto set handler API to support set all as CLI
Type: improvement
Signed-off-by: Yulong Pei <yulong.pei@intel.com>
Change-Id: I43556f8c76c7aae64d9c927e1fda3c1774d7e49d
(cherry picked from commit
8c91b2ae2b32d428ef35605707788fe064621cb3)
Damjan Marion [Fri, 11 Sep 2020 12:10:35 +0000 (14:10 +0200)]
avf: change promisc mode from the avf process node
Avoid situations where promisc mode is chaged while avf process
is suspended in the middle of adminq operation.
Type: fix
Change-Id: Ia1fc6551e83218b5938630ad3a15d4f3f0ceceff
Signed-off-by: Damjan Marion <damarion@cisco.com>
(cherry picked from commit
160a2a9a8c5c4e054dcc0e8ebeb3de7654718582)
Damjan Marion [Wed, 9 Sep 2020 15:40:02 +0000 (17:40 +0200)]
avf: fix race between avf and cli/api process
device pool my grow during suspemd which will cause crash in avf process
after it exits from suspend.
Type: fix
Change-Id: I51fec90088c909cfbaaca6c245272a28c0827ca0
Signed-off-by: Damjan Marion <damarion@cisco.com>
(cherry picked from commit
171d6aceb039a7f0b0d67c837ff74359dae01ae4)
Ole Troan [Tue, 15 Sep 2020 09:37:16 +0000 (11:37 +0200)]
api: clean up use of deprecated flag
The syntax of the deprecated flag has evolved.
Clean up usage to be "option deprecated;".
Type: fix
Signed-off-by: Ole Troan <ot@cisco.com>
Change-Id: If2b639f275eb8db58b36c457f9245fe35a4d8cb1
(cherry picked from commit
f916414b383afd37ec78509ee613df8878160406)
Andrew Yourtchenko [Fri, 11 Sep 2020 17:40:52 +0000 (17:40 +0000)]
vppapigen: crcchecker: report deprecated messages
Report if the messages were marked as deprecated,
but not yet deleted.
Useful for building the release notes and comparing
between the releases.
Also, put the dict_compare() call into the report(),
since latter always consumes the output of the former.
Change-Id: Iceab3e94ff66da931a4669b612026bd162dd5d1a
Type: improvement
Signed-off-by: Andrew Yourtchenko <ayourtch@gmail.com>
(cherry picked from commit
62bd50de97cd90cc09559a09fe46f98211279a1e)