Benoît Ganne [Wed, 13 Oct 2021 17:16:07 +0000 (19:16 +0200)]
classify: add API to retrieve punt ACL tables
Type: feature
Change-Id: Ica3e60836c0f26518ba2c238a8c03ce3648ea69b
Signed-off-by: Benoît Ganne <bganne@cisco.com>
Zachary Leaf [Tue, 26 Oct 2021 15:05:58 +0000 (10:05 -0500)]
ipsec: input: drop by default for non-matching pkts
As per IPSec RFC4301 [1], any non-matching packets should be dropped by
default. This is handled correctly in ipsec_output.c, however in
ipsec_input.c non-matching packets are allowed to pass as per a matched
BYPASS rule.
For full details, see:
https://lists.fd.io/g/vpp-dev/topic/ipsec_input_output_default/
84943480
It appears the ipsec6_input_node only matches PROTECT policies. Until
this is extended to handle BYPASS + DISCARD, we may wish to not drop
by default here, since all IPv6 traffic not matching a PROTECT policy
will be dropped.
[1]: https://datatracker.ietf.org/doc/html/rfc4301
Type: fix
Signed-off-by: Zachary Leaf <zachary.leaf@arm.com>
Change-Id: Iddbfd008dbe082486d1928f6a10ffbd83d859a20
Arthur de Kerhor [Wed, 22 Dec 2021 09:58:30 +0000 (10:58 +0100)]
ip: set fib_index before exiting input ACL node
While setting an ACL, a user can specify the adjacency to follow after
the input ACL node. Thus, we may skip a lookup and enter directly a
local node (ex: ip4_local). To prevent the local source check from
failing, we need to specify the fib index. And, we have to do it just
before exiting the input ACL node because the l2_classify object
is overlapping with the fib_index in the vnet_buffer_opaque_t struct.
We could have added a padding to avoid this overlap but there is no
place for that in the structure.
Type: fix
Signed-off-by: Arthur de Kerhor <arthurdekerhor@gmail.com>
Change-Id: I383c36e4aec08d181f966f28565aefed950d2a74
Marcel Cornu [Fri, 4 Mar 2022 17:33:12 +0000 (17:33 +0000)]
crypto-ipsecmb: bump to ipsecmb v1.2
Type: feature
This patch bumps ipsecmb library version from 1.1 to 1.2
Signed-off-by: Marcel Cornu <marcel.d.cornu@intel.com>
Change-Id: I181e43c711fe530296c037d59b53fe3c5f2719ea
Alexander Chernavin [Mon, 13 Dec 2021 13:03:56 +0000 (13:03 +0000)]
linux-cp: handle ipv4 routes when interface is disabled
Type: improvement
Currently, when an interface is brought down administratively, IPv4
routes that resolve through that interface remain in the FIB. However,
the kernel removes those routes but doesn't send any notifications about
that. Desynchronization between the kernel and VPP happens.
With this change, when a notification received from the kernel
indicating that an interface was brought down, in addition to bringing
the VPP interface down, walk the IPv4 FIB bound to that interface and
remove any entries that resolve through that interface and were added
with one of the linux-cp FIB sources.
Signed-off-by: Alexander Chernavin <achernavin@netgate.com>
Change-Id: I0cd14bb63c9e6616ae1c5739b17c3bf33b186bc2
Neale Ranns [Fri, 4 Mar 2022 11:45:41 +0000 (11:45 +0000)]
ip: Fixes for IPv6 and MPLS fragmentation
Type: fix
- IPv6 fragmentation did not work if the packet spaneed multiple buffers, because the 'len' calculation to did max out at the size of a buffer
- IPv6 fragmentation did not work when the l2unfragmentable size was non-zero, it was not used in the correct places
- IPv6oMPLS fragmentation would fragment all IPv6, it should do so only for link local
- IPv6oMPLS should send back TooBig ICMP6 for non locally generated
Signed-off-by: Neale Ranns <neale@graphiant.com>
Change-Id: Ie8f02cdfdd7b7e8474e62b6d0acda8f20c371184
Alexander Chernavin [Fri, 4 Mar 2022 13:18:15 +0000 (13:18 +0000)]
linux-cp: fix issue of possibly closing negative fd
Type: fix
Primarily fix an issue reported by Coverity in
lcp_nl_open_sync_socket() that close() could possibly be run with
negative fd. Also, add more checks and error logging there.
Signed-off-by: Alexander Chernavin <achernavin@netgate.com>
Change-Id: I9a88520d068392977a6eba0766451e5652fe512c
Alexander Chernavin [Fri, 22 Oct 2021 10:46:39 +0000 (10:46 +0000)]
linux-cp: stop signaling read event on every notif
Type: improvement
Currently, read event signal is sent on every notification message
received and added in the queue.
With this change, signal read event only when all currently available
notification messages are received.
Signed-off-by: Alexander Chernavin <achernavin@netgate.com>
Change-Id: Ib86d189311ce01f50167e4e97feb99df0292ad96
Alexander Chernavin [Fri, 22 Oct 2021 08:33:00 +0000 (08:33 +0000)]
linux-cp: stop ignoring ENOBUFS while reading notif
Type: improvement
Currently, while reading notifications, ENOBUFS error is ignored and
reading continues. This was done to minimize the number of notifications
that are lost due to reopening the socket.
Now that synchronization is implemented to recover from socket errors,
ignoring ENOBUFS and reading as much notifications as possible is not
actual. Before synchronization, all currently enqueued notification are
discarded in any case.
With this change, stop reading notifications if any error occurs.
Signed-off-by: Alexander Chernavin <achernavin@netgate.com>
Change-Id: I1184d9a3aa99df63ef59bc2a67be2b1e5e0e9329
Benoît Ganne [Thu, 20 Jan 2022 12:44:12 +0000 (13:44 +0100)]
api: harden api trace parsing
- make sure we do not overflow
- skip unknown messages if we can
Type: fix
Change-Id: I0efbe7376d9d78f6b0ec8018c0813400e6653698
Signed-off-by: Benoît Ganne <bganne@cisco.com>
Neale Ranns [Thu, 17 Feb 2022 15:41:32 +0000 (15:41 +0000)]
ping: correct the fib-index used for the reply
Type: fix
if original packet was to the link local, then the
fib index in the buffer is that of the LL table, we can't use that
to foward the response if the new destination
is global, so reset to the fib index of the link.
