| Age | Commit message (Collapse) | Author | Files | Lines |
|---|
|
For AES-CBC, the IV must be unpredictable (see NIST SP800-38a Appendix
C). Chaining IVs like is done by ipsecmb and native backends for the
VNET_CRYPTO_OP_FLAG_INIT_IV is fully predictable.
Encrypt a counter as part of the message, making the (predictable)
counter-generated IV unpredictable.
Fixes: VPP-2037
Type: fix
Change-Id: If4f192d62bf97dda553e7573331c75efa11822ae
Signed-off-by: Benoît Ganne <bganne@cisco.com>
|
|
Type: fix
- Long story short, intermittently centos jobs have been
failing with clock skew issues. When someone commits a
patch on a machine with the date ahead of UTC, then clock
skew will be encountered when extracting the RPM source
tarball. See [0] and [1] for details.
- Replace 'make bootstrap' with 'make install-dep' in
RPM package build specfile.
[0] https://unix.stackexchange.com/questions/164807/does-git-archive-use-the-wrong-file-timestamp
[1] https://git.fd.io/vpp/tree/Makefile#n380
Change-Id: Iebfb9eb2e26c1f2e4488e871da86d0c60b9f4048
Signed-off-by: Dave Wallace <dwallacelf@gmail.com>
(cherry picked from commit 27b50fea143f2d45613ef982870cd2052e21fb0f)
|
|
Also remove the duplicate 17.07.1 section
Change-Id: I809f417fabea96df506886ae6576b6e8c1b72caf
Type: docs
Signed-off-by: Andrew Yourtchenko <ayourtch@gmail.com>
|
|
Type: fix
Signed-off-by: Milan Lenco <milan.lenco@pantheon.tech>
Change-Id: Ic8db52b41d7e5af3425099f008984e50afb3da74
|
|
Type: fix
Signed-off-by: Florin Coras <fcoras@cisco.com>
Change-Id: I917158a62e5881b97917c3339527d3c34c37565a
(cherry picked from commit 0edfb1a06ed093c5ed82be34b42b8cacc3ac0ff8)
|
|
On CentOS-7 aarch64, command of 'debuginfo-install -y glibc openssl-libs mbedtls-devel zlib' in 'make install-deps' fails because it tries to install the corresponding *debuginfo* packages from some inaccessible/unmaintained repos on aarch64, e.g., centos-sclo-rh-debuginfo. The error message shows as below.
Using 'debuginfo-install --enablerepo=xxx' also fails because it will still enable all the repos including the broken repos on aarch64. Using 'debuginfo-install --disablerepo=xxx' (xxx is the broken repo) works fine but we are not centain about that if VPP user will install additional broken repos on aarch64 or not. So to fix this error, we install all the *debuginfo* packages for 'glibc openssl-libs mbedtls-devel zlib' packages using 'yum install' instead.
[root@ ~]# debuginfo-install -y glibc openssl-libs mbedtls-devel zlib
Loaded plugins: auto-update-debuginfo, fastestmirror, ovl
enabling epel-debuginfo
enabling base-debuginfo
enabling centos-sclo-rh-debuginfo
Loading mirror speeds from cached hostfile
epel/aarch64/metalink | 8.2 kB 00:00:00
epel-debuginfo/aarch64/metalink | 8.5 kB 00:00:00
* base: mirror.aktkn.sg
* centos-sclo-rh: mirror.aktkn.sg
* epel: mirrors.yun-idc.com
* epel-debuginfo: mirrors.yun-idc.com
* extras: mirror.aktkn.sg
* updates: mirror.xtom.com.hk
http://debuginfo.centos.org/centos/7/sclo/aarch64/repodata/repomd.xml: [Errno 14] HTTP Error 404 - Not Found
Trying other mirror.
To address this issue please refer to the below wiki article
https://wiki.centos.org/yum-errors
If above article doesn't help to resolve this issue please use https://bugs.centos.org/.
failure: repodata/repomd.xml from centos-sclo-rh-debuginfo: [Errno 256] No more mirrors to try.
http://debuginfo.centos.org/centos/7/sclo/aarch64/repodata/repomd.xml: [Errno 14] HTTP Error 404 - Not Found
Type: fix
Change-Id: I017c3b20a167d8035c3ae617b9ad5ae479e52f57
Signed-off-by: Jieqiang Wang <jieqiang.wang@arm.com>
(cherry picked from commit 81b95c1fe2ece45ee2a5d895631b608733384182)
|
|
Free the existing vectors prior to losing them.
