Benoît Ganne [Tue, 18 Jan 2022 14:56:41 +0000 (15:56 +0100)]
ipsec: fix AES CBC IV generation (CVE-2022-46397)
For AES-CBC, the IV must be unpredictable (see NIST SP800-38a Appendix
C). Chaining IVs like is done by ipsecmb and native backends for the
VNET_CRYPTO_OP_FLAG_INIT_IV is fully predictable.
Encrypt a counter as part of the message, making the (predictable)
counter-generated IV unpredictable.
Fixes: VPP-2037
Type: fix
Change-Id: If4f192d62bf97dda553e7573331c75efa11822ae
Signed-off-by: Benoît Ganne <bganne@cisco.com>
Andrew Yourtchenko [Fri, 7 Feb 2020 11:58:00 +0000 (12:58 +0100)]
misc: fix the MAKE_PARALLEL_JOBS for 'make verify' target
MAKE_PARALLEL_JOBS was prepending "-j", which in case of nested targets like "verify"
resulted in ninja being executed with "-j -j" flags.
Solution: prepend -j only at the moment of setting the MAKE_PARALLEL_FLAGS variable,
this keeps MAKE_PARALLEL_JOBS intact regardless of depth of the job call tree.
Type: make
Signed-off-by: Andrew Yourtchenko <ayourtch@gmail.com>
Change-Id: I10a69fe527758e5a862852a9f2102aeaca30e88f
(cherry picked from commit
56ac770df97065ea705ff2f3070055a410113b9f)
Neale Ranns [Mon, 16 Dec 2019 23:14:14 +0000 (23:14 +0000)]
fib: Adjacency walk fix for IPv6
Type: fix
Change-Id: Id3a1950e49d5eb1883af06a14df97e98f55162a8
Signed-off-by: Neale Ranns <nranns@cisco.com>
(cherry picked from commit
e7ee300923d23b6a6eab42676c8dcce85da89bed)
Ole Troan [Tue, 3 Sep 2019 18:58:08 +0000 (20:58 +0200)]
stats: memory leak with per-node-counters on
vlib_node_get_nodes() creates a duplicate node structure which was never freed.
Type: fix
Fixes:
1ddbc0138b
Signed-off-by: Ole Troan <ot@cisco.com>
Change-Id: Ib1200854937faaa694b398607d2f0ba65aa81c01
(cherry picked from commit
b6fde4a8bae474c6b73d08d223028f42e396d452)
Neale Ranns [Wed, 6 Nov 2019 11:17:54 +0000 (11:17 +0000)]
fib: Copy the prefix before use in case the underlying entry reallocs.
Type: fix
all other uses of the fib_entry_get_preifx in the code base don't pass
the prefix into recursive functions.
Change-Id: Ic1c56acd406a733b215ee2fd98b6bed58b490a4f
Signed-off-by: Neale Ranns <nranns@cisco.com>
(cherry picked from commit
320dfcf2aa8f4617b51a2bb15f3d0f93ee62d4dc)
Andreas Schultz [Mon, 15 Jul 2019 13:40:56 +0000 (15:40 +0200)]
vlib: convert frame_index into real pointers
The fast path almost always has to deal with the real
pointers. Deriving the frame pointer from a frame_index requires a
load of the 32bit frame_index from memory, another 64bit load of the
heap base pointer and some calculations.
Lets store the full pointer instead and do a single 64bit load only.
This helps avoiding problems when the heap is grown and frames are
allocated below vm->heap_aligned_base.
Type: refactor
Change-Id: Ifa6e6e984aafe1e2755bff80f0a4dfcddee3623c
Signed-off-by: Andreas Schultz <andreas.schultz@travelping.com>
Signed-off-by: Dave Barach <dave@barachs.net>
(cherry picked from commit
58b2eb1af562c292feb6d3cdce4656746e61da75)
Dave Wallace [Tue, 29 Oct 2019 04:33:57 +0000 (00:33 -0400)]
VPP 19.04.3 docs build info
Change-Id: I6f7387f8a79fa4288bc125404b40ebaa44f55fcf
Signed-off-by: Dave Wallace <dwallacelf@gmail.com>
Dave Wallace [Tue, 29 Oct 2019 02:43:28 +0000 (22:43 -0400)]
19.04.3 Release Notes
Signed-off-by: Dave Wallace <dwallacelf@gmail.com>
Change-Id: I43a236be5289c50dafbede08beabe4c09ff3c892
juraj.linkes [Wed, 14 Aug 2019 09:11:33 +0000 (11:11 +0200)]
ebuild: Unite default build platform to vpp
Top level makefile is using vpp as the default platform. The other place
where platform is specified has native as the default. Unite them to the
only currently supported platform - vpp.
Type: make
Change-Id: Idb12ccc3056dd6be640a2d6763dc30e4f789d2ac
Signed-off-by: juraj.linkes <juraj.linkes@pantheon.tech>
(cherry picked from commit
664ec91fdea75c90c3b9c8086a9a97df32a6f91b)
Dave Barach [Tue, 23 Jul 2019 14:22:31 +0000 (10:22 -0400)]
vlib: address vlib_error_t scaling issue
Encoding the vpp node index into the vlib_error_t as a 10-bit quantity
limits us to 1K graph nodes. Unfortunately, a few nodes need 6 bit
per-node error codes. Only a very few nodes have so many counters.
It turns out that there are about 2K total error counters in the system,
which is (approximately) the maximum error heap index.
The current (index,code) encoding limits the number of interfaces to
around 250, since each interface has two associated graph nodes and we
have about 500 "normal, interior" graph node
This patch adds an error-index to node-index map, so we can store
error heap indices directly in the vlib_buffer_t.
