aboutsummaryrefslogtreecommitdiffstats
AgeCommit message (Collapse)AuthorFilesLines
2023-02-07ipsec: fix AES CBC IV generation (CVE-2022-46397)stable/2101Benoît Ganne3-22/+72
For AES-CBC, the IV must be unpredictable (see NIST SP800-38a Appendix C). Chaining IVs like is done by ipsecmb and native backends for the VNET_CRYPTO_OP_FLAG_INIT_IV is fully predictable. Encrypt a counter as part of the message, making the (predictable) counter-generated IV unpredictable. Fixes: VPP-2037 Type: fix Change-Id: If4f192d62bf97dda553e7573331c75efa11822ae Signed-off-by: Benoît Ganne <bganne@cisco.com>
2021-07-13misc: 21.01.1 Release Notesv21.01.1Andrew Yourtchenko1-0/+9
Change-Id: If637d21d3c8340ae146ac6f4264945fa94328774 Type: docs Signed-off-by: Andrew Yourtchenko <ayourtch@gmail.com>
2021-07-09avf: fix gcc compiling warning on ArmJieqiang Wang1-4/+4
Initializing struct avf_ip6_psh by {0} using gcc with O2 optimize option will trigger the -Werror=maybe-uninitialized compiling warning on Arm because gcc compiler will think some members of the struct avf_ip6_psh may not be initialized, which probably is a false positive in this case. The compiling error log is shown as below. Avoid this compiling warning by explicitly declaring the IPv6 src and dst ip in avf_ip6_psh as ip6_address_t. ccache /usr/lib/ccache/gcc-10 -DHAVE_FCNTL64 -DHAVE_GETCPU -DHAVE_MEMFD_CREATE -I/home/snowball/tasks/test_vpp_build/test-patch-9/vpp/src -I. -Iinclude -I/home/snowball/tasks/test_vpp_build/test-patch-9/vpp/src/plugins -Iplugins -Iplugins/avf -Wno-address-of-packed-member -g -fPIC -Werror -Wall -march=armv8-a+crc -O2 -fstack-protector -DFORTIFY_SOURCE=2 -fno-common -fPIC -DCLIB_MARCH_VARIANT=cortexa72 -march=armv8-a+crc+crypto -mtune=cortex-a72 -DCLIB_N_PREFETCHES=6 -MD -MT plugins/avf/CMakeFiles/avf_plugin_cortexa72.dir/output.c.o -MF plugins/avf/CMakeFiles/avf_plugin_cortexa72.dir/output.c.o.d -o plugins/avf/CMakeFiles/avf_plugin_cortexa72.dir/output.c.o -c /home/snowball/tasks/test_vpp_build/test-patch-9/vpp/src/plugins/avf/output.c In file included from /home/snowball/tasks/test_vpp_build/test-patch-9/vpp/src/vppinfra/vector_funcs.h:41, from /home/snowball/tasks/test_vpp_build/test-patch-9/vpp/src/vppinfra/vector.h:196, from /home/snowball/tasks/test_vpp_build/test-patch-9/vpp/src/vppinfra/string.h:48, from /home/snowball/tasks/test_vpp_build/test-patch-9/vpp/src/vppinfra/mem.h:49, from /home/snowball/tasks/test_vpp_build/test-patch-9/vpp/src/vppinfra/vec.h:42, from /home/snowball/tasks/test_vpp_build/test-patch-9/vpp/src/vppinfra/format.h:44, from /home/snowball/tasks/test_vpp_build/test-patch-9/vpp/src/vppinfra/elf.h:41, from /home/snowball/tasks/test_vpp_build/test-patch-9/vpp/src/vppinfra/elf_clib.h:41, from /home/snowball/tasks/test_vpp_build/test-patch-9/vpp/src/vlib/vlib.h:44, from /home/snowball/tasks/test_vpp_build/test-patch-9/vpp/src/plugins/avf/output.c:18: /home/snowball/tasks/test_vpp_build/test-patch-9/vpp/src/plugins/avf/output.c: In function ‘avf_device_class_tx_fn_cortexa72’: /home/snowball/tasks/test_vpp_build/test-patch-9/vpp/src/vppinfra/byte_order.h:59:10: error: ‘*((void *)&psh+32)’ may be used uninitialized in this function [-Werror=maybe-uninitialized] 59 | return __builtin_bswap16 (x); | ^~~~~~~~~~~~~~~~~~~~~ /home/snowball/tasks/test_vpp_build/test-patch-9/vpp/src/plugins/avf/output.c:115:23: note: ‘*((void *)&psh+32)’ was declared here 115 | struct avf_ip6_psh psh = { 0 }; | ^~~ Type: fix Change-Id: I2684b101b07823dfacc4a56cc29d152828d0cf37 Signed-off-by: Jieqiang Wang <jieqiang.wang@arm.com> (cherry picked from commit 3daf1f5d3a5918564ae2acdd748b24acaef5bce0)