Type: fix
Ticket: VPPSUPP-94
Signed-off-by: Steven Luong <sluong@cisco.com>
Change-Id: Ic15f1fbc7a0c6c348065fc9759ee5d5c43013b91
Signed-off-by: Ole Troan <ot@cisco.com>
(cherry picked from commit e29fb5bf1b9ab87f4213d990377ea2604990135b)
|
|
Change-Id: Ib77b5928ba0db64ffe747f3b9a9f1248cc239b2a
Type: docs
Signed-off-by: Andrew Yourtchenko <ayourtch@gmail.com>
|
|
Type: fix
Change-Id: Ie0cff37b474f8d85a3ae376e0f547a347fb1ad8a
Signed-off-by: Mohsin Kazmi <sykazmi@cisco.com>
(cherry picked from commit 8046fdc10b14fd161ee81d0a25cfa79793ef698b)
|
|
Use %U and unformat_udp_port instead of %u for unformat() call for
u16 collector_port number in set_ipfix_exporter_command_fn() to
avoid corruption of other variables which can happen if unformat()
with %u is used with a 16-bit variable. This avoids crash due to
corrupted fib_index value.
Type: fix
Signed-off-by: Elias Rudberg <elias.rudberg@bahnhof.net>
Change-Id: Id54273fcc458a7f9c5aa4025aa91711f160c1c1a
(cherry picked from commit 2dca180db989ea7afacdf4e70cc85e4408557382)
|
|
Change in snat_ipfix_header_create() to use thread-specific
vlib_main_t *vm pointer to avoid problems with different threads
accessing the same vlib_main_t data structure. This avoids
assertion failure when vlib_time_now() is called with a vm
corresponding to a different thread.
Type: fix
Signed-off-by: Elias Rudberg <elias.rudberg@bahnhof.net>
Change-Id: I2096c1debb5688d3b97e5ed9a0ea78d94053d8b7
(cherry picked from commit 5556813fb63d28240a17ccf18f947e60c4cbb263)
|
|
Type: fix
Signed-off-by: Chinmaya Agarwal <chinmaya.agarwal@hsc.com>
Change-Id: I9aa5456bf94356e8702fbfd39b14db4c2e74d3e6
(cherry picked from commit edc2ea435b5c407a78f4fcb42d750338d6cdd6d5)
|
|
Type: fix
Change-Id: I3bcc8ff1cf0a828ce3ba112694d38e3287d38d8d
Signed-off-by: Mohsin Kazmi <sykazmi@cisco.com>
(cherry picked from commit 86f281a841b5ec67c6a440dfc691e4c42b883df9)
|
|
Type: fix
From kernel 4.20, xdp support has been added in tun_sendmsg.
If sndbuf == INT_MAX, kernel executes xdp data path
for tun driver which assumes packets are ethernet frames.
This patch is avoiding the xdp data path in kernel by setting
the sendbuf value < INT_MAX.
Signed-off-by: Mohsin Kazmi <sykazmi@cisco.com>
Change-Id: Ia4aa54b177b96d56a2d513d18d26ca01d5b88929
(cherry picked from commit 4834a66b7b3ef73e486c40ea9d8e36cc2e09c473)
|
|
Type: fix
Signed-off-by: Mohsin Kazmi <sykazmi@cisco.com>
Change-Id: Ifeae641ec0aa7de74e33e582234505bf6e28ca87
(cherry picked from commit add4a412d1f5271be21f99fe15a93cb73c38b833)
|
|
Type: fix
Change-Id: I4f91175444dec9800d651aa5a5e0472359de63d1
Signed-off-by: Mohsin Kazmi <sykazmi@cisco.com>
(cherry picked from commit ec1d61efe6d01a1a687f39e57a601ac693833b07)
|
|
This ensures we don't recompute the requirements-{2,3}.txt on each make
test run, and skips patching scapy if it is already patched instead of
failing.