In other case, the fib index we need has been written
to the buffer already.
Add a test for IPv6 ping in an MPLS-VPN where int inout interface is
not the the same VRF as the response should be sent.
Signed-off-by: Neale Ranns <neale@graphiant.com>
Change-Id: I18a232d90ddd3ef051a52476c5d861c87060e76f
Neale Ranns [Thu, 17 Feb 2022 09:08:47 +0000 (09:08 +0000)]
ip: rate-limit the sending of ICMP error messages
Type: improvement
For error conditions, such as TTL expired, dest unreach, etc, Rate limit the sending of ICMP error messages.
The rate limiting is done based on src,dst IP address of the received packet.
the rate limit has been chosen, somewhat arbitrarily, to be 1e-3. This is the same limit as the ARP throttling.
Signed-off-by: Neale Ranns <neale@graphiant.com>
Change-Id: I4a0b791cde8c941a9bf37de6aa5da56779d3cef4
Alexander Chernavin [Thu, 21 Oct 2021 08:29:11 +0000 (08:29 +0000)]
linux-cp: ignore neighbors if ip addr is multicast
Type: improvement
When dump of neighbors is requested, the replies will also include
neighbor entries for IPv6 multicast addresses:
GigabitEthernet0/8/0 S ff02::16 33:33:00:00:00:16
GigabitEthernet0/8/0 S ff02::1:ff76:7135 33:33:ff:76:71:35
GigabitEthernet0/8/0 S ff02::2 33:33:00:00:00:02
Such entries are not reported in netlink notification messages and
VPP is unlikely to use these.
With this change, ignore neighbor entries when the IP address is a
multicast address.
Signed-off-by: Alexander Chernavin <achernavin@netgate.com>
Change-Id: Ic712aa4904f1d559f31fd89ff4541268e2340f84
Benoît Ganne [Thu, 24 Feb 2022 15:17:52 +0000 (16:17 +0100)]
ip: fix overflow in ip6_ext_header_walk
ip6_ext_hdr_chain_t->eh is IP6_EXT_HDR_MAX elements.
Type: fix
Change-Id: I28b8d610d8f5c0c520c8391c37b86e837655ab12
Signed-off-by: Benoît Ganne <bganne@cisco.com>
Mohsin Kazmi [Fri, 4 Mar 2022 15:08:24 +0000 (16:08 +0100)]
pg: fixing the cli
Type: fix
This patch removes the assert and it is unnecessary.
Because given variable is used for branch testing.
Change-Id: I64f57f909fcba205216296e86c1cde2a5dadbb45
Signed-off-by: Mohsin Kazmi <sykazmi@cisco.com>
Mohsin Kazmi [Fri, 4 Mar 2022 15:05:01 +0000 (16:05 +0100)]
pg: add support for ip mode through cli
Type: improvement
Change-Id: I5dda196ab8f1b634fcac46acd5c57a6dd726759c
Signed-off-by: Mohsin Kazmi <sykazmi@cisco.com>
Mohsin Kazmi [Tue, 22 Feb 2022 11:42:35 +0000 (11:42 +0000)]
ipfix-export: fix the warning message for uninitialized variable
Type: fix
Signed-off-by: Mohsin Kazmi <sykazmi@cisco.com>
Change-Id: I2b8b6a3b5a6df71e84ce2f15ef7117f390121c2f
Arthur de Kerhor [Thu, 3 Mar 2022 09:33:23 +0000 (10:33 +0100)]
classify: skip l2 header in CLI
Add the possibility to create masks and matches without l2 header in the
CLI when creating tables and entries. This is useful for tables working
on l3 and l4 only.
Type: improvement
Signed-off-by: Arthur de Kerhor <arthurdekerhor@gmail.com>
Change-Id: I7da9e47d810c0b4a0938e2cb3bc31aa69ace3649
Neale Ranns [Thu, 24 Feb 2022 10:30:12 +0000 (10:30 +0000)]
mpls: Fix the fragmentation in mpls-output.
Type: fix
the MTU needs to be adjusted to account for the label stack, since the size of fragments produced is stack+mtu.
these changes are to the use of the stack variable 'mtu'
most of the patch results from appeasing checkstyle.
Signed-off-by: Neale Ranns <neale@graphiant.com>
Change-Id: I8d0e10cf52ca4dd8ecdc224ed6c54a13e4768fdd
Neale Ranns [Fri, 4 Mar 2022 13:44:47 +0000 (13:44 +0000)]
tunnel: Fix the format of tunnel flags
Type: fix
it only display the first flag set
Signed-off-by: Neale Ranns <neale@graphiant.com>
Change-Id: I45cddbac0d4eed8bda10bf5e0f7c9db0faf183c5
Benoît Ganne [Wed, 23 Feb 2022 14:35:35 +0000 (15:35 +0100)]
vnet: use system time for pcap trace
Use system wall-clock time for packets timestamps instead of the time
since VPP started for pcap traces.
Type: improvement
Change-Id: I716165912efe8db3a8861d5c10597dc7629d2293
Signed-off-by: Benoît Ganne <bganne@cisco.com>
Florin Coras [Thu, 3 Mar 2022 05:06:30 +0000 (21:06 -0800)]
vcl: validate vls_epoll_ctl inputs
Type: improvement
Signed-off-by: Florin Coras <fcoras@cisco.com>
Change-Id: I315ef0122ccb21ccfef117a58b1dc998127618ce
Florin Coras [Wed, 2 Mar 2022 22:04:25 +0000 (14:04 -0800)]
session: improve tx tracing
Type: improvement
Signed-off-by: Florin Coras <fcoras@cisco.com>
Change-Id: I4fd7ae435514eb986543302c7e3e69e04acba8cf
Alexander Chernavin [Wed, 20 Oct 2021 13:22:14 +0000 (13:22 +0000)]
linux-cp: detect and delete stale entries after sync
Type: improvement
During synchronization, only the current actual set of entries is
loaded. If some entries are no longer present in the set being loaded
but present in VPP, they should be removed to fully syncronize.
With this change, add handlers for sync begin and end events. Begin
handlers will mark the entries as stale. End handlers will remove the
entries that are still marked as stale.
Signed-off-by: Alexander Chernavin <achernavin@netgate.com>
Change-Id: I4f7e872af3e1c9ffa6c63bcc3984ec76def1bb43
Ray Kinsella [Tue, 1 Mar 2022 09:00:17 +0000 (09:00 +0000)]
ipsec: remove ipsec vnet script
An updated ipsec script was identical to the existing ipsec_tun_protect script.