Type: refactor
Change-Id: I28101cad3d8750819e27b8785fc0cf71ff54f79a
Signed-off-by: Dave Barach <dave@barachs.net>
(cherry picked from commit
687c9021fda009caa2b7eb17bea2eaa51d275bde)
Steven Luong [Wed, 23 Oct 2019 20:28:37 +0000 (13:28 -0700)]
devices: vhoost cpu->copy array overflow on tcp jumbo frame (65535 bytes)
We reserve 40 slots in cpu->copy array prior to copy out to avoid overflowing
the array. However, 40 is not enough for the jumbo frame because desceiptor
buffer len is likely at 1536. Change the reserve to 200 and add ASSERT to avoid
encountering the same problem in the future.
Type: fix
Signed-off-by: Steven Luong <sluong@cisco.com>
Change-Id: Ibf0c03c4b4f33e781d5be8679ccd6c3a4b4a646d
(cherry picked from commit
7331005c16d0e1499080899b2a0676a0cd945595)
Steven Luong [Wed, 23 Oct 2019 15:35:43 +0000 (08:35 -0700)]
lacp: add actor steady state check prior to skip processing lacp pdu
In a rare event, we may be skipping processing lacp pdu's when the it is
not in steady state.
Type: fix
Signed-off-by: Steven Luong <sluong@cisco.com>
Change-Id: I0872c49e10bbd3538398030a2aa0fa4c3b7e9426
Neale Ranns [Mon, 14 Oct 2019 15:52:43 +0000 (08:52 -0700)]
fib: recursive calculation leads to delegate pool realloc
Type: fix
Change-Id: Ib7ac53d1b59b641ccd3b1d733107d7f1ba174314
Signed-off-by: Neale Ranns <nranns@cisco.com>
(cherry picked from commit
a66020becd7d01eefea55244cbcf5df9679a9443)
Steven Luong [Wed, 2 Oct 2019 14:33:48 +0000 (07:33 -0700)]
devices: vhost not reading packets from vring
In a rare event, after the vhost protocol message exchange has finished and
the interface had been brought up successfully, the driver MAY still change
its mind about the memory regions by sending new memory maps via
SET_MEM_TABLE. Upon processing SET_MEM_TABLE, VPP invalidates the old memory
regions and the descriptor tables. But it does not re-compute the new
descriptor tables based on the new memory maps. Since VPP does not have the
descriptor tables, it does not read the packets from the vring.
In the normal working case, after SET_MEM_TABLE, the driver follows up with
SET_VRING_ADDRESS which VPP computes the descriptor tables.
The fix is to stash away the descriptor table addresses from
SET_VRING_ADDRESS. Re-compute the new descriptor tables when processing
SET_MEM_TABLE if descriptor table addresses are known.
Type: fix
Ticket: VPP-1784
Signed-off-by: Steven Luong <sluong@cisco.com>
Change-Id: I3361f14c3a0372b8d07943eb6aa4b3a3f10708f9
Steven Luong [Fri, 4 Oct 2019 21:18:37 +0000 (14:18 -0700)]
bonding: traffic traversing the wrong interface
Missing an increment in the while loop. Hashes not stored in the array.
Type: fix
Signed-off-by: Steven Luong <sluong@cisco.com>
Change-Id: I603027f5a7305478f48a102ac8035ffde9102c53
Ed Kern [Tue, 17 Sep 2019 19:19:42 +0000 (13:19 -0600)]
build: fix rpm python 3 depends
Type: fix
Change-Id: Ie6eaccb27779bb14c0a23764a16cd22f0a72e379
Signed-off-by: Ed Kern <ejk@cisco.com>
Damjan Marion [Fri, 6 Sep 2019 12:24:36 +0000 (14:24 +0200)]
dpdk: initialize rte_mbuf during mempool dequeue
In some cases it may happen that buffer is allocated by DPDK, and freed
by VPP native code. In such cases dpdk metadata is not reset, so we need
to do that during mempool dequeue. Template approach is taken to reduce
cost of that operation.
Type: fix
Fixes:
910d369
Change-Id: Ic239007cfc8fbceb965021c56963cda9d53f63be
Signed-off-by: Damjan Marion <damarion@cisco.com>
Matthew Smith [Tue, 3 Sep 2019 21:45:33 +0000 (16:45 -0500)]
ethernet: fix dmac check avx2 loop condition
In eth_input_process_frame(), a loop which checks the destination
MAC address of received packets had a different condition for avx2
than it did for the non-avx2 version of the loop. It could result
in one unnecessary execution of the loop body after all packets
had been processed.
Type: fix
Fixes:
8d6f34e2b1cbfde5702e88686631527d5e1e10a0
Change-Id: Ib673f45917a0dea461987fdc8f0ca318b749fb1a
Signed-off-by: Matthew Smith <mgsmith@netgate.com>
(cherry picked from commit
a6d4e3135b70db1b1df3f8852e1e229d13c24e72)
Steven Luong [Fri, 30 Aug 2019 17:49:44 +0000 (10:49 -0700)]
tap: interface rx counter not increment correct
vlib_increment_combined_counter takes sw_if_index, not hw_if_index. Using
hw_if_index may work as long as there is no subinterface created to cause
hw_if_index and sw_if_index to differ.
Type: fix
Ticket: VPP-1759
Signed-off-by: Steven Luong <sluong@cisco.com>
Change-Id: I6db042186eeeacf32250f7ef261af8cd6f5ce56e
(cherry picked from commit
efa119db3910e77f79eb005c67f8c01b473b40a1)
Steven Luong [Thu, 25 Jul 2019 04:16:09 +0000 (21:16 -0700)]
bonding: incorrect RX counters for bond interface
show interface does not display the RX counters for the bond
interfaces. It displays rx-no-buf instead.
The problem is VNET_INTERFACE_COUNTER_RX is a combined counter,
not a simple counter. Change the code to use
vlib_increment_combined_counter passing it with n_rx_packets and
n_rx_bytes.
Type: fix
Ticket: VPP-1757
Change-Id: I8121ad7e546447049fa13da62481b6c8f5575bec
Signed-off-by: Steven Luong <sluong@cisco.com>
(cherry picked from commit
c94afaade0a8fec724d051a202591f5b37dd0f49)
Steven Luong [Mon, 26 Aug 2019 17:09:44 +0000 (10:09 -0700)]
avf: properly set irq queue masks
Manual port from master due to conflict.