2021-06-16nat : variable 'ctx' MAY not initialized before usezhangyoufeng1-2/+4
Type: fix Change-Id: Ib22cc8a358d17782a01b7ebeded02d186898bc3a Signed-off-by: zyf <807896415@qq.com>
2021-06-03dpdk: disable i40evf in favor of iavf patchJuraj Linkeš1-0/+232
Fix an issue where multiple VPP instances with DPDK starting at the same time would not initialize VFs properly. This is done by using the iavf PMD (where the issue can't be reproduced) instead of the i40evf PMD. Type: fix Ticket: VPP-1943 Signed-off-by: Juraj Linkeš <juraj.linkes@pantheon.tech> Change-Id: I023138896610dc2b3bb731759f62afc605e9bb09
2021-04-19rdma: fix buggy cqe parsing (truncated packets)Mohammed Hawari1-1/+1
Change-Id: I17228bd35cc7aa0d207a16502bf1376c75675302 Signed-off-by: Mohammed Hawari <mohammed@hawari.fr> Type: fix (cherry picked from commit 933b0ca073a481a976ef64bf8f5ddfe19a346f30)
2021-04-01rdma: fix pkg_config fileMohammed Hawari1-0/+3
When building DPDK with rdma linkage, this patch avoids linking against useless verb providers. It also hard-codes the library directory to lib to fix CentOS behavior. Change-Id: I3acd94adf1b7e59e023346b3c254bd4bba6157df Type: fix Signed-off-by: Mohammed Hawari <mohammed@hawari.fr> (cherry picked from commit df849f8ea8750e934a7a2c9ea2d5628b0c209056)
2021-03-04dpdk: enable AVX-512 on ICLRay Kinsella1-0/+5
Enable DPDK AVX-512 Vector PMDs on Intel Icelake Type: improvement Signed-off-by: Ray Kinsella <mdr@ashroe.eu> Signed-off-by: Radu Nicolau <radu.nicolau@intel.com> Change-Id: Ie5d5bf54ccaa65c1d053d56a2f2973fe8625193b (cherry picked from commit 1cebf98e1cdc99e215d30dadd5570ba836b1a6d9)
2021-02-24fib: fix sa selection for fib routed destinationsJúlius Milan2-5/+39
The move from ip4(6)_src_address_for_packet to fib_sas4(6)_get changed the behavior, so that the new looked only to adjacent gleans. This caused a problem for destinations routed according to FIB table. To reproduce: vpp# create tap vpp# set interface state tap0 up vpp# set interface ip address tap0 192.168.11.1/24 vpp# ip route add 192.168.20.0/24 via 192.168.11.2 linux$ sudo ip addr add 192.168.20.1/24 dev lo linux$ sudo ip link set tap0 up linux$ sudo ip addr add 192.168.11.2/24 dev tap0 vpp# ping 192.168.20.1 Failed: no source address for egress interface Type: fix Signed-off-by: Július Milan <julius.milan@pantheon.tech> Signed-off-by: Neale Ranns <neale@graphiant.com> Change-Id: I22899f4dbbf8c1c85ccce72f801b92c183195b5d (cherry picked from commit 98874cda5853ea2d6b2dc32001b935d394b88430)
2021-02-09l2: crash on l2_input_is_xconnectSteven Luong1-10/+8