Remove the ipsec vnet script, and rename the ipsec_tun_protect to become the
default ipsec vnet script.
Type: fix
Signed-off-by: Ray Kinsella <mdr@ashroe.eu>
Change-Id: Ie05ca3e089b67a5b9499d83d4cb2adf1b6c6ffba
Alexander Chernavin [Wed, 20 Oct 2021 12:15:43 +0000 (12:15 +0000)]
linux-cp: resync with kernel after nl socket error
Type: improvement
Currently, if an error happens on the netlink notification socket, the
socket gets reopened. A portion of notification messages have been lost
because of this and will never arrive on the socket. VPP will be out of
sync with the kernel networking state.
With this change, synchronize VPP state and the kernel networking state
if there was an error polling or reading the notification socket.
Signed-off-by: Alexander Chernavin <achernavin@netgate.com>
Change-Id: I8cdff89b505cd227535a0acaadb6ee757204c45e
Neale Ranns [Thu, 24 Feb 2022 10:35:02 +0000 (10:35 +0000)]
ip: Path MTU DPO allocation function is public
Type: refactor
check for pool expansion in the DPO allocation, just in case.
Signed-off-by: Neale Ranns <neale@graphiant.com>
Change-Id: I6ba7dd66313630d3f24a51700ab4486ba43d856b
Alexander Chernavin [Wed, 20 Oct 2021 11:52:46 +0000 (11:52 +0000)]
linux-cp: make check of message ts null-tolerant
Type: improvement
For some message types, timestamps are checked on netlink message to
decide whether the message should be applied. For notification messages
timestamps are expected to be always available.
With this change, before accessing the timestamp, make sure the message
info object that carries it is not null. If it is null, pass the check.
This is to be ready to process dump replies that will not need the
timestamp check and will have the message info object set to null.
Signed-off-by: Alexander Chernavin <achernavin@netgate.com>
Change-Id: Ic7211c0d451d72f6a5248898b3a8f8e0bca8f7aa
Alexander Chernavin [Fri, 4 Feb 2022 10:15:31 +0000 (10:15 +0000)]
linux-cp: reflect hw link state on tap on pair creation
Type: fix
Currently, a tap interface created to be a member of a linux-cp pair has
default link state (down) and default link speed (10Mb/s). Then the
plugin monitors the link state of the paired hardware interface and if
it changes, the new link state is reflected on the tap interface. And
when the new link state is "up", the link speed is also reflected on the
tap interface.
The problem is that this scheme implies that the hardware interface's
link state is "down" at the moment of the linux-cp pair creation and
then changes. But there are cases when the link state is already "up" at
that moment. If that is the case, the link speed on the tap interface
will remain the default one until the link comes down and then comes up.
With this fix, when a linux-cp pair is created, reflect current link
state of the hardware interface being paired on the created tap
interface.
Signed-off-by: Alexander Chernavin <achernavin@netgate.com>
Change-Id: I73664d753f4daaa6d439c9ca898fb7363d21c06d
Vladimir Ratnikov [Wed, 2 Mar 2022 10:31:42 +0000 (10:31 +0000)]
linux-cp: lcp fib fixes
Some possible side effects for multicast routes appears to be in
lcp_router_table_add_or_lock. so ff00/8 route will be processed
for ospf purposes the right way
Ignore IPv6 kernel routes
Skip adding auto routes into FIB
Type: fix
Signed-off-by: Vladimir Ratnikov <vratnikov@netgate.com>
Change-Id: I35f73d629a7fffca7f7d4547adc2549b72c2048f
Florin Coras [Wed, 2 Mar 2022 02:07:09 +0000 (18:07 -0800)]
vcl: fix segment detach post api disconnect
Type: fix
Signed-off-by: Florin Coras <fcoras@cisco.com>
Change-Id: I0982f0f5c8186f9ed962db49a14f35aa19f6a276
Jon Loeliger [Wed, 23 Feb 2022 20:21:51 +0000 (14:21 -0600)]
wireguard: improve sending WG interface dump details
Include the user_instance in wireguard interface details.
In addition to dumping all wireguard interface details,
also allow selective dumping of just one interface.
Type: improvement
Signed-off-by: Jon Loeliger <jdl@netgate.com>
Change-Id: Iaf1093c6ae3eb00a685f34b2e0171285b02fae2b
Benoît Ganne [Tue, 1 Mar 2022 15:48:40 +0000 (16:48 +0100)]
tap: fix tun set mtu
Type: fix
Fixes:
1cd0e5dd533f4209dde453eaa43215e52cd42985
Change-Id: I64318585fb3b12369b78735c681f3b747c67b53b
Signed-off-by: Benoît Ganne <bganne@cisco.com>
Guillaume Solignac [Tue, 28 Sep 2021 13:01:26 +0000 (15:01 +0200)]
build: fix missing dependency for library
When building a VPP library out of tree using add_vpp_library, the build
sometimes fails because the library API files are not necessarily
generated before compiling this library.
This is fixed by adding the lib API files as dependencies of the
lib compilation.
Type: fix
Signed-off-by: Guillaume Solignac <gsoligna@cisco.com>
Change-Id: I69dffaecbfd547f10115504494a47358c4624258
Florin Coras [Sat, 26 Feb 2022 02:38:09 +0000 (18:38 -0800)]
hsa: add tps support for random closes
Useful for stress testing.
