Age | Commit message (Collapse) | Author | Files | Lines |
|
For AES-CBC, the IV must be unpredictable (see NIST SP800-38a Appendix
C). Chaining IVs like is done by ipsecmb and native backends for the
VNET_CRYPTO_OP_FLAG_INIT_IV is fully predictable.
Encrypt a counter as part of the message, making the (predictable)
counter-generated IV unpredictable.
Fixes: VPP-2037
Type: fix
Change-Id: If4f192d62bf97dda553e7573331c75efa11822ae
Signed-off-by: Benoît Ganne <bganne@cisco.com>
|
|
Type: fix
Signed-off-by: Florin Coras <fcoras@cisco.com>
Change-Id: I2e2d76661fbb07dd8c6afa3583bb18e01b7a7fb6
(cherry picked from commit 3e2ec42a07ae51aed54e63d05e743a338c666e30)
|
|
Some vhost-backend calculates the wrong checksum in
case of tcp/udp offload when driver resets tcp/udp
checksum field to '0'.
Type: fix
Signed-off-by: Steven Luong <sluong@cisco.com>
Change-Id: I3c45df487f00d7e3d949b4efb32d7f7e01d1108b
|
|
Change-Id: I809f417fabea96df506886ae6576b6e8c1b72caf
Type: docs
Signed-off-by: Andrew Yourtchenko <ayourtch@gmail.com>
|
|
Type: fix
Signed-off-by: Milan Lenco <milan.lenco@pantheon.tech>
Change-Id: Ic8db52b41d7e5af3425099f008984e50afb3da74
|
|
Type: fix
Change-Id: Ia1556aa854fa83fb5340308c4eec868b7b4f8351
Signed-off-by: Filip Tehlar <ftehlar@cisco.com>
|
|
Type: fix
Change-Id: If73b88b9478b9314df6d9163c3a13724d4253c80
Signed-off-by: Filip Tehlar <ftehlar@cisco.com>
(cherry picked from commit fbd47cf83546613ce16f8fc10105609cf51cbfc2)
|
|
Type: fix
Change-Id: Ia7b07b4ec9e5681946f3f5c01c230c1f814e2cf6
Signed-off-by: Filip Tehlar <ftehlar@cisco.com>
(cherry picked from commit c17d6cfaf4fc66927f28af9d8d7cb8ce2a1d839c)
|
|
Type: fix
Change-Id: Idd679885f42de45429a1dcbf3b0af1037dc54d2b
Signed-off-by: Filip Tehlar <ftehlar@cisco.com>
(cherry picked from commit fe7b8c2b4aeadaa5cf3f55b0fcc04600c91df427)
|
|
While cherry-picking: Fix extras/scripts/check_commit_msg so it accepts '_' characters in
feature names.
Type: fix
Signed-off-by: Florin Coras <fcoras@cisco.com>
Change-Id: Ibb380eecca76ed9c00ed14c167dfcf576f943db0
(cherry picked from commit 0f4e3c22ed5951e0a68e6b40fda1ac63ab5e3c3e)
Signed-off-by: Andrew Yourtchenko <ayourtch@gmail.com>
|
|
Type: fix
Ticket: VPP-1837
Partial cherry-pick from a357a938019c8df2b061cc5bd14cd8a64fac694f
Signed-off-by: Dave Barach <dave@barachs.net>
Change-Id: I0d164147173b452fee7e720e01e6a9991f43b64a
|
|
vlib_increment_combined_counter takes sw_if_index, not hw_if_index.