Running vpp without any interface configured and then invoking the binary-api l2_xconnect_dump causes vpp to crash in l2_input_is_xconnect due to l2input_main.configs has no memory allocated to it, not even for the local interface which exists all the times. The reason that l2input_main.configs has no memory allocated to it was due to gerrit patch 29232 which took out a line in l2input_init /* Create the config vector */ vec_validate (mp->configs, 100); The fix is to iterate through l2input_main.configs for each interface in l2 to call l2_input_is_xconnect when dumping l2_xconnect interfaces. Type: fix Fixes: gerrit 29232 Signed-off-by: Steven Luong <sluong@cisco.com> Change-Id: I8d9cba4b7eba4c2e0c60887c4fd57d5ec3b06d3b (cherry picked from commit 16f08657758db0f32b60cc88644b3a1c8fc28cbc)
2021-01-27misc: 21.01 Release Notesv21.01Andrew Yourtchenko1-1/+663
Change-Id: I8fa48e631b9405f2882ea975927c42dbbd32cf1f Signed-off-by: Andrew Yourtchenko <ayourtch@gmail.com> Signed-off-by: Ray Kinsella <mdr@ashroe.eu> Type: docs
2021-01-27docs: fix up the markdownAndrew Yourtchenko3-1/+4
Type: docs Change-Id: Ia541839e1f1ceddfae4579dece43b9cc820702e2 Signed-off-by: Andrew Yourtchenko <ayourtch@gmail.com>
2021-01-25vlib: startup multi-arch variant configuration fix for interfacesRadu Nicolau5-8/+69
Propagate the multi-arch variant selection to interfaces. Type: fix Signed-off-by: Radu Nicolau <radu.nicolau@intel.com> Change-Id: I99c4a7896f172f0d14d2ded22a27383825529a7d (cherry picked from commit 5a48b3b9d88fa2793793e2bf3db8bf156fe2951f)
2021-01-22docs: vpp stateless traffic generatorDave Barach2-0/+106
Add a use-case writeup. Type: docs Signed-off-by: Dave Barach <dave@barachs.net> Change-Id: Ib6e79e80455edbdeedcc96943dd98f16c57c559e (cherry picked from commit b8f6122b4f4c828dee103d1f3116d27e6e3e6f3a)
2021-01-21build: fix the version in 'show version' for RPMAndrew Yourtchenko1-0/+5
The RPM build ends up with "vXX.YY" to vstring, which is not what we'd expect - so fix it up. Change-Id: I0af68e69b1e40fc49ade759bb2f0ed9f47614217 Type: fix Signed-off-by: Andrew Yourtchenko <ayourtch@gmail.com> (cherry picked from commit 072def4738f149a6e3f2f3884fae55690d6ad3a1)
2021-01-19avf: fix l2_len for csum offloadMohammed Hawari1-4/+3
Use vlib_buffer_t::current_data instead of vnet_buffer_opaque_t::l2_hdr_offset to compute l2_len for checksum offload (l2_hdr_offset might be invalid if packet originates from an L3 interface) Change-Id: I2031ea6fd6a7af4b6e186751e119ebd6161641b5 Type: fix Signed-off-by: Mohammed Hawari <mohammed@hawari.fr> (cherry picked from commit 533ac64330436752f82477973e4587e2197c4719)
2021-01-14build: add missing openssl-devel package for centos-8 vpp-ext-depsDave Wallace1-1/+1
- In a new centos-8 installation, vpp-ext-deps fails on missing ssl.h header file after 'make install-deps'. Type: fix Signed-off-by: Dave Wallace <dwallacelf@gmail.com> Change-Id: I521d817dd1f1e21aff427d98b9832ea7c7b89339
2021-01-13ip: vtep fixes for alignment and cache update.v21.01-rc2Ray Kinsella1-2/+2
Minor fixes for Intel AVX-512 alignment, and cache update. Type: fix Signed-off-by: Ray Kinsella <mdr@ashroe.eu> Change-Id: I9f9bebb4ecb3265ffc765affd1ed94d0ba979066 (cherry picked from commit 480600662ccbe6175971053ac732e1e92295a43f)