Type: fix
Ticket: VPP-1755
Signed-off-by: Steven Luong <sluong@cisco.com>
Change-Id: Ieb1211f828e60e2bd9e038009939248761cb8370
Neale Ranns [Sun, 4 Aug 2019 10:30:56 +0000 (03:30 -0700)]
ip tests: Fixes and UT for MPLS 6PE
Type: fix
Change-Id: I48650473591aa181167cf3a86ed2f5da58a81072
Signed-off-by: Neale Ranns <nranns@cisco.com>
John Lo [Sat, 3 Aug 2019 18:36:39 +0000 (14:36 -0400)]
ip: fix ip6/udp checksum for pkts using buffer chaining
Fix ip6_tcp_udp_icmp_compute_checksum to work properly for packets
with multiple buffers.
Fix ip4_tcp_udp_compute_checksum to exit upon detecting error.
Type: fix
Signed-off-by: John Lo <loj@cisco.com>
Change-Id: I673547f4479d72cd60757383343fc562cff10265
(cherry picked from commit
3bc6bc21fb79a9da4ec674f5e6a3303e7e2be625)
Neale Ranns [Mon, 29 Jul 2019 12:45:27 +0000 (12:45 +0000)]
fib: Add some path-list flags to its key
Type: fix
Ticket: 1729
The flags that are permanently set on a path-list should form part of
its key in the path-list DB. Otherwise, if shared, they will not behave
as expected.
Change-Id: I0aa7c7c5d270c97b08014e4a47ddbdcee2358706
Signed-off-by: Neale Ranns <nranns@cisco.com>
(cherry picked from commit
80d1ef96f92c15f4fd357af9845a0a3c602c2ffe)
Dave Wallace [Wed, 24 Jul 2019 20:57:48 +0000 (16:57 -0400)]
19.04.2 Release Notes
Change-Id: I1ee3909e042e56fd4caf3732762e9a9276aa6db1
Signed-off-by: Dave Wallace <dwallacelf@gmail.com>
Dave Barach [Tue, 23 Jul 2019 20:28:36 +0000 (16:28 -0400)]
api: binary api cleanup
Multiple API message handlers call vnet_get_sup_hw_interface(...)
without checking the inbound sw_if_index. This can cause a
pool_elt_at_index ASSERT in a debug image, and major disorder in a
production image.
Given that a number of places are coded as follows, add an
"api_visible_or_null" variant of vnet_get_sup_hw_interface, which
returns NULL given an invalid sw_if_index, or a hidden sw interface:
- hw = vnet_get_sup_hw_interface (vnm, sw_if_index);
+ hw = vnet_get_sup_hw_interface_api_visible_or_null (vnm, sw_if_index);
if (hw == NULL || memif_device_class.index != hw->dev_class_index)
return clib_error_return (0, "not a memif interface");
Rename two existing xxx_safe functions -> xxx_or_null to make it
obvious what they return.
Type: fix
Change-Id: I29996e8d0768fd9e0c5495bd91ff8bedcf2c5697
Signed-off-by: Dave Barach <dave@barachs.net>
(cherry picked from commit
3940de36728b768574a3e998389bb90d55f690d1)
Steven Luong [Fri, 19 Jul 2019 01:38:52 +0000 (18:38 -0700)]
devices: vhost handling VHOST_USER_SET_FEATURES
Some combinations of new qemu (2.11) and old dpdk (16.10) may
send VHOST_USER_SET_FEATURES at the end of the protocol exchange
which the vhost interface is already declared up and ready.
Unfortunately, the process of VHOST_USER_SET_FEATURES will cause
the interface to go down. Not sure if it is correct or needed.
Because there is no additional messages thereafter, the hardware
interface stays down.
The fix is to check the interface again at the end of processing
VHOST_USER_SET_FEATURES. If it is up and ready, we bring back
the hardware interface.
Type: fix
Change-Id: I490cd03820deacbd8b44d8f2cb38c26349dbe3b2
Signed-off-by: Steven Luong <sluong@cisco.com>
(cherry picked from commit
545866b5b3115b7de114bdb7883f5ece59b702d4)
Dave Barach [Fri, 19 Jul 2019 21:40:18 +0000 (17:40 -0400)]
api: Disable tracing of memclnt_keepalive messages
A waste of binary API trace space; an otherwise idle control-plane
will eventually fill the api trace buffer with them.
Type: fix
Ticket: VPP-1725
Change-Id: Id8338ea4070cd76481595005986efc558f0694e6
Signed-off-by: Dave Barach <dave@barachs.net>
Mohsin Kazmi [Fri, 12 Jul 2019 11:18:16 +0000 (13:18 +0200)]
gso: Fix the l3 packet gso segment size
Type: fix
Ticket: VPP-1721
Change-Id: I7a5d4f1440048ddc9f599ac11d06e5a7df20440e
Signed-off-by: Mohsin Kazmi <sykazmi@cisco.com>
(cherry picked from commit
0f09a47f10e29cabeb98f571e5c4f0c18a54564d)
Andrew Yourtchenko [Thu, 18 Jul 2019 11:03:34 +0000 (11:03 +0000)]
misc: 19.01.3 Release Notes
Type: docs
Change-Id: I3f9d243d6f5d99faea67c24c9bf5c42c7a4dc3b0
Signed-off-by: Andrew Yourtchenko <ayourtch@gmail.com>
Neale Ranns [Wed, 10 Jul 2019 08:47:15 +0000 (01:47 -0700)]
ip: Punt node does not free iovecs
Type: fix
Fixes:
f7a55ad74c
Change-Id: Ic3474e746887f880a8f6246bebc399715bac8e80
Signed-off-by: Neale Ranns <nranns@cisco.com>
Neale Ranns [Wed, 10 Jul 2019 13:46:21 +0000 (13:46 +0000)]
ipsec: Revert "IPSEC: remove byte swap operations in DP during SPD classify"
Type: fix
Fixes:
231c4696872cb344f28648949603840136c0795d
This reverts commit
231c4696872cb344f28648949603840136c0795d.