Type: fix
Signed-off-by: Steven Luong <sluong@cisco.com>
Change-Id: Iecde2697ed490940f0eff796d28d15381405b895
(cherry picked from commit 35050289e6b5f6e2939b1d08ed058ab952468943)
|
|
Type: fix
Change-Id: Id5ca868cd7a2abc9320206f0336aa3348f5906e3
Signed-off-by: Benoît Ganne <bganne@cisco.com>
(cherry picked from commit 2a0bd4a7d1745bee38ac80bcc4c8bc6e5af2a7cc)
|
|
Type: fix
Change-Id: Idb6f82e08b29e3805ed2133acb5fd7226148f672
Signed-off-by: Benoît Ganne <bganne@cisco.com>
(cherry picked from commit 9ae3c6a40f268741b87f94a5b75f1b5d1d2128e3)
|
|
Type: fix
Signed-off-by: Florin Coras <fcoras@cisco.com>
Change-Id: I6832e3f24a56e043415a32eb4072d0bfb7697251
(cherry picked from commit 7d941d45bc649f760c650dab3e715585a61d9cf9)
|
|
Type: fix
Change-Id: I5f550bd6a03f47b829ef99803cb6b9ac86329450
Signed-off-by: Florin Coras <fcoras@cisco.com>
(cherry picked from commit 39771adc1da61943978c18b58b35dedc9dddc4b0)
|
|
Type: fix
Change-Id: Iefe6b3a1a0a999d89ef9812fc14d31159043e60c
Signed-off-by: Florin Coras <fcoras@cisco.com>
(cherry picked from commit 508dc51bd075f6bb16862265c0c43e8efb76349c)
|
|
Type: fix
Change-Id: I8f776ce10ee8c29689db5ceef70df42dfb6b747c
Signed-off-by: Benoît Ganne <bganne@cisco.com>
(cherry picked from commit c72995dd79500dd5791e71fd3edeae527c257351)
|
|
Type: fix
Change-Id: Iab99bc1f6c309fae6eaa714b484274fe7072a4cb
Signed-off-by: Benoît Ganne <bganne@cisco.com>
(cherry picked from commit 17814d74dbbc85573adbf970644caa4b1ac9bbb4)
|
|
Type: fix
Change-Id: Iab512ba8c72c9e20aeba2d4265276bcabf095d46
Signed-off-by: Benoît Ganne <bganne@cisco.com>
(cherry picked from commit e3a24300d08f04146935ec0d3b02e03276d6cc68)
|
|
Type: fix
Signed-off-by: Ivan Shvedunov <ivan4th@gmail.com>
Signed-off-by: Florin Coras <fcoras@cisco.com>
Change-Id: Id20f693a5acdee74ab534e9964418973537b977f
(cherry picked from commit c7fd24e30bb5ac68f3c82eafee9dc192289add7f)
|
|
Copy only exactly the data provided by the user even when it is not a
4-bytes multiple.
Type: fix
Change-Id: I2ef987c37e58523a38b46b09227529db2c26aa55
Signed-off-by: Benoît Ganne <bganne@cisco.com>
(cherry picked from commit c79a14f13a0db6f59123e0e6b0b71d4f24433b01)
|
|
In pppoe_cp_node.c, node->errors[error0] was accessed without
node->errors being initialized.
Found with AFL + ASAN.
Type: fix
Signed-off-by: TimotheeChauvin <timchauv@cisco.com>
Change-Id: Ide8a60021b2d47b5e2fce7062d8f12c7f4d225f7
(cherry picked from commit 2887159a1a5f5c501c2df59bf88e6faa38e9699f)
|
|
In case of vector, we must check length before trying to access element.
Also fix wrong DPDK plugin workaround.
Type: fix
Change-Id: I2ecef1c88ebef2362f48cab0d462699aa43cd4b9
Signed-off-by: Benoît Ganne <bganne@cisco.com>
(cherry picked from commit 1bd6f61820c6c15534ebb04a4b070ba84bf08a9d)
|
|
For some reason clang does not support &((struct foo*)0)->field in
static assertion contrary to gcc.
Use offsetof() macro implementation provided by both compilers instead.
Type: fix
Change-Id: I3311cdd29c5861e45dc0ef92f2bbd66242ca73b8
Signed-off-by: Benoît Ganne <bganne@cisco.com>
(cherry picked from commit 5e60c17f49082b7731778e81b58177177a31b58f)
|
|
Previously there's a format_ip4_address in format_ip6...
This patch fixes this typo
Type: fix
Signed-off-by: Chenmin Sun <chenmin.sun@intel.com>
Change-Id: Ice124db6594720ed35a992d069341f399c331e1d
(cherry picked from commit e30f9c5c6342a0f2430848ec4166b75596642964)
|
|
Type: fix
Signed-off-by: jiangxiaoming <jiangxiaoming@outlook.com>
Change-Id: I3ace7dfe3ddacb4f7fa7a974a2ffe2b3cf902ff9
(cherry picked from commit 9268b5823fa7a16195f638e5b1f9c54b430f2f3c)
|
|
Type: fix
Fixes: a84cb715f5a4366dd2f32de18ad92bec566924da
Change-Id: Id448d6ae9cfdd3122e8187121c509412835117c5
Signed-off-by: Mohsin Kazmi <sykazmi@cisco.com>
(cherry picked from commit c6eae9c079defa4812270945d614c4598db262d8)
|
|
unformat_ip6_mask wasn't accounting for customized field names
when deciding if it managed to parse at least one field.