2021-01-13crypto-openssl: chacha support in openssl versionRay Kinsella1-2/+2
Fix build errors related to chachapoly when the system openssl version is < 0x10100000. Type: fix Signed-off-by: Ray Kinsella <mdr@ashroe.eu> Change-Id: I62283fcc44c952ddd4d6a9f621c18e8be1af8af1 (cherry picked from commit bf93c6e9bf340e323157ca2b4ffa8e83a36e5108)
2020-12-21docs: update list of pluginsPaul Vinciguerra5-13/+81
The list of plugins is outdated. This change introduces a dynamically generated list of the plugins along with their descriptions, extracted directly from the sources. Type: docs Change-Id: Icb7b65e6b45289e257d71a1c18d10f62ced59cbe Signed-off-by: Paul Vinciguerra <pvinci@vinciconsulting.com> (cherry picked from commit 630ca994e0ff210a3de80d73bb395c931d2fd83f)
2020-12-18docs: fix missing quotes in ubuntu install instructionsPaul Vinciguerra1-5/+5
type: docs Change-Id: Ifa09b63924f4b7bf2719bba6ada0e1122407641c Signed-off-by: Paul Vinciguerra <pvinci@vinciconsulting.com> (cherry picked from commit ac9a585c6207ac876025f924aeb96ddcac8c8805)
2020-12-17docs: revise home gateway use-case documentationDave Barach3-286/+498
Switch to markdown format. Update docs to current production configs. Add remote software installation scripts. Type: docs Signed-off-by: Dave Barach <dave@barachs.net> Change-Id: Ieaf507a4393c1e4600fb40ae0722c52472bb0f8f (cherry picked from commit 5bfaa6e7e3225f06403be718eb6185b5fad01c91)
2020-12-16misc: Initial changes for stable/2101 branchv21.01-rc1Andrew Yourtchenko3-0/+8
Change-Id: Iff6360ced87bdded50ad3aa4a028d5373bac3e1d Type: docs Signed-off-by: Andrew Yourtchenko <ayourtch@gmail.com>
2020-12-16ip: fix possible missing trace indexesKlement Sekera5-0/+129
Add safeguards when tracing packets to avoid cases where clear trace was issue while buffers were held in reassembly. Type: fix Change-Id: I1bdd1e629e8bc08ce63913fd3c4b2327e47dec04 Signed-off-by: Klement Sekera <ksekera@cisco.com>
2020-12-16misc: update MAINTAINERS fileDave Barach1-31/+32
Type: improvement Signed-off-by: Dave Barach <dave@barachs.net> Change-Id: I0bc970cf2d88f891e7a251a5bdfedfe815be786d
2020-12-16build: remove centos-7 directive from MakefileDave Wallace1-3/+0
- CentOS-7 support has been deprecated. Type: fix Signed-off-by: Dave Wallace <dwallacelf@gmail.com> Change-Id: If7f1988487d0b63a596dfee9dd03af89fb159573
2020-12-16nat: refactor & MW support for NAT testsFilip Varga3-3598/+3662
Split ED and EI nat44 test cases. Added multi worker support for ED test cases. Type: refactor Change-Id: Ibcc2f62b94cacff69ed35c5d914b55f9fdbcf882 Signed-off-by: Filip Varga <fivarga@cisco.com>
2020-12-16l2: add l2 learn limit testsJerome Tollet1-0/+119
Add a couple of tests to check l2bd learn limit behaviour Type: test Signed-off-by: Jerome Tollet <jtollet@cisco.com> Change-Id: Iee16c81e5bb41066e3d6446d0e6ea4f389241270
2020-12-15api: crchcecker ignore version < 1.0.0 and outside of src directoryOle Tr�an6-177/+94
This reverts commit 510aaa8911843206f7b9ff48b41e3c7b8c4a99fe. Reason for revert: failed in case of no api file in changeset. Change-Id: I2c6f01b25a35128df870418eef0008766bb590df Type: fix Signed-off-by: Ole Troan <ot@cisco.com>