Change-Id: I3da57182ae49f3dd04db139d96734a5d145fedff
Type: fix
Signed-off-by: Aloys Augustin <aloaugus@cisco.com>
(cherry picked from commit 8eca60df745b7656b96db16e75b0deda66bfc515)
|
|
Cleanup L2/L3 mode switch to not redirect to/from ethernet-input node
as it is no longer necessary.
L2 patch should use sw_if_index for device feature enable/disable.
Type: fix
Signed-off-by: John Lo <loj@cisco.com>
Change-Id: I0f24161d027b07c188fd1e05276146f94c075710
(cherry picked from commit f415a3b53a51b261d08cc3312c25f250d6bc1bd6)
|
|
vppinfra source files MUST NOT #include <vlib/vlib.h>, <vnet/vnet.h>
or similar. Move mpcap_add_packet(...), mpcap_add_buffer(...) to a new
file: src/vnet/mpcap.h.
Type: refactor
Signed-off-by: Dave Barach <dave@barachs.net>
Change-Id: Id517aef6fe49b618f853ce32940b91ba45a1e60d
(cherry picked from commit 2a41919e39d4672f76a654f30be9c2093cef4fad)
|
|
Otherwise, the out2in path will discard return-path traffic with
probability 1.0.
Type: fix
Fixes: gerrit 23963 / f126e746fc01c75bc99329d10ce9127b26b23814
Signed-off-by: Dave Barach <dave@barachs.net>
Change-Id: I621ed99329c04ef358035747dde599c0016b58f5
(cherry picked from commit 63c672c440d92cc570c587254afb4167617ec0b7)
|
|
Request connected udp listener behavior by setting
VPPCOM_ATTR_SET_CONNECTED attribute with vppcom_session_attr
Type: feature
Signed-off-by: Florin Coras <fcoras@cisco.com>
Change-Id: Iba95155c0f41cea8c6e1a4263946270d49c213ac
(cherry picked from commit 1e96617d952e2d5d8cc367a226702f8f825ed039)
|
|
Type: fix
Ticket: VPP-1885
Change-Id: I474fffd4d36f439a19d475a8cb20171ca88274ec
Signed-off-by: Paul Vinciguerra <pvinci@vinciconsulting.com>
(cherry picked from commit 353535bb4856d8ee6d818a3c75b8b576b9967ee4)
|
|
Type: fix
Change-Id: Ic3fc488521636f7f7c9402a20db45fdb599adaae
Signed-off-by: Mohsin Kazmi <sykazmi@cisco.com>
(cherry picked from commit be03b5c15598131355da91967d05321c15fa1f24)
|
|
Type: fix
Ticket: VPP-1885
Fixes: 58db6e1
Signed-off-by: Florin Coras <fcoras@cisco.com>
Change-Id: I6431e49b315e09490fed8fd70ac53872836c6a09
(cherry picked from commit f3c1e4b61269cd93302073a631a2549f1aeb24d9)
|
|
Type: fix
Signed-off-by: Florin Coras <fcoras@cisco.com>
Change-Id: I83dafe10cdc78fbb9a751f32155cd84d281b12d9
(cherry picked from commit a4dac8af0eb4271db0c528a00beca58f41b51c95)
|
|
Type: fix
Ticket: VPP-1886
Fixes: 58db6e1
Signed-off-by: Florin Coras <fcoras@cisco.com>
Change-Id: Ic40018a756e57bfec05ffbc5e30d18f4feb315db
(cherry picked from commit 9b72b153d85d0e3e0ca218bcf1564805424b64b9)
|
|
Type: fix
the hash walk does not give the same guarantees as the bihash so
walk in a safe manner.
Change-Id: Idfe48c3a84ab3a341d887f7d196bc81ba34ae8b0
Signed-off-by: Neale Ranns <nranns@cisco.com>
(cherry picked from commit 22391fa92b95ee0376eb372450d6315523c8a9ae)
|
|
Fix and optimize DMAC check in ethernet-input node to utilize NIC or
driver which support L3 DMAC-filtering mode so that DMAC check can be
bypassed safely for interfaces/sub-interfaces in L3 mode.