Change-Id: I136344555983dd10a31dbc000ee40e2de2c91291
Signed-off-by: Neale Ranns <nranns@cisco.com>
Neale Ranns [Thu, 11 Jul 2019 09:31:19 +0000 (09:31 +0000)]
ipsec: Revert "IPSEC: remove double byte swap of IP addresses"
This reverts commit
9b208ced585d3b4620d6fde586cd047fe2027ecf.
Type: fix
Fixes:
9b208ced585d3b4620d6fde586cd047fe2027ecf
Change-Id: I94a17039b4727bff0877423da5ba6cfceb188b17
Signed-off-by: Neale Ranns <nranns@cisco.com>
(cherry picked from commit
d2029bc9c5947a8a676208bada9386e07ec16c97)
Dave Barach [Mon, 8 Jul 2019 12:38:26 +0000 (08:38 -0400)]
VPP-1718: fix dangling reference to stats seg directory
Change-Id: If6da62e5a49064ba27a3e0bb6e5d31b9b4d04ea3
Signed-off-by: Dave Barach <dave@barachs.net>
Florin Coras [Tue, 16 Apr 2019 18:27:54 +0000 (11:27 -0700)]
dlmalloc: honor 8 byte alignment requests
Change-Id: Ie504603c2e42cae3ad592952b2b166919420e5f7
Signed-off-by: Florin Coras <fcoras@cisco.com>
(cherry picked from commit
f5dc9fbf814865b31b52b20f5bf959e9ff818b25)
Florin Coras [Fri, 28 Jun 2019 16:18:48 +0000 (09:18 -0700)]
tcp: reject out-of-order fins
Type:fix
Change-Id: Iab2c308739f7733dbf70953e0ea87dcc404c60da
Signed-off-by: Florin Coras <fcoras@cisco.com>
(cherry picked from commit
f73d4c2084c9cb6df4a1f8582acef523e4ba0cb2)
Florin Coras [Fri, 28 Jun 2019 16:41:28 +0000 (09:41 -0700)]
tcp: fix close-waiting check for outstanding tx data
Type: fix
Change-Id: I9e0e1bb933c38b17ac9fb8bf11b81e2fed021bf8
Signed-off-by: Florin Coras <fcoras@cisco.com>
(cherry picked from commit
182bbc1c5ab3d8607153dd19f0a24baaf5cbfc88)
Filip Tehlar [Thu, 20 Jun 2019 23:53:43 +0000 (23:53 +0000)]
avf: fix clear hw stats
AVF plugin is missing a handler for clearing stats. This patch will
implement it.
Ticket: VPP-1701
Type: fix
Change-Id: If4b4354da442065896bb001deda23f64ddc18fb4
Signed-off-by: Filip Tehlar <ftehlar@cisco.com>
Damjan Marion [Mon, 17 Jun 2019 20:55:44 +0000 (22:55 +0200)]
avf: fix adminq enqueue errors
Type: fix
Fixes:
b4ff07a
Change-Id: I2578ae3e093961fa8765568b5fedcf75ae9487f6
Signed-off-by: Damjan Marion <damarion@cisco.com>
(cherry picked from commit
39488c8d3064f8940ec4f826629ebb700649e6b5)
Ole Troan [Fri, 21 Jun 2019 14:07:06 +0000 (16:07 +0200)]
stats: fix memory leakage when adding / deleting interfaces
This fixes two leaks in registering errors in the stats segment.
- The error name created by vlib_register_errors() was not freed.
- Duplicate error names (when interface readded) was added to the vector.
Change-Id: If5fe371e8059cf6678fc785cbf673707b4f4a655
Type: fix
Signed-off-by: Ole Troan <ot@cisco.com>
Andrew Yourtchenko [Wed, 19 Jun 2019 12:09:51 +0000 (12:09 +0000)]
interface: fix the incorrect sizes/offsets in the tso segmentation
The copying of the first segment copied too small amount of data.
The copying of the second and subsequent segments used the wrong
data offset - for the case of GSO enabled it starts from 12 bytes
earlier.
Change-Id: I3adc532c175babc1ca1e121c7e12e6cafbdb9974
Type: fix
Ticket: VPP-1700
Signed-off-by: Andrew Yourtchenko <ayourtch@gmail.com>
(cherry picked from commit
4f740c8f0085c0cd576744c00bf50a9d9b111470)
Wei CHEN [Tue, 9 Apr 2019 04:38:40 +0000 (12:38 +0800)]
vppinfra: dlmalloc records wrong offset for tracing
Fix a bug that mheap_get_trace is called with the wrong pointer when
mspace_get_aligned allocates a chunk with alignment greater than 16
but less than 4k.
Type: fix
Change-Id: Ic3b91fc9532248482662f019bbfa073da18645ed
Signed-off-by: Wei CHEN <weichen@astri.org>
(cherry picked from commit
5e282e93ad9f961d332cac9a033be33542979848)
Steven Luong [Wed, 12 Jun 2019 05:44:20 +0000 (22:44 -0700)]
acl vnet vlib: memory leaks
Fix memory leaks in acl, vnet, and vlib components.
Type: fix
Change-Id: I61c84ebbacbbf3215db0d4aaa7699e8d5f8df2da
Signed-off-by: Steven Luong <sluong@cisco.com>
(cherry picked from commit
4221c8de596f3f3f66b4cbb36ad2d0c23486030c)
Dave Barach [Mon, 17 Jun 2019 16:41:19 +0000 (12:41 -0400)]
vppinfra: optimize elog_string
Add a string hash to make sure that strings in the string table are
unique. This optimization has been coded piecemeal in multiple places,
we should have made the underlying function do the work years ago.