2020-12-15nat: set out2in-dpo during plugin enablingAlexander Chernavin1-0/+1
Type: fix Change-Id: Ie41e2fb9393bf63099519150bb158b830d2c0d87 Signed-off-by: Alexander Chernavin <achernavin@netgate.com>
2020-12-15build: add Steven as maintainer for l2 and vxlanAndrew Yourtchenko1-0/+2
Change-Id: If7a9edf328bd2dc943246f491bf34a740edfb056 Signed-off-by: Andrew Yourtchenko <ayourtch@gmail.com> Type: make
2020-12-15classify: add pcap/trace classfier mgmt API callsJon Loeliger10-213/+723
Add lookup/get/set API calls to manage both PCAP and Trace filtering Classifier tables. The "lookup" call may be used to identify a Classifier table within a chain of tables taht matches a particular mask vector. For efficiency, this call should be used to determine to which table a match vector should be added. The "get" calls return the first table within a chain (either a PCAP or the Trace) set of tables. The "set" call may be used to add a new table to one such chain. If the "sort_masks" flag is set, the tables within the chain are ordered such that the most-specific mask is first, and the least-specific mask is last. A call that "sets" a chain to ~0 will delete and free all the tables with a chain. The PCAP filters are per-interface, with "local0", (that is, sw_if_index == 0) holding the system-wide PCAP filter. The Classifier used a reference-counted "set" for each PCAP or trace filter that it stored. The ref counts were not used, and the vector of tables was only used temporarily to establish a sorted order for tables based on masks. None of that complexity was actually warranted, and where it was used, the same could be achieved more simply. Type: refactor Signed-off-by: Jon Loeliger <jdl@netgate.com> Change-Id: Icc56116cca91b91c631ca0628e814fb53f3677d2
2020-12-15api: crchcecker ignore version < 1.0.0 and outside of src directoryOle Troan6-94/+177
- For check patchset ignore files outside of src directory - For check patchset ignore files that have version < 1.0.0 - fix Pylint warnings - Modify vppapigen_crc to include version in JSON output Type: fix Signed-off-by: Ole Troan <ot@cisco.com> Change-Id: I93f7bebeeaeedc19b2b1e5e135ea1035517d7f76 Signed-off-by: Ole Troan <ot@cisco.com>
2020-12-14build: stop trying to build py2 versions of vpp_papiPaul Vinciguerra1-26/+0
Python2 was EOL's in Jan 2020. RHEL6 was EOL'd in Nov 2020. Type: fix Change-Id: Id6910258cfe808c1e6a8fe16334c23d7991509dc Signed-off-by: Paul Vinciguerra <pvinci@vinciconsulting.com>
2020-12-14ikev2: add reason for deleted sa debug logBenoît Ganne1-5/+5
Type: improvement Change-Id: If991165406d10d877aa6c7b2a03b4b741272928c Signed-off-by: Benoît Ganne <bganne@cisco.com>
2020-12-14ikev2: fix show ikev2 profileBenoît Ganne1-38/+18
format_ip_address() to display {local,remote}_id does not work because we do not store ip_address_t but ip{4,6}_address_t, hence we lack the ip_address_family_t version field. Update format_ikev2_id_type_and_data() to support all types and use it instead. Type: fix Change-Id: I7a81beb0b22fcf1c5d1bf03a32a6cc4f030f4361 Signed-off-by: Benoît Ganne <bganne@cisco.com>
2020-12-14session: free segment manager only from mainFlorin Coras1-4/+32