Type: fix
Signed-off-by: Dave Barach <dave@barachs.net>
Change-Id: I26cab4c6828b510e277079628af5115ac43af3ff
(cherry picked from commit 126c88544103d3775252f741398111875f6a62d7)
|
|
Type: fix
Signed-off-by: Ryujiro Shibuya <ryujiro.shibuya@owmobility.com>
Signed-off-by: Florin Coras <fcoras@cisco.com>
Change-Id: Ie358b731f8ecb1fcaebd6e79f5ce5c10802c2814
(cherry picked from commit cc1085647b2ae36e6c086d65b4e81b9f1cf9fc9a)
|
|
Based on the comments in the struct, udp_encap_t_ is meant to span 2
cachelines. Due to the 64 bit alignment of dpo_id_t, the struct spanned
3 cachelines. This caused fetching ue_ip_proto to trigger an additional
cache miss. This patch rearranges the ordering of the struct fields
so that udp_encap_t_ only spans 2 cachelines as intended.
before:
(gdb) print (int)&((struct udp_encap_t_*)0)->cacheline1
$8 = 128
after:
(gdb) print (int)&((struct udp_encap_t_*)0)->cacheline1
$1 = 64
Type: fix
Signed-off-by: Vadym Martsynovskyy <vmartsyn@fb.com>
Change-Id: I066c08654d4a8ef3e2d3954e957d4c5d382b209f
(cherry picked from commit 42386fc974148f812ef3eb73ff09a603caa23565)
|
|
Type: fix
Change-Id: I39341f201209931392f315ead5adfddd8b567caf
Signed-off-by: Mohsin Kazmi <sykazmi@cisco.com>
(cherry picked from commit a84cb715f5a4366dd2f32de18ad92bec566924da)
|
|
Return error instead of dividing by zero.
Type: fix
Signed-off-by: Klement Sekera <ksekera@cisco.com>
Change-Id: I9f6a942e87ab87e8f1921e744ec1add45884e74a
(cherry picked from commit fe77bdc1906cca6a76bd44b1aceffc971f64cec4)
|
|
Prevent overflow if input network prefix is too small and crash on
packet #1 due to vector not being allocated/initialized.
Type: fix
Signed-off-by: Klement Sekera <ksekera@cisco.com>
Change-Id: I3494cc62ce889df48cc59cc9340b5dd70338c3a8
(cherry picked from commit f3d7bd9d4d652b1c4b687267acdb9fdb908a74bd)
|
|
Type: fix
Change-Id: I3df8d3f277bfadee95bfc329e8ce8b929a986af6
Signed-off-by: Damjan Marion <damarion@cisco.com>
(cherry picked from commit 97b9e008b9e072120ea8b0d98e81e898c3adbd4d)
|
|
Type: fix
Ticket: VPP-1888
Signed-off-by: Dave Barach <dave@barachs.net>
Change-Id: I9c2fb926a5e010658088a74051c8c3462ff61734
(cherry picked from commit 1af730d0dfbb91475c6808ed579494d3d223b724)
|
|
If the id is invalid we cannot check whether we must free the message or
not, free it anyway.
Type: fix
Change-Id: Ie4426f601390d1e5e14c739f670e8c1e6e3aaf1e
Signed-off-by: Benoît Ganne <bganne@cisco.com>
(cherry picked from commit ff13e46215ab96df988310b4a20eddefad92de99)
|
|
Type: fix
Change-Id: I4a93e1d9936414c514cb237a22624986b3ef5b3d
Signed-off-by: Benoît Ganne <bganne@cisco.com>
(cherry picked from commit c16fe4689055242c64c71d83e41908a8fb6c2726)
|
|
When recycling a graph node vnet_register_interface, it is missing an
explicit call to vlib_worker_thread_node_runtime_update(). However,
there is an implicit call to vlib_worker_thread_node_runtime_update()
via vnet_sw_interface_set_flags_helper() if it enables a new feature on
the interface for the first time. But that implicit call is not
guaranteed. For example, if an interface is created, deleted, and
created, then it may skip the implicit call to
vlib_worker_thread_node_runtime_update(). When that happens, the graph
nodes on thread 0 are not sync'ed to the worker threads. So the worker
thread's graph nodes are out of sync momentarily with the main thread's
graph nodes until some other event happens which calls for a sync is
needed. During this window, the worker thread's graph node is
vulnerable and may experience a crash.
When deleting a graph node, we never trigger a sync to the worker
thread. A patch was committed 3 years ago via
https://gerrit.fd.io/r/c/vpp/+/7523 to fix a show run crash. In
hindsight, the approach taken by 7523 is not orthogonal. While at it,
let's fix it right for both issues with a call to
vlib_worker_thread_node_runtime_update() in the appropriate place and
remove 7523.