Type: improvement
Signed-off-by: Florin Coras <fcoras@cisco.com>
Change-Id: I0b1701682494a9fbf7deac311b4afd3036c50b56
Mohsin Kazmi [Tue, 1 Feb 2022 18:35:59 +0000 (18:35 +0000)]
virtio: refactor code
Type: refactor
Signed-off-by: Mohsin Kazmi <sykazmi@cisco.com>
Change-Id: I3788cc857023fafcc8eb6d6ff4524425026a75d8
Dave Wallace [Tue, 1 Mar 2022 03:41:22 +0000 (22:41 -0500)]
vat2: include src/vlibmemory/vlib.api messages
- cli_inband is missing from vat2
Type: improvement
Change-Id: I1f22dee3ee29f3cf0f1f7c6076d5f2b2b2bf969d
Signed-off-by: Dave Wallace <dwallacelf@gmail.com>
Florin Coras [Fri, 25 Feb 2022 00:35:26 +0000 (16:35 -0800)]
tls: handle read write ssl errors
Type: improvement
Signed-off-by: Florin Coras <fcoras@cisco.com>
Change-Id: If5eed7dac4951f0510a4b4b092f66f44d0d3cacd
Saravanan Murugesan [Mon, 28 Feb 2022 05:25:26 +0000 (10:55 +0530)]
tls: Receive only when the app_session is available
Type: fix
Signed-off-by: Saravanan Murugesan <sarmurug@cisco.com>
Change-Id: Icfd5e3c0bb034684c7bc43be46927294536ba08a
Saravanan Murugesan [Fri, 25 Feb 2022 11:13:29 +0000 (16:43 +0530)]
tls: Handle transport disconnect during client HS failures
Type: fix
Signed-off-by: Saravanan Murugesan <sarmurug@cisco.com>
Change-Id: I5f7f4b925b3d250c5b8616d1fb35edbde50a7a23
Andrew Yourtchenko [Tue, 15 Feb 2022 16:29:46 +0000 (16:29 +0000)]
misc: VPP 22.02 Release Notes
type: docs
Signed-off-by: Andrew Yourtchenko <ayourtch@gmail.com>
Signed-off-by: Dave Wallace <dwallacelf@gmail.com>
Change-Id: I32291160f0d22a804929d0a040472ff952f02544
Signed-off-by: Maciek Konstantynowicz <mkonstan@cisco.com>
(cherry picked from commit
7911f29c518c6b2a678e13874f7f16eba03dab75)
Dave Wallace [Wed, 23 Feb 2022 20:36:02 +0000 (15:36 -0500)]
vapi: Missing include file in vlib.api.vapi.h
- A call to vapi_msg_control_ping_hton() is generated in
a static inline function in vlib.api.vapi.h, which is
defined/generated in memclnt.api.vapi.h without
including memclnt.api.vapi.h in vlib.api.vapi.h.
This breaks the compilation of plugins which include
only vlib.api.vapi.h (e.g. hicn_plugin from the HICN
project).
Type: fix
Fixes:
a1400cecb
Signed-off-by: Dave Wallace <dwallacelf@gmail.com>
Change-Id: I5574f4ed496183ea93265f493bf3624254a865a2
Florin Coras [Tue, 22 Feb 2022 22:41:17 +0000 (14:41 -0800)]
hsa: add support for vrfs in tps
The app keeps on using the default app ns but each listen will be done
in the vrf configured.
Type: improvement
Signed-off-by: Florin Coras <fcoras@cisco.com>
Change-Id: I0947e03188d55231b299916351115038e0b1f5da
Florin Coras [Wed, 23 Feb 2022 06:35:34 +0000 (22:35 -0800)]
hsa: fix tps data offset on connection reuse
Type: fix
Signed-off-by: Florin Coras <fcoras@cisco.com>
Change-Id: Ibe92497cc5446ac5c734f8fe5c63c0167204dd09
Filip Tehlar [Fri, 18 Feb 2022 08:49:43 +0000 (08:49 +0000)]
session: fix session layer socket read
This fixes an issue caused by session layer reading expected part of
data (cert + key) before the client actually sends it.
Type: fix
Signed-off-by: Filip Tehlar <ftehlar@cisco.com>
Change-Id: I6ddddb08f9576211b302e814d7c2b040383e5fb7
Klement Sekera [Fri, 18 Feb 2022 10:35:08 +0000 (10:35 +0000)]
tests: better reporting for unexpected packets
Raise a new UnexpectedPacketErrror, when a packet is captured
unexpectedly. This pretty-prints a terse description of said packet.
Type: improvement
Signed-off-by: Klement Sekera <klement.sekera@gmail.com>
Change-Id: Ibac19fc5bbd82a150fec3c90940a37af6344fd4f
Dave Wallace [Wed, 23 Feb 2022 22:15:14 +0000 (17:15 -0500)]
build: export missing header files required by hicn_plugin
- HICN project's hicn_plugin requires vnet header files
fib/fib_entry_track.h and udp/udp_encap.h to be
included in build-root/install-vpp*-*/vpp/include/vnet
Type: fix
Signed-off-by: Dave Wallace <dwallacelf@gmail.com>
Change-Id: Iabd3f8fe0aee8d727758fc6ef202e859d68d63a3
Florin Coras [Wed, 23 Feb 2022 02:18:47 +0000 (18:18 -0800)]
http hsa: use octet-stream content type for tps
Type: improvement
Signed-off-by: Florin Coras <fcoras@cisco.com>
Change-Id: I925618e426b325f4fafb9ed39a2d7c2d7c7b38f3
Florin Coras [Sat, 19 Feb 2022 22:30:32 +0000 (14:30 -0800)]
http: improvement reset and close handling
Type: improvement
Signed-off-by: Florin Coras <fcoras@cisco.com>
Change-Id: I37ff8099c6c8044881379b4cd47ca8843746c315
Florin Coras [Thu, 17 Feb 2022 01:59:55 +0000 (17:59 -0800)]
http hsa: support multiple listeners for http tps
Type: improvement
Signed-off-by: Florin Coras <fcoras@cisco.com>
Change-Id: Ie89326ed4e599231fc20de67c5dadbb428568bec
Gabriel Oginski [Tue, 22 Feb 2022 14:15:11 +0000 (14:15 +0000)]
wireguard: fix dereferences null pointer
Type: fix
Fixed coverity-issue CID 248517.
Originally possible passing null pointer to one function and directly
dereferences it.
This patch fixes the issue by add a new condition to check this
pointer.
Change-Id: If506abaf08c9f003860b641971af291f68613c18
Signed-off-by: Gabriel Oginski <gabrielx.oginski@intel.com>
Matthew Smith [Tue, 8 Feb 2022 21:34:05 +0000 (21:34 +0000)]
vrrp: fix thread synchronization issue
Type: fix
Fixes:
39e9428b90bc
When a VRRP advertisement is received by a worker thread, the worker
calls vl_api_rpc_call_main_thread() so the main thread will process the
packet and make adjustments to VR state if necessary.
The data being passed to the main thread included a pointer to the VRRP
header in the received packet buffer. Since the main thread processes
the RPC request asynchronously from the worker thread, it's possible for
the worker to drop the packet and for the buffer to be overwritten before
the main thread can process it.
Copy the fields which may be needed by the main thread into a struct
instead of passing a pointer to a packet buffer.