Checking of interface in L3-DMAC-filtering state to avoid DMAC check
require the following:
a) Fix interface driver init sequence for devices which supports L3
DMAC-filtering to indicate its capability and initialize interface
to L3 DMAC-filtering state.
b) Fix ethernet_set_flags() function and its associated callback
flags_change() functions registered by various drivers in interface
infra to provide proper L3 DMAC filtering status.
Maintain interface/sub-interface L3 config count so DMAC checks can be
bypassed if L3 forwarding is not setup on any main/sub-interfaces.
Type: fix
Ticket: VPP-1868
Signed-off-by: John Lo <loj@cisco.com>
Change-Id: I204d90459c13e9e486cfcba4e64e3d479bc9f2ae
(cherry picked from commit 4a302ee7c75f3d4fd1a73a9d1f6c34b3bde8d620)
|
|
Change-Id: If68e419b00f8961c814727713f989fd0d72f6f1b
Type: docs
Signed-off-by: Andrew Yourtchenko <ayourtch@gmail.com>
|
|
Looks like MAP_LOCK is not enough, so call mlock(...) instead....
Type: fix
Change-Id: I1bc668a2bf3c861ca1c2d376c0fb6bfea87d4f48
Signed-off-by: Damjan Marion <damarion@cisco.com>
|
|
Type: fix
adding routes should be MP safe. When new prefixes with differrent
prefix lengths are added, adjust the sorted list in an MP safe way.
Change-Id: Ib73a3c84d01eb86d17f8e79ea2bd2505dd9afb3d
Signed-off-by: Neale Ranns <nranns@cisco.com>
|
|
Type: fix
we can probably do better, but for now this is needed
Signed-off-by: Neale Ranns <nranns@cisco.com>
Change-Id: I07161f5ac07a70a0e6db6608ba31659d9bc2c9ed
|
|
Type: fix
Ticket: VPP-1882
Signed-off-by: Florin Coras <fcoras@cisco.com>
Change-Id: I342d8f928fcc7de74f9bd288c1a5d63ea1f90020
(cherry picked from commit 0ab36f55753d3d1417c41f8a3aec5e79a882555c)
|
|
I had cleaned up the sample.md previously for 20.01, but when later
that was merged to master, the file was renamed. So, fix this issue.
Change-Id: I6347685af216901fbfdd445606735b9bf79f8fe5
Type: docs
Signed-off-by: Andrew Yourtchenko <ayourtch@gmail.com>
|
|
Type: fix
when the interpose is on an adj-fib and the cover is removed the adj
source will not install. this lead to no path list being found for the
interpose source and a crash. pick a drop path list in this case.
Signed-off-by: Neale Ranns <nranns@cisco.com>
Change-Id: Ied217da043926c913657080f5ffb151201225d23
|
|
Type: improvement
a bihash per-interface used too much memory.
Change-Id: I447bb66c0907e1632fa5d886a3600e518663c39e
Signed-off-by: Neale Ranns <nranns@cisco.com>
(cherry picked from commit 20aec3db441074ee5a861a40d6e02fad2f3dcb37)
|
|
Type: fix
Signed-off-by: Rajesh Goel <rajegoel@cisco.com>
Change-Id: I8d128598b4c872f19b64c779c19b5908ba2f2c08
(cherry picked from commit d1d90f5951df93625594f1904cddd95880838ff0)
|
|
Type: fix
Ticket: VPP-1880
Signed-off-by: Florin Coras <fcoras@cisco.com>
Change-Id: I1e9652b476bbc07852b4e701a948c36a0d8c67fa
|
|
Type: fix
Fixes: 487507f
Ticket: VPP-1879
Signed-off-by: Florin Coras <fcoras@cisco.com>
Change-Id: Ia9813ae09d14111dc8edac0fa6ab082e13ab6e2e
(cherry picked from commit 3b9540966f877ae67d374cab334c31bd6e3f8c8b)
|
|
Obserbed when VPP is running in k8s container
Type: fix
Change-Id: Ibbff9c3921bd7f4f97d47cb6f10eed8ed5efe269
Signed-off-by: Damjan Marion <damarion@cisco.com>
|
|
In case there is no free space in first buffer for ICV and footer,
additional buffer will be added, but esp_encrypt will stay in single
buffer mode.