Ticket: VPP-1707
Type: fix
Change-Id: I5010fd4926b9b80ce3a168748f6de64e333ef498
Signed-off-by: Dave Barach <dave@barachs.net>
Dave Barach [Mon, 17 Jun 2019 12:28:16 +0000 (08:28 -0400)]
vlib: cherry-pick "memory-trace stats-segment"
and "leak-check { <debug-cli-cmd> }"
Ticket: VPP-1703
Type: feature
Change-Id: Ie020fd7e2618284a63efbeb9895068f27c0fb9ab
Signed-off-by: Dave Barach <dave@barachs.net>
Filip Varga [Tue, 11 Jun 2019 08:45:21 +0000 (10:45 +0200)]
NAT: interface fib fix (VPP-1691)
Change-Id: I2d1e2addb2e440c23c255ac7709169f7909cb0be
Signed-off-by: Filip Varga <fivarga@cisco.com>
Steven Luong [Wed, 5 Jun 2019 05:29:39 +0000 (22:29 -0700)]
avf: enable promiscuous mode
In order to receive multicast packets from the VF interface, promiscuos
mode must be enable.
Type: fix
Fixes:
b4ff07a
Change-Id: I549bc37a05895d3355f2832c200e9262c95a27b5
Signed-off-by: Steven Luong <sluong@cisco.com>
(cherry picked from commit
607a23a1753ee8dc7e9150f09bb376553ed62639)
Dave Barach [Fri, 10 May 2019 12:38:25 +0000 (08:38 -0400)]
Fix stat seg average vector rate computation
Add the number of worker threads and per worker thread vector rates to
the stats segment.
Change-Id: I3040108ec9fcdf5fdb6b9a950060dea9b3c88fd1
Signed-off-by: Dave Barach <dbarach@cisco.com>
Signed-off-by: Dave Barach <dave@barachs.net>
(cherry picked from commit
f89a6de8f032536080c4a11b267bf921093d3740)
Florin Coras [Thu, 23 May 2019 13:19:09 +0000 (06:19 -0700)]
tcp: handle disconnects in rcv-process
Change-Id: I005f96480e81f3e750c18261e78d0e401da7528e
Signed-off-by: Florin Coras <fcoras@cisco.com>
(cherry picked from commit
79fdfd61245a112ff08f5c3bc3fb1afd5db55fb9)
Dave Barach [Fri, 31 May 2019 12:41:34 +0000 (08:41 -0400)]
VPP-1692: move NULL pointer check
TBH, this looks like merge damage or some such. Perfectly fine NULL pointer
check, about three lines after it was needed.
Change-Id: I52831062e30533a59fb76b644ee5ae389676d2ae
Signed-off-by: Dave Barach <dave@barachs.net>
Dave Wallace [Wed, 29 May 2019 21:34:59 +0000 (17:34 -0400)]
19.04.1 Release Notes
Change-Id: I2a69b29b9ecea2bfdf1832c184c7e63058a33b94
Signed-off-by: Dave Wallace <dwallacelf@gmail.com>
Florin Coras [Fri, 24 May 2019 05:28:16 +0000 (22:28 -0700)]
tcp: handle fin+rst in same frame
Change-Id: Ie7a6c7b92a6beeb356f01384216a4982fb3d420e
Signed-off-by: Florin Coras <fcoras@cisco.com>
Steven Luong [Thu, 23 May 2019 00:57:25 +0000 (17:57 -0700)]
tap: crash in multi-thread environment
In tap tx routine, virtio_interface_tx_inline, there used to be an
interface spinlock to ensure packets are processed in an orderly fashion
clib_spinlock_lock_if_init (&vif->lockp);
When virtio code was introduced in 19.04, that line is changed to
clib_spinlock_lock_if_init (&vring->lockp);
to accommodate multi-queues.
Unfortunately, althrough the spinlock exists in the vring, it was never
initialized for tap, only for virtio. As a result, many nasty things can
happen when running tap interface in multi-thread environment. Crash is
inevitable.
The fix is to initialize vring->lockp for tap and remove vif->lockp as it
is not used anymore.
Change-Id: Ibc8f5c8192af550e3940597c06992dfdaccb4c49
Signed-off-by: Steven Luong <sluong@cisco.com>
Mohsin Kazmi [Fri, 10 May 2019 15:28:28 +0000 (17:28 +0200)]
Tap: Fix the indirect buffers allocation VPP-1660
Indirect buffers are used to store indirect descriptors
to xmit big packets.
This patch moves the indirect buffer allocation from
interface creation to device node. Now it allocates
or deallocates buffers during tx for chained buffers.
Change-Id: I55cec208a2a7432e12fe9254a7f8ef84a9302bd5
Signed-off-by: Mohsin Kazmi <sykazmi@cisco.com>
Andrew Yourtchenko [Fri, 17 May 2019 14:35:08 +0000 (14:35 +0000)]
19.01.2 Release Notes
Change-Id: Ia68372d397504ede789e40e9f7e1b939d09bc81a
Signed-off-by: Andrew Yourtchenko <ayourtch@gmail.com>
Andrew Yourtchenko [Wed, 1 May 2019 13:39:25 +0000 (15:39 +0200)]
ipsec-mb: fix the "make test" on non-AESNI platforms
"make test" fails with invalid instruction on non-AESNI platform,
so do not register the ipsec-mb crypto backend in this case.
Change-Id: I61887e40ce3d39880e7da534b9dee00fd677d8fd
Signed-off-by: Andrew Yourtchenko <ayourtch@gmail.com>
(cherry picked from commit
c74009dce1b2f1466112775a68a5608d754c7c76)
Sergio Gonzalez Monroy [Mon, 6 May 2019 20:44:14 +0000 (22:44 +0200)]
dpdk-ipsec: fix encrypt/decrypt single queue
When the same worker thread processes packet for encrypt and decrypt,
ie. single worker with bi-directional traffic, given that the queue is
shared results in packets to be decrypted being dropped as the encrypt
always happens first for each main loop.