Change-Id: I4e899e967df5a54776b521825a80e9cce1a94f5f
Signed-off-by: Matthew Smith <mgsmith@netgate.com>
Jon Loeliger [Wed, 16 Feb 2022 16:52:56 +0000 (10:52 -0600)]
wireguard: prevent stacksmashing on poorly formed base64 keys
Integer math on 32 bytes of base64 data might yield 33 bytes
of data in some poorly formed user input of private key values.
Rather than smashing the stack (detected) and aborting, simply
allow for the possible yet irrelevant 33-rd byte of data.
Type: fix
Fixes:
edca1325cf296bd0f5ff422fc12de2ce7a7bad88
Change-Id: I42acfbf3e8fbb3d517e21c53d4f80459d4800e9d
Signed-off-by: Jon Loeliger <jdl@netgate.com>
Neale Ranns [Tue, 22 Feb 2022 14:51:08 +0000 (14:51 +0000)]
linux-cp: Only enable/disable the punt feature on the 0<->1 transition
Type: fix
otherwise the feature is enabled n times for n lcp-pairs and the packets go n times through the feature.
Signed-off-by: Neale Ranns <neale@graphiant.com>
Change-Id: I8e47e4a293d6e2711f54aa09e9545e5e07728026
Ed Warnicke [Fri, 18 Feb 2022 19:26:35 +0000 (19:26 +0000)]
vxlan: crash on assigning IP address to interface
Revert "vxlan: crash on configuring vxlan tunnel on l3 mode"
This reverts commit
b8de7d43e4955bb4025cd0e0e7390279841b6d7d.
Reason for revert: VPP-2014
Type: fix
Fixes:
b8de7d43e4955bb4025cd0e0e7390279841b6d7d
Change-Id: Ic4d10f28985ee10e0550a1bbfd465ada915e4aa6
Signed-off-by: Ed Warnicke <hagbard@gmail.com>
Rajith P R [Tue, 22 Feb 2022 12:56:51 +0000 (18:26 +0530)]
fib: fix adj_get crash
adj_get() crashed in worker thread. The index is valid but was freed.
0x00007fba5fb07921 in __GI_abort () at abort.c:79
0x00007fba528de7c3 in os_panic () at /development/libvpp/src/vpp/vnet/main.c:618
0x00007fba506f2a19 in debugger () at /development/libvpp/src/vppinfra/error.c:84
0x00007fba506f2797 in _clib_error (how_to_die=2, function_name=0x0, line_number=0, fmt=0x7fba521cecd9 "%s:%d (%s) assertion `%s' fails") at /development/libvpp/src/vppinfra/error.c:143
0x00007fba51d88254 in adj_get (adj_index=79) at /development/libvpp/src/vnet/adj/adj.h:472
0x00007fba51d87642 in icmp6_neighbor_solicitation_or_advertisement (vm=0x7fb9f19a0580, node=0x7fb9bb820340, frame=0x7fb9b718bc40, is_solicitation=0) at /development/libvpp/src/vnet/ip6-nd/ip6_nd.c:134
0x00007fba51d8f479 in icmp6_neighbor_advertisement (vm=0x7fb9f19a0580, node=0x7fb9bb820340, frame=0x7fb9b718bc40) at /development/libvpp/src/vnet/ip6-nd/ip6_nd.c:348
Type: fix
Signed-off-by: Rajith P R <rajith@rtbrick.com>
Change-Id: Ibe29854137ee9680f7947450eb7e256b8c0ade31
Dmitry Valter [Tue, 22 Feb 2022 06:40:22 +0000 (06:40 +0000)]
fib: fix mpls db label overflow
mpls fib DB size was 2^20 instead of intended 2^21.
Therefore large mpls labels caused DB to overflow and write
to other tables or some random objects. Or crash with ASAN.
Sometimes.
Type: fix
Signed-off-by: Dmitry Valter <d-valter@yandex-team.ru>
Change-Id: I6db65680037a266fe47e8213464a0c16de63c06c
Florin Coras [Fri, 18 Feb 2022 23:16:20 +0000 (15:16 -0800)]
lisp: fix ip and udp checksum computation
Type: fix
Fixes:
6fdcc3d
Signed-off-by: Florin Coras <fcoras@cisco.com>
Change-Id: I820c505482801ff2ab8dac41a0016bb3a741a4ee
Klement Sekera [Fri, 18 Feb 2022 10:34:35 +0000 (10:34 +0000)]
tests: add enhanced packet counter verification
Add support for inline packet counter verification to send_and_* functions.
Diff dictionary is a dictionary of dictionaries of interesting stats:
diff_dictionary =
{
"err" : { '/error/counter1' : 4, },
sw_if_index1 : { '/stat/segment/counter1' : 5,
'/stat/segment/counter2' : 6,
},
sw_if_index2 : { '/stat/segment/counter1' : 7,
},
}
It describes a per sw-if-index diffset, where each key is stat segment
path and value is the expected change for that counter for sw-if-index.
Special case string "err" is used for error counters.
This then allows more precise packet counter verification by first
defining a "zero" dictionary, e.g. for ED NAT:
cls.no_diff = StatsDiff({
pg.sw_if_index: {
'/nat44-ed/in2out/fastpath/tcp': 0,
'/nat44-ed/in2out/fastpath/udp': 0,
'/nat44-ed/in2out/fastpath/icmp': 0,
'/nat44-ed/in2out/fastpath/drops': 0,
'/nat44-ed/in2out/slowpath/tcp': 0,
'/nat44-ed/in2out/slowpath/udp': 0,
'/nat44-ed/in2out/slowpath/icmp': 0,
'/nat44-ed/in2out/slowpath/drops': 0,
'/nat44-ed/in2out/fastpath/tcp': 0,
'/nat44-ed/in2out/fastpath/udp': 0,
'/nat44-ed/in2out/fastpath/icmp': 0,
'/nat44-ed/in2out/fastpath/drops': 0,
'/nat44-ed/in2out/slowpath/tcp': 0,
'/nat44-ed/in2out/slowpath/udp': 0,
'/nat44-ed/in2out/slowpath/icmp': 0,
'/nat44-ed/in2out/slowpath/drops': 0,
}
for pg in cls.pg_interfaces
})
and then to specify only changed counters directly when calling
one of send_and_* functions:
self.send_and_assert_no_replies(
self.pg0, pkts, msg="i2o pkts",
stats_diff=self.no_diff | {
"err": {
'/err/nat44-ed-in2out-slowpath/out of ports': len(pkts),
},
self.pg0.sw_if_index: {
'/nat44-ed/in2out/slowpath/drops': len(pkts),
},
}
)
operator | is overloaded by StatsDiff class to perform a deep merge operation,
so in above case, dictionaries for "err" and self.pg0.sw_if_index do not
overwrite whole sub-dictionaries, rather the contents are merged,
assuring that all the remaining counters are verified to be zero.