Type: fix
Ticket: VPPSUPP-86
Fixes: gerrit 7523 / 19e9d954bd9eb4f04d48640d6540198e84ef65d7
Signed-off-by: Steven Luong <sluong@cisco.com>
Change-Id: Ic9472bd2d3a212dbfeceb526506ed0400983a142
(cherry picked from commit 1eae8ecb7acc7d80d5c08e300295bec94bf78f0b)
|
|
Type: fix
Signed-off-by: Dave Barach <dave@barachs.net>
Change-Id: I8fbc4baefecf512573126c5085ed7a6e2e360fbe
(cherry picked from commit c1f0d9c105c25c67d9ef86a53c10d43d40b61fe0)
|
|
Add dpo_pool_barrier_sync/release, use them to clean up
thread-unsafe pool expansion cases.
Type: fix
Signed-off-by: Dave Barach <dave@barachs.net>
Change-Id: I09299124a25f8d541e3bb4b75375568990e9b911
(cherry picked from commit 26d890eb4b1ab19fea4d2d02bfc6dc89d2c1b771)
|
|
adj_alloc (...) is not thread safe when the adj pool or combined
counter vectors expand.
Type: fix
Signed-off-by: Dave Barach <dave@barachs.net>
Change-Id: I55710de6ecc083b7434e11798659cca9250c9131
(cherry picked from commit c2d2228e928b7c69dc88e9c3b7502966d0e32d8d)
|
|
load_balance_alloc_i(...) is not thread safe when the
load_balance_pool or combined counter vectors expand.
Type: fix
Signed-off-by: Dave Barach <dave@barachs.net>
Change-Id: I7f295ed77350d1df0434d5ff461eedafe79131de
(cherry picked from commit 8341f76fd1cd4351961cd8161cfed2814fc55103)
|
|
Type: fix
Change-Id: I0e87021b11009a955f5839bdb68af897145816c1
Signed-off-by: Klement Sekera <ksekera@cisco.com>
(cherry picked from commit c39c79c5aa7b5410f3aad4a770a741ab04f7dcc5)
|
|
Use %U and unformat_udp_port instead of %u for unformat() call for
u16 collector_port number in set_ipfix_exporter_command_fn() to
avoid corruption of other variables which can happen if unformat()
with %u is used with a 16-bit variable. This avoids crash due to
corrupted fib_index value.
Type: fix
Signed-off-by: Elias Rudberg <elias.rudberg@bahnhof.net>
Change-Id: Id54273fcc458a7f9c5aa4025aa91711f160c1c1a
(cherry picked from commit 2dca180db989ea7afacdf4e70cc85e4408557382)
|
|
Type: fix
Change-Id: I5601bdeb47d08118476ff7bd29435d2c1dba34b9
Signed-off-by: Mohsin Kazmi <sykazmi@cisco.com>
(cherry picked from commit 04f4d91c9fe6c8d639e28edb5dd3df2c82f92428)
|
|
Type: fix
Change-Id: I8890aa5cc3c576fc9fb68735549dfab721714310
Signed-off-by: Benoît Ganne <bganne@cisco.com>
(cherry picked from commit dcd4aa2110e274f9185e1e5b47ec22d66cc23136)
|
|
Change in snat_ipfix_header_create() to use thread-specific
vlib_main_t *vm pointer to avoid problems with different threads
accessing the same vlib_main_t data structure. This avoids
assertion failure when vlib_time_now() is called with a vm
corresponding to a different thread.
Type: fix
Signed-off-by: Elias Rudberg <elias.rudberg@bahnhof.net>
Change-Id: I2096c1debb5688d3b97e5ed9a0ea78d94053d8b7
(cherry picked from commit 5556813fb63d28240a17ccf18f947e60c4cbb263)
|
|
Type: fix
when the interpose is on an adj-fib and the cover is removed the adj
source will not install. this lead to no path list being found for the
interpose source and a crash. pick a drop path list in this case.
Signed-off-by: Neale Ranns <nranns@cisco.com>
Change-Id: Ied217da043926c913657080f5ffb151201225d23
(cherry picked from commit 1bf6df4ff9c83bac1fc329a4b5c4d7061f13720a)
|
|
Type: fix
Change-Id: I7349840af48eec209532dab43a8ad0bd68993268
Signed-off-by: Benoît Ganne <bganne@cisco.com>
(cherry picked from commit c32a84c70efb45081568fc8aa5fa1884d74865fe)
|