With this change, each crypto device queue is logically split into two
queues, each half the real size, avoiding the described problem.
Change-Id: Ifd3f15e316c92fbd6ca05802456b10a7f73f85da
Signed-off-by: Sergio Gonzalez Monroy <sgmonroy@gmail.com>
(cherry picked from commit
d8a34a57b12200000bb42d1c55f1a99a0a473f4b)
Benoît Ganne [Tue, 14 May 2019 09:11:16 +0000 (11:11 +0200)]
rpm: VPP-1674: exclude external headers from rpm
External libraries headers such as DPDK, libibverb, quicly, etc. should
not be packaged in vpp-dev RPM.
Only package headers from vpp/ and vom/ subdirs.
Change-Id: Ief1454bd1261c8cf4dcd3b105e28f6852439e896
Signed-off-by: Benoît Ganne <bganne@cisco.com>
Dave Wallace [Tue, 23 Apr 2019 19:29:50 +0000 (15:29 -0400)]
plugins: clean up plugin descriptions
- Make plugin descriptions more consistent
so the output of "show plugin" can be
used in the wiki.
Change-Id: I4c6feb11e7dcc5a4cf0848eed37f1d3b035c7dda
Signed-off-by: Dave Wallace <dwallacelf@gmail.com>
(cherry picked from commit
1d1985de91833a5483a6b7ee96ef4090d530a7a6)
Florin Coras [Thu, 9 May 2019 21:11:38 +0000 (14:11 -0700)]
session: fix segment size rounding and size init
Change-Id: Iceb2a46802ed13f319cb16f1df236b11dc3c00f6
Signed-off-by: Florin Coras <fcoras@cisco.com>
Steven Luong [Thu, 25 Apr 2019 18:19:49 +0000 (11:19 -0700)]
mp_safe SW_INTERFACE_DUMP, SW_INTERFACE_DETAILS, SW_INTERFACE_TAG_ADD_DEL,
BRIDGE_DOMAIN_DUMP, CONTROL_PING, CONTROL_PING_REPLY, and show interface CLI
Change-Id: I2927573b66bb5dd134b37ffb72af0e6676750917
Signed-off-by: Steven Luong <sluong@cisco.com>
(cherry picked from commit
15c31921a628c5500cbed2ebc588d7ddbaa970a3)
Dave Barach [Tue, 23 Apr 2019 14:07:24 +0000 (10:07 -0400)]
Clean up multi-thread barrier-sync hold-down timer
Main thread: don't bother with the barrier sync hold-down timer if
none of the worker threads are busy.
Worker threads: avoid epoll_pwait (10ms timeout) when the
control-plane has been active in the last half-second.
Change-Id: I82008d09968c65e2a4af0ebb7887389992e60603
Signed-off-by: Dave Barach <dave@barachs.net>
(cherry picked from commit
9ae190e9d228bfc1358482d4f07da1f4cfd41c90)
Dave Wallace [Tue, 30 Apr 2019 13:38:12 +0000 (09:38 -0400)]
DOCS: Add link to 19.04 make test documentation
Change-Id: Iffa44b6a20f8446c94f8412e937ca40273aa8f2f
Signed-off-by: Dave Wallace <dwallacelf@gmail.com>
Ole Troan [Mon, 29 Apr 2019 11:38:52 +0000 (13:38 +0200)]
stats: Add version defines in stat_client.h
Change-Id: I9894a0c613b0486112623920d49371ceec9e6111
Signed-off-by: Ole Troan <ot@cisco.com>
Mohsin Kazmi [Thu, 25 Apr 2019 12:54:32 +0000 (14:54 +0200)]
tap: Fix the indirect buffer allocation VPP-1660
Change-Id: I73f76c25754f6fb14a49ae47b6404f3cbabbeeb5
Signed-off-by: Mohsin Kazmi <sykazmi@cisco.com>
Neale Ranns [Wed, 24 Apr 2019 00:57:55 +0000 (20:57 -0400)]
IPSEC; dpdk backend for tunnel interface encryption (VPP-1662)
Change-Id: Ide2a9df18db371c8428855d7f12f246006d7c04c
Signed-off-by: Neale Ranns <nranns@cisco.com>
Dave Wallace [Mon, 22 Apr 2019 21:49:09 +0000 (17:49 -0400)]
VPP 19.04 Release Notes
Change-Id: I66b35c7c03303bc7200c01e9da926bce778b2d6b
Signed-off-by: Dave Wallace <dwallacelf@gmail.com>
Igor Mikhailov (imichail) [Mon, 22 Apr 2019 22:50:46 +0000 (15:50 -0700)]
RH7/Centos7: remove python-ply as it is not needed
Also remove double required packages
Change-Id: Ifcc7c9c0a4ce62d89a246019147d194610f5167a
Signed-off-by: Igor Mikhailov (imichail) <imichail@cisco.com>
Florin Coras [Mon, 22 Apr 2019 16:49:10 +0000 (09:49 -0700)]
vlib epoll: handle file removal on EPOLLIN VPP-1656
Change-Id: I7a3526a8fdf17afb8cc2225bdfbd57f661680992
Signed-off-by: Florin Coras <fcoras@cisco.com>
Dave Wallace [Sun, 21 Apr 2019 22:20:18 +0000 (18:20 -0400)]
Sphinx docs: Fix security vulnerability (VPP-1655)
Change-Id: I9b11d15866d708eb843936ebfd120940d284a2de
Signed-off-by: Dave Wallace <dwallacelf@gmail.com>
Dave Wallace [Thu, 18 Apr 2019 22:03:22 +0000 (18:03 -0400)]
DOCS-ONLY: Fix broken doxygen tag in BVI
Change-Id: Ia42e7c93ebe51a36470f1358827451bcb98da433
Signed-off-by: Dave Wallace <dwallacelf@gmail.com>
(cherry picked from commit
3b62e29c3adc8e4114cb10dc794f4b3f814015b0)
Neale Ranns [Fri, 19 Apr 2019 02:49:13 +0000 (19:49 -0700)]
IPSEC: IPv6 ESP transport mode incorrect packet length and checksum (VPP-1654)
Change-Id: Ia3474e5bfea5764eae9b2987bf78296535df6778
Signed-off-by: Neale Ranns <nranns@cisco.com>
Neale Ranns [Fri, 19 Apr 2019 00:18:12 +0000 (17:18 -0700)]
IPSEC: ESP IPv6 transport mode payload length incorrect (VPP-1653)
Change-Id: I8977100d7a22b50260858bd1ea9db419b53284ff
Signed-off-by: Neale Ranns <nranns@cisco.com>
Florin Coras [Thu, 18 Apr 2019 17:04:03 +0000 (10:04 -0700)]
vlib epoll: protect against clib file pool expansion
Change-Id: I320e7c2fdacb3056bc448c73fec08d9e2978ee5e
Signed-off-by: Florin Coras <fcoras@cisco.com>
(cherry picked from commit
c67078e007c8a9b91def387ba345efa805e45fc5)
Dave Wallace [Thu, 18 Apr 2019 16:07:54 +0000 (12:07 -0400)]
Fix list_api_changes script to start at v19.04-rc0
- Update Release Notes with correct output.