Type: improvement
Signed-off-by: Klement Sekera <klement.sekera@gmail.com>
Change-Id: I2b87f7bd58a7d4b34ee72344e2f871b2f372e2d9
Klement Sekera [Fri, 18 Feb 2022 10:32:08 +0000 (10:32 +0000)]
tests: add a generalised counter assert function
Type: improvement
Signed-off-by: Klement Sekera <klement.sekera@gmail.com>
Change-Id: I5e0fd1019372df0cd403725b8cac52363af13718
Klement Sekera [Fri, 18 Feb 2022 10:30:51 +0000 (10:30 +0000)]
tests: allow not removing vpp objects after test
Some tests might want to keep vpp config in between test functions.
Add a flag to allow that.
Type: improvement
Signed-off-by: Klement Sekera <klement.sekera@gmail.com>
Change-Id: I90243cd667dce922b43b381f3d52f4ac0f6bf3a7
Klement Sekera [Fri, 18 Feb 2022 15:11:14 +0000 (15:11 +0000)]
nat: make tcp/udp/icmp packet counters consistent
TCP/UDP packets which are dropped are not counted towards TCP/UDP
counters. Apply same behaviour to ICMP packets.
Type: improvement
Signed-off-by: Klement Sekera <klement.sekera@gmail.com>
Change-Id: I487fa7135ac8e49431a621fac213638d2dab31c8
Filip Tehlar [Fri, 18 Feb 2022 09:20:15 +0000 (09:20 +0000)]
hsa: fix coverity warnings
Type: fix
Signed-off-by: Filip Tehlar <ftehlar@cisco.com>
Change-Id: I4ede67c901456d57e457c648d28153423d45fb41
Ray Kinsella [Fri, 18 Feb 2022 04:17:56 +0000 (04:17 +0000)]
perfmon: show distribution of uops delivered to frontend
Breakdown the distribution of uops delivered to the frontend.
Collerates directly with the source of the uops.
Type: improvement
Signed-off-by: Ray Kinsella <mdr@ashroe.eu>
Change-Id: I93a57dbe56dfa0f378527844aa4e63f45a548e55
Vladimir Ratnikov [Thu, 17 Feb 2022 09:55:35 +0000 (09:55 +0000)]
dpdk: support devargs for vmbus
Type: feature
Signed-off-by: Vladimir Ratnikov <vratnikov@netgate.com>
Change-Id: I2fd12a5b30aacdbaecb9156b829bfc06dfea377f
Neale Ranns [Fri, 18 Feb 2022 11:10:11 +0000 (11:10 +0000)]
fib: Use the VLIB logger for adjacency debugging
Type: improvement
remove the [un]lock logs, they are not useful.
Signed-off-by: Neale Ranns <neale@graphiant.com>
Change-Id: I903d3088b8ed9831f931208aeb6b6862a945550c
Artem Glazychev [Fri, 18 Feb 2022 05:23:20 +0000 (12:23 +0700)]
vnet: add set_max_frame_size callbacks for several interfaces
This is required after distinguishing between max_frame_size and MTU
Type: fix
Signed-off-by: Artem Glazychev <artem.glazychev@xored.com>
Change-Id: Ie642bee4e30ca76903bb8be5eeb6914c2c09bf35
Gabriel Oginski [Wed, 16 Feb 2022 12:32:53 +0000 (12:32 +0000)]
wireguard: fix passing null pointer
Type: fix
Fixed coverity-issue CID 248517.
Originally possibly passing null pointer to one function and
directly dereferences it.
This patch fixes the problem by add a new condition.
Signed-off-by: Gabriel Oginski <gabrielx.oginski@intel.com>
Change-Id: I02fc6fb5d1cfd6138ea4ba2b1946fd8a7ef34d3b
Neale Ranns [Thu, 17 Feb 2022 09:22:16 +0000 (09:22 +0000)]
tests: Consolidate the implementations of send_and_expect_X
Type: test
there were multiple instances of send_and_expect_load_balancing
and a send_and_expect_one_itf which has the same functionality as send_and_expect_one.
Put one implementation of both in framework.py (where the other send_and_X functions reside).
Signed-off-by: Neale Ranns <neale@graphiant.com>
Change-Id: I7f629d440220bee29368067f475059322e1134f7
Gabriel Oginski [Fri, 18 Feb 2022 08:05:00 +0000 (08:05 +0000)]
ipsec: fix vector after remove entry in spd
Originally after remove the policy entry in spd, macro "vec_del1"
can change localization of the last entry in vector and finally the
entry list has not been sorted.
This patch fixes this issue by change executed macro "vec_delete"
instead of "vec_del1".
Type: fix
Signed-off-by: Gabriel Oginski <gabrielx.oginski@intel.com>
Change-Id: I396591cbbe17646e1d243aedb4cdc272ed4d5e25
Jon Loeliger [Thu, 17 Feb 2022 18:42:19 +0000 (12:42 -0600)]
wireguard: Fix wireguard device name to use user-instance
If the user supplies an instance number when creating a wireguard
interface, it should be used in the device name. If no user-instance
is given, the device instnce (tunnel number) is used.
For example:
vpp# wireguard create instance 17 listen-port 23023 src 1.2.3.4
private-key MDEwMjAzMDQwNTA2MDcwODA5MTAxMTEyMTMxNDE1MTY=
wg17
Type: fix
Fixes:
edca1325cf296bd0f5ff422fc12de2ce7a7bad88
Signed-off-by: Jon Loeliger <jdl@netgate.com>
Change-Id: Ibf51868bf7b4b9e8a3f85557d05667207873bc91
Florin Coras [Thu, 17 Feb 2022 01:12:01 +0000 (17:12 -0800)]
tls http srtp: fix session index for listeners
Type: fix
Signed-off-by: Florin Coras <fcoras@cisco.com>
Change-Id: If5e6d0e8c686ea93674d6201c38b3a4d1c4786a5
Klement Sekera [Mon, 31 May 2021 14:08:53 +0000 (16:08 +0200)]
tests: make tests less make dependent
Implement command line argument parsing instead of passing arguments via
environment variables. Add script for running tests without having to
invoke make. Deprecate running tests via make.