The issue happens for the following payload sizes:
- TCP packets with payload 1992
- ICMP packets with payload 2004
This fix moves the single/chained buffer ops selection to after
esp_add_footer_and_icv call.
Type: fix
Signed-off-by: Fan Zhang <roy.fan.zhang@intel.com>
Signed-off-by: PiotrX Kleski <piotrx.kleski@intel.com>
Change-Id: Ic5ceba418f738933f96edb3e489ca2d149033b79
(cherry picked from commit fdca4dd1a1a817e65bf44e435261d893fc0c51d6)
|
|
Document update to reflect merged SRv6 functions into 20.05 of lookup and forwarding for inner IP packet encapsulated with outer IP and GTP-U headers.
Type: docs
Signed-off-by: Satoru Matsushima <satoru.matsushima@gmail.com>
Change-Id: I85c9ddf6bf9fa63f2b8b6e03eff3ecec1e7615ab
|
|
Type: fix
Change-Id: Idf7c80b7d81f796bd0512bca4276bcfcf2af241a
Signed-off-by: Neale Ranns <nranns@cisco.com>
(cherry picked from commit fc74697ed3b45499027b272332af786e8e7917bb)
|
|
Type: fix
Ticket: VPP-1870
Change-Id: Ife726d2f6baaa3516c209011183f39670cf6a55d
Signed-off-by: Alexander Chernavin <achernavin@netgate.com>
(cherry picked from commit 88120824acc299a0aec17ce4c208dbc8be394779)
|
|
Type: fix
Signed-off-by: Ye donggang <yedg@wangsu.com>
Change-Id: Ia9f72ff2be455ecd4ff3d16e884c5a50f9df69fe
(cherry picked from commit dbd366b239c0506b0d9984e7481967e038f10a23)
|
|
Type: docs
Change-Id: I45265876c9c778f6b91d39f30eb6035f14d166ec
Signed-off-by: Benoît Ganne <bganne@cisco.com>
(cherry picked from commit ca86c95a3413214110a03b001d45d018385b92dc)
|
|
Type: fix
Change-Id: I7349840af48eec209532dab43a8ad0bd68993268
Signed-off-by: Benoît Ganne <bganne@cisco.com>
(cherry picked from commit c32a84c70efb45081568fc8aa5fa1884d74865fe)
|
|
Removing the comments around eid_type which seem to have been overlooked
by the original patch https://gerrit.fd.io/r/c/vpp/+/24663.
NOTE: This patch is a doc-only change. It does two things:
1. Remove comments around obsolete eid_type type
2. Update the comments to reflect the new vl_api_eid_t type
This is to ensure correct documentation is displayed to user/reader of
VPP docs in 20.05.
Type: fix
Signed-off-by: Onong Tayeng <otayeng@cisco.com>
Change-Id: I48e1993cf8869cb32e159d1956f3ec1e5943e33f
(cherry picked from commit 4ab5190eb4167ac4c06cd649ec8a860784ab1d41)
|
|
Swap byte order for fields of type vl_api_rx_mode_t.
Ticket: VPP-1871
Type: fix
Signed-off-by: Jakub Grajciar <jgrajcia@cisco.com>
Change-Id: Ia1745257b57209d41661d38067e0dd7618f9a9b9
Signed-off-by: Jakub Grajciar <jgrajcia@cisco.com>
(cherry picked from commit aefcd1a3579ec2c93f606b151d563d87ea211387)
|
|
Type: refactor
Ticket: VPP-1875
Signed-off-by: Florin Coras <fcoras@cisco.com>
Change-Id: I145ff3301f168973c4f7f32c337bbcac47900705
(cherry picked from commit 3ca663e743dda703e76d8493a0c5cf13d7004c63)
|
Benoît Ganne
Dave Wallace
Andrew Yourtchenko
Milan Lenco
Florin Coras
Jieqiang Wang
Steven Luong
Mohsin Kazmi
Elias Rudberg
Chinmaya Agarwal
Aloys Augustin
John Lo
Dave Barach
Paul Vinciguerra
Neale Ranns
Damjan Marion
Rajesh Goel
PiotrX Kleski
Satoru Matsushima
Alexander Chernavin
yedg
Onong Tayeng
Jakub Grajciar