Change-Id: Iaa1a1cd6d166ff6894ebbd3758446d90b46cef7c
Signed-off-by: Dave Wallace <dwallacelf@gmail.com>
Artem Belov [Thu, 18 Apr 2019 07:30:43 +0000 (07:30 +0000)]
Fix memory corruption faulting [VPP-1639]
File pool may be reallocated on epoll events processing.
*f* pointer shows to already freed address and corrupting
memory chunk on clib_file_t property change.
Change-Id: I751bddce27325452862b939c1a3eec2ccd9b71bb
Signed-off-by: Artem Belov <artem.belov@xored.com>
Signed-off-by: Ed Warnicke <hagbard@gmail.com>
Neale Ranns [Thu, 18 Apr 2019 09:42:20 +0000 (09:42 +0000)]
FIB: recursion casues path realloc
Change-Id: Ie9c2954eee90ca1a1fc1aa8280f93b2340b544c1
Signed-off-by: Neale Ranns <nranns@cisco.com>
Neale Ranns [Wed, 17 Apr 2019 23:29:00 +0000 (16:29 -0700)]
IPSEC: tunnel rekey fix and test (VPP-1652)
Change-Id: I1c2b3e40c689bedcdcea7887792b6b6b6aeb48d5
Signed-off-by: Neale Ranns <nranns@cisco.com>
Neale Ranns [Tue, 16 Apr 2019 21:39:37 +0000 (21:39 +0000)]
crypto-ipsecmb: enable GCM
Change-Id: I670d7899bcc63a419daf481167dc445a6386cce8
Signed-off-by: Neale Ranns <nranns@cisco.com>
(cherry picked from commit
d8cfbebce78e26a6ef7f6693e7c90dc3c6435d51)
Dave Barach [Wed, 17 Apr 2019 21:27:31 +0000 (17:27 -0400)]
Use template-specific key compare fn when deleting records
A simple memcmp won't work when comparing pointer-keys, such as those
used by the bihash_vec8_8.h template.
Change-Id: I77e59f3fd7f7740ef42908ace90ed4843e1c9ac7
Signed-off-by: Dave Barach <dave@barachs.net>
(cherry picked from commit
a11bf45b1aba14246cc1259fff1dfb8e9c60581f)
Dave Wallace [Wed, 17 Apr 2019 21:28:45 +0000 (17:28 -0400)]
Doxygen cleanup.
- Add subpages definitions in appropriate
section (User or Dev docs) for doc files
(*.rst, *.md) that being listed at the top
level of the generated doc page.
- Generate and add API list to RELEASE doc.
- Fix list_api_changes script to use HEAD
as the endtag so it doesn't need to be
changed every release.
Change-Id: Iace7b6433359c6b96869cb1db01facbbcb0ac1e6
Signed-off-by: Dave Wallace <dwallacelf@gmail.com>
Steven Luong [Tue, 9 Apr 2019 19:18:46 +0000 (12:18 -0700)]
Revert "Revert "bond: problem switching from l2 to l3"" [VPP-1651]
This reverts commit
5d0d5494db58422eb528c0f8b39a86ea966505e9.
The csit crash was actually due to the test image missing the patch
https://gerrit.fd.io/r/#/c/17731/
It was a mistake to revert the original patch
https://gerrit.fd.io/r/#/c/15577/
Change-Id: I7fc563981aa13d308d55b25194fee21475ebc57d
Signed-off-by: Steven Luong <sluong@cisco.com>
(cherry picked from commit
a1f9ee8ea6b7e22a45d7b0cbf631bea3f91864b4)
Thomas F Herbert [Tue, 16 Apr 2019 19:00:12 +0000 (15:00 -0400)]
VPP-1650
Update spec file for new build and execution requirements.