Type: improvement
Change-Id: I2e3054a61a2ae25d460e9be00be7d7705fbf943e
Signed-off-by: Klement Sekera <ksekera@cisco.com>
Signed-off-by: Dave Wallace <dwallacelf@gmail.com>
Filip Tehlar [Wed, 2 Feb 2022 17:38:20 +0000 (17:38 +0000)]
vcl: add support for reconnect
Supported only when eventfd option is enabled.
Type: feature
Change-Id: Ic9d6e38604e978f7bc8e54d74fe9b8f3fc53622d
Signed-off-by: Filip Tehlar <ftehlar@cisco.com>
Neale Ranns [Thu, 17 Feb 2022 14:29:28 +0000 (14:29 +0000)]
ip: Move the IPv6 echo responder into the ping plugin
Type: refactor
To be consistent with the location of the IPv4 responder
Signed-off-by: Neale Ranns <neale@graphiant.com>
Change-Id: Ie3a5c3ecc10755317591d7ff57b74770c2798e77
Neale Ranns [Mon, 10 Jan 2022 11:21:17 +0000 (11:21 +0000)]
ipsec: Improve the handling of NAT-T keepalive messages
Type: improvement
Ethernet frames on the wire are a minimum of 64 bytes, so use the length in the UDP header to determine if the ESP payload is one bytes of the special SPI, rather than the buffer's size (which will include the ethernet header's padding).
In the case of drop advance the packet back to the IP header so the ipx-drop node sees a sane packet.
Signed-off-by: Neale Ranns <neale@graphiant.com>
Change-Id: Ic3b75487919f0c77507d6f725bd11202bc5afee8
Vyshakh Krishnan [Thu, 17 Feb 2022 04:32:25 +0000 (10:02 +0530)]
ping: fix incorrect index while clearing ping
Type: fix
Signed-off-by: Vyshakh Krishnan <vyshakh@rtbrick.com>
Change-Id: I0b085fd2d3d9b8e08a16585c4964101b6461bf06
akolechk [Wed, 16 Feb 2022 10:09:03 +0000 (12:09 +0200)]
dpdk: enable scatter on Rx for net/ena
Type: fix
Since commit https://github.com/DPDK/dpdk/commit/
e2a6d08bef489215ebb77b1d3033875ada757cfa
DPDK started advertising scattered Rx feature for elastic network adapters. Thus, dpdk
plugin doesn't have to disable it for ENA by default anymore
Signed-off-by: akolechk <akolechk@cisco.com>
Change-Id: I2d4f429be992e3c4edcc0c3adf8c55f3d5381631
Dastin Wilski [Thu, 3 Feb 2022 09:19:01 +0000 (09:19 +0000)]
af_xdp: change flag passed to bpf_set_link_xdp_fd
Originally XDP_FLAGS_REPLACE was passed to the function.
For kernels not defining this macro (for example 5.4) in if_link.h vpp
sets it to 0.
If kernel has this macro problem appears, replace flag requires
specifying the program to be replaced. bpf_set_link_xdp_fd wraps
around __bpf_set_link_xdp_fd_replace and passes 0 as old_fd, it leads to
an error while assessing for replacement (if 0 is passed
there is no assessing for replacement).
To address this issue no flag is passed to the function, only 0.
Type: improvement
Signed-off-by: Dastin Wilski <dastin.wilski@gmail.com>
Change-Id: I3689ce7eb8c71c699f0e589111929979c2bbe213
Neale Ranns [Tue, 15 Feb 2022 08:28:19 +0000 (08:28 +0000)]
fib: Use the same adjacency that BFD is using
Type: improvement
When the adj subsystem is notified of a BFD session, it attempts to find the appropriate adjacency from the session's key.
This could lead to a mismatch between the adj used by BFD and that of FIB. The BFD session stores the adj it is using, so FIB uses that instead.
Since adj is now using the same adj as BFD, it does not need to maintain its own locks.
In BFD it is necessary to initialise the adj index used in INVALID and ensure it is not unlock before listeners are notified of the session delete.
Signed-off-by: Neale Ranns <neale@graphiant.com>
Change-Id: I9630867b10bb18969475299a0c754942a8df0f44
Neale Ranns [Tue, 15 Feb 2022 08:24:48 +0000 (08:24 +0000)]
bfd: On a point to point link use the all zeros address for the peer.
Type: fix
The adjacency used is then the same one as that used by routes in the FIB and so the BFD protection/fast-failover works for thise route, since they are children of the BFD protected adjacency.
Signed-off-by: Neale Ranns <neale@graphiant.com>
Change-Id: I72e10b3074697cba8a002a4c1acf690983985157
Paul Atkins [Wed, 1 Dec 2021 13:13:16 +0000 (13:13 +0000)]
ipfix-export: pass ipv4 addr to format fn for show
When the ipfix address was changed to be an ip_address instead of
an ip4_address the output when creating an exporter via the cli
should have been modified to take the address of the v4 part of
the addr.
Type: fix
Signed-off-by: Paul Atkins <patkins@graphiant.com>
Change-Id: I141456cd9092c861a4c4aefba4035dbde23efcd6
mgovind [Wed, 16 Feb 2022 01:15:02 +0000 (01:15 +0000)]
crypto: Fix for the crash in crypto
Fix for the crash when both crypto_native_plugin and DPDK QAT
are enabled in startup conf.
Type: fix
Signed-off-by: mgovind <govindarajan.mohandoss@arm.com>
Change-Id: Ib020ed7130a99080a093c70c06d47bcacd6d23b1
fanxb [Tue, 15 Feb 2022 06:19:04 +0000 (14:19 +0800)]
quic: fix quic_config_fn cfg cmd parse error
Type:fix
Signed-off-by: fanxb <fxb_mail@163.com>
Change-Id: I244f6ddd0a34e82ababd375646d3bb194602b5d5
Neale Ranns [Tue, 15 Feb 2022 09:02:27 +0000 (09:02 +0000)]
tcp: Do not include the tcp_packet.h file in the ip4_packet.h
Type: refactor
IP4 does not depend on TCP (it's the other way around).