Change-Id: Ia87abfe7b7080ecd07e485e6c32270fda56a496a
Signed-off-by: Thomas F Herbert <therbert@redhat.com>
Neale Ranns [Wed, 17 Apr 2019 02:17:05 +0000 (19:17 -0700)]
ADJ: crash in format/show (VPP-1648)
Change-Id: I26279c19b879e59c68fda31426fe42dae62a858d
Signed-off-by: Neale Ranns <nranns@cisco.com>
Neale Ranns [Thu, 11 Apr 2019 15:14:07 +0000 (15:14 +0000)]
IPSEC: support GCM in ESP
Change-Id: Id2ddb77b4ec3dd543d6e638bc882923f2bac011d
Signed-off-by: Neale Ranns <nranns@cisco.com>
(cherry picked from commit
47feb1146ec3b0e1cf2ebd83cd5211e1df261194)
Filip Tehlar [Thu, 11 Apr 2019 09:55:56 +0000 (09:55 +0000)]
crypto: add more AES-GCM test cases
Change-Id: Ibb3e2f3ba5f31482fc2f0dce53d68f8476608f4b
Signed-off-by: Filip Tehlar <ftehlar@cisco.com>
(cherry picked from commit
11a73973c98a5a10b78f7200e5681859354bb29a)
Neale Ranns [Wed, 10 Apr 2019 17:24:29 +0000 (17:24 +0000)]
IPSEC: ESP with ESN tests and fixes
Change-Id: Ie42b26e6d5cdb7b23f370ea2933c65079e8d1089
Signed-off-by: Neale Ranns <nranns@cisco.com>
(cherry picked from commit
49e7ef60cb38d9f539d70d7a1e85cea5d350a203)
Neale Ranns [Sun, 14 Apr 2019 20:43:51 +0000 (20:43 +0000)]
crypto: openssl - IV len not passed by caller. Callee knows from algo type
Change-Id: Ib80e9bfb19a79e1adc79aef90371a15954daa993
Signed-off-by: Neale Ranns <nranns@cisco.com>
(cherry picked from commit
45df934daf89391a399651f171278a4c0cad30f7)
Mohsin Kazmi [Mon, 15 Apr 2019 11:17:55 +0000 (13:17 +0200)]
tap: fix the crash [VPP-1645]
Crash will happen when someone will try to setup a tap interface
in host namespace without providing the host side of tap interface
custom name. This patch fixes the problem by using the default name
in this case.
Change-Id: Ic1eaea5abd01bc6c766d0e0fcacae29ab7a7ec45
Signed-off-by: Mohsin Kazmi <sykazmi@cisco.com>
(cherry picked from commit
2a6861ff7bc90c1518b68459210830052774d429)
Neale Ranns [Sun, 14 Apr 2019 20:48:55 +0000 (20:48 +0000)]
crypto-openssl-gcm: account for failed decrypts
Change-Id: I749c5a9d58128fd6d0fb8284e56b8f89cf91c609
Signed-off-by: Neale Ranns <nranns@cisco.com>
(cherry picked from commit
1b1d1e9e84b007721a0c2ae2092df7cea662e09d)
Neale Ranns [Sat, 13 Apr 2019 15:30:21 +0000 (15:30 +0000)]
IPSEC: crypto overflow
decrypting too many bytes.
Change-Id: I4663e70271d9734eda7f9a127967b9224c0e5efc
Signed-off-by: Neale Ranns <nranns@cisco.com>
(cherry picked from commit
0a0c7eef787dbf29c8b018420cb9d244cbe8d2dd)
Hongjun Ni [Fri, 12 Apr 2019 13:40:46 +0000 (21:40 +0800)]
LB crash when receving packets with right dst IP and wrong dst port VPP-1643
Change-Id: Ifb322118349674b8ebee45d7644212ab5174a2ec
Signed-off-by: Hongjun Ni <hongjun.ni@intel.com>
Filip Tehlar [Mon, 15 Apr 2019 08:48:10 +0000 (08:48 +0000)]
crypto: fix coverity warnings
Change-Id: Id9dfd912517c44cf812953bd05ac04c9e172a2b7
Signed-off-by: Filip Tehlar <ftehlar@cisco.com>
Florin Coras [Fri, 12 Apr 2019 20:04:16 +0000 (13:04 -0700)]
session: drop lock on segment allocation error VPP-1644
Change-Id: Ib346570daa3e40f4f53100a05e9355ce60d533a4
Signed-off-by: Florin Coras <fcoras@cisco.com>
(cherry picked from commit
bbf923fb52e8a9062ef4d740288cf5547c4dbde4)
Neale Ranns [Thu, 11 Apr 2019 08:18:34 +0000 (08:18 +0000)]
IPSEC-MB: Use random & non-repeating IV (VPP-1642)
hard code IV and key lengths based on cipher.
Init IV from random data, use AES instruction to rotate.
Change-Id: I13a6507d12267b823c528660a903787baeba47a0
Signed-off-by: Neale Ranns <nranns@cisco.com>
(cherry picked from commit
21ada3bd7e9bc5cca7c2c8399adcbaa044bf8103)
Ole Troan [Fri, 12 Apr 2019 08:01:17 +0000 (10:01 +0200)]
stats: Off by one error in stats directory vector.
Change-Id: Ic75af8bbd52c8a08e34ff2a847f60be5479b814b
Signed-off-by: Ole Troan <ot@cisco.com>
(cherry picked from commit
1c9a58decd525ad46487b120642883089fb5758f)
Dave Wallace [Fri, 12 Apr 2019 15:29:36 +0000 (11:29 -0400)]
Release notes: add 19.04 placeholder
Change-Id: I2eb04c295967af3eabab260f7f5feef75fb8c679
Signed-off-by: Dave Wallace <dwallacelf@gmail.com>
Dave Wallace [Wed, 10 Apr 2019 19:38:04 +0000 (15:38 -0400)]
Initial changes for stable/1904 branch
This patch adds an entry for the defaultbranch in .gitreview
Change-Id: I4bc5083a24cf3bc8c0498bb3421f8830483bd536
Signed-off-by: Dave Wallace <dwallacelf@gmail.com>
Dave Wallace [Wed, 10 Apr 2019 16:46:43 +0000 (12:46 -0400)]
make test: fix redundant setUp() in template_ipsec.py
Change-Id: I81b3888816b064bd6bf0f38f5380dae93d7bb349
Signed-off-by: Dave Wallace <dwallacelf@gmail.com>
Andrew Yourtchenko [Wed, 27 Mar 2019 14:22:40 +0000 (15:22 +0100)]
cmake: fix errors in external when building past point-release
Change-Id: I23b4816e4ef2c6a2fa825fbd063ea25ff2024151
Signed-off-by: Andrew Yourtchenko <ayourtch@gmail.com>
Code Review / vpp.git / log