This upside down dependency leads to some nasty circular includes when trying to use ip46_address.h in interface.h
Signed-off-by: Neale Ranns <neale@graphiant.com>
Change-Id: I4a1bd21543b08b9c1cf1e5563da738414734a878
Klement Sekera [Mon, 14 Feb 2022 20:20:22 +0000 (20:20 +0000)]
bfd: add per session counters
Add udp total session counts - as stat segment entries:
/bfd/udp4/sessions
/bfd/udp6/sessions
and per session packet/byte counters:
/bfd/rx-session-counters
/bfd/rx-session-echo-counters
/bfd/tx-session-counters
/bfd/tx-session-echo-counters
These counters are per-thread and per-session id.
Adjust tests to verify proper function.
Type: refactor
Signed-off-by: Klement Sekera <klement.sekera@gmail.com>
Change-Id: Ie597928022b6ac74c2220019b9e8e1714295f170
Klement Sekera [Mon, 14 Feb 2022 20:19:28 +0000 (20:19 +0000)]
bfd: refactor code to fix misc warnings
This change fixes multiple unused parameter warnings, narrowing
conversion warnings and identical switch statement warnings.
Type: refactor
Signed-off-by: Klement Sekera <klement.sekera@gmail.com>
Change-Id: I4140e939c409ce06cc5aaaf5e1b042681f7ca448
Florin Coras [Sun, 13 Feb 2022 02:42:19 +0000 (18:42 -0800)]
srtp: flag connections for no session layer lookup
Type: fix
Signed-off-by: Florin Coras <fcoras@cisco.com>
Change-Id: Id78cdf742689a5cff356ac0aa3167af1c886b531
Rajith P R [Sat, 12 Feb 2022 06:45:23 +0000 (12:15 +0530)]
fib: fix incorrect display of mpls fib_index
Type: fix
Signed-off-by: Rajith P R <rajith@rtbrick.com>
Change-Id: I8c9c85081c27bfe7ee71b5b620a2a761e027789c
Florin Coras [Fri, 11 Feb 2022 04:58:21 +0000 (20:58 -0800)]
hsa: add http throughput test server app
Can be used for throughput testing over http. For instance, start
server:
http tps #implicitly listens on port 80
Then, to test throughput with curl:
curl <server_ip>/test_file_10g
curl <server_ip>/test_file_123m
Similarly, for https:
http tps uri tls://<server_ip>/443
curl -k <server_ip>/test_file_1g
Type: feature
Signed-off-by: Florin Coras <fcoras@cisco.com>
Change-Id: I30ab7f0d94a7357b3f04546e4a3d3c410a733908
Nathan Skrzypczak [Fri, 11 Feb 2022 10:19:58 +0000 (11:19 +0100)]
memif: Fix underflow
Type: fix
Change-Id: Id183c47328510b5db7ffcc7a4dfb41f5a3151399
Signed-off-by: Nathan Skrzypczak <nathan.skrzypczak@gmail.com>
Florin Coras [Fri, 11 Feb 2022 19:59:04 +0000 (11:59 -0800)]
http: fix support for files larger than u32
Type: fix
Signed-off-by: Florin Coras <fcoras@cisco.com>
Change-Id: Iad7304c3a8fef14ec85c4240714feb86637411ca
Florin Coras [Thu, 10 Feb 2022 21:51:10 +0000 (13:51 -0800)]
http: add startup configuration stanza
Support segment and fifo sizes for now.
Type: improvement
Signed-off-by: Florin Coras <fcoras@cisco.com>
Change-Id: Ie7242936de7a87df8a703eb371f665be5be4390d
Florin Coras [Thu, 10 Feb 2022 19:57:06 +0000 (11:57 -0800)]
session: use transport endpoint cfg for listen
Makes it similar to connects.
Type: improvement
Signed-off-by: Florin Coras <fcoras@cisco.com>
Change-Id: I38c328670054e1a9ba4dc4ea8fe7519a5a09e8be
Damjan Marion [Thu, 10 Feb 2022 14:01:03 +0000 (15:01 +0100)]
vlib: vlib frame bitmaps
Special bitmaps with VLIB_FRAME_SIZE bits.
Type: improvement
Change-Id: I48747e422e519e7b5e930fa720397459d3adbb8e
Signed-off-by: Damjan Marion <damarion@cisco.com>
Neale Ranns [Wed, 9 Feb 2022 13:30:37 +0000 (13:30 +0000)]
tests: Fix the FIB UT
Type: test
The FIB UT fails in debug mode because there is no string associated woth its fib_node_type_t.
Change the tests to register their own type, which will give it a name.
Signed-off-by: Neale Ranns <neale@graphiant.com>
Change-Id: I36e546718faa7241c088494cbae10939aca51d5a
Steven Luong [Wed, 9 Feb 2022 23:11:48 +0000 (15:11 -0800)]
stats: Remove unsolicited clib_warning
It is annoying to see unsolicited message like this spew out to the
console which an end-user cares less about.
vlib_stats_rename_symlink:301: RENAME new name: /nodes/unix-cli-local:52/clocks
Type: fix
Fixes: I92a62bb1cb799e8fdc3ec4110ae3428825254f8a
Signed-off-by: Steven Luong <sluong@cisco.com>
Change-Id: I071f3d3736c06cd95a38ec46c7e2222caad01283
Damjan Marion [Mon, 31 Jan 2022 16:42:44 +0000 (17:42 +0100)]
vppinfra: small optimization in clib_memset_u64
Type: improvement
Change-Id: I4b89c32c224caf8a3a4ac94b26ecefffd26c7038
Signed-off-by: Damjan Marion <damarion@cisco.com>
Damjan Marion [Thu, 10 Feb 2022 13:31:59 +0000 (14:31 +0100)]
vppinfra: clib_memcpy_may_overrun
Faster memcpy variant when overrun of up to SIMD register size - 1 is
accepable.
Type: improvement
Change-Id: I1fb22e2989f2156caa9f34fa096e6ff9ea9ec7b6
Signed-off-by: Damjan Marion <damarion@cisco.com>
Damjan Marion [Thu, 10 Feb 2022 14:23:15 +0000 (15:23 +0100)]
vppinfra:remove uXxY_is_greater
not needed, '>' works...
Type: improvement
Change-Id: I9bfbac787e8dca24e9b1bceda0922740eed26346
Signed-off-by: Damjan Marion <damarion@cisco.com>
Code Review / vpp.git / log