Type: fix Signed-off-by: Florin Coras <fcoras@cisco.com> Change-Id: Idb62154191e85651263be9ae116dd87b93e3a140
2020-12-14build: update ctags --tag-relative option used in make ctagsJerome Tollet1-1/+1
Type: fix Exhuberant ctags --tag-relative expects =[yes|no] Signed-off-by: Jerome Tollet <jtollet@cisco.com> Change-Id: Ic60b7014508d5c8c286f85f26e9eb0bdc0e90aa5
2020-12-14misc: refactor clib_bitmap_foreach macroDamjan Marion33-108/+113
Type: refactor Change-Id: I077110e1a422722e20aa546a6f3224c06ab0cde5 Signed-off-by: Damjan Marion <damarion@cisco.com>
2020-12-14misc: move to new pool_foreach macrosDamjan Marion228-1442/+1396
Type: refactor Change-Id: Ie67dc579e88132ddb1ee4a34cb69f96920101772 Signed-off-by: Damjan Marion <damarion@cisco.com>
2020-12-14vppinfra: simpler and faster pool_foreachDamjan Marion3-16/+33
- reduces number of instructions generated 4 times compared to old code - adds pool_foreach2 which is more friendly to clang-format Type: improvement Change-Id: I51e9c7fb09655c60d883987dadf5b2666c12b3f7 Signed-off-by: Damjan Marion <damarion@cisco.com>
2020-12-14api: add missing version infoPaul Vinciguerra10-3/+13
Type: fix Change-Id: I269214e3eae72e837f25ee61d714556d976d410f Signed-off-by: Paul Vinciguerra <pvinci@vinciconsulting.com>
2020-12-13nat: revert 'fix byte order on ipfix message fields'Damjan Marion1-6/+3
This reverts commit bfba2d555331ce67f707e608877e96dbd2aacd80. Reason for revert: breaks test test_nat44.TestNAT44.test_ipfix_max_sessions Change-Id: I6eed4d02835ab792e7e3491fc14240cc88a86710 Type: fix Signed-off-by: Damjan Marion <damarion@cisco.com>
2020-12-11dpdk: bump to dpdk 20.11Fan Zhang6-12/+30
Type: feature This patch bumps DPDK to 20.11. In addtion a few changes are made: - Changed dynamic rx offload flag display. - Updated deprecating options. Signed-off-by: Fan Zhang <roy.fan.zhang@intel.com> Change-Id: I6e4399d551a7eb8e1a9fc9ef6e39e74266450ad4
2020-12-11pppoe: fix VLIB_RX into the pppoe-input nodeStanislav Zaikin3-0/+15
Previously, RX interface for PPPoE packets was set as the original interface. Now it is set as corresponding PPPoE interface in the "pppoe-input" node. We need to do it because otherwise IP or other settings won't be working onto the PPPoE interface (only on original rx interface). Type: fix Signed-off-by: Stanislav Zaikin <zstaseg@gmail.com> Change-Id: If9cc37608aa5fe685b8278dd99b819b7eddc6c38
2020-12-11ip: ip4 rewrite prefetch optimizationPiotrX Kleski1-2/+5
Type: improvement ip4_rewrite_inline_with_gso() did vlib_prefetch_buffer_header() for all nodes. However it is not necessary for ip-rewrite, it is only needed by ip-midchain. This patch makes ip4-rewrite prefetches less buffers to save cycles. Signed-off-by: PiotrX Kleski <piotrx.kleski@intel.com> Change-Id: Ib82dcb0eda4a2d1d7b8d664f2224d49b72aef50f
2020-12-11virtio: fix vrings overflow in vhost_userBenoît Ganne1-1/+10
Type: fix Change-Id: I7ca955882c0e263a9ace4b14021e51488564e411 Signed-off-by: Benoît Ganne <bganne@cisco.com>
2020-12-11api: fromjson/tojson enum flag supportOle Troan5-12/+232
Represent enum flags as JSON arrays (as these can have multiple values). Add unit tests. Type: improvement Change-Id: I680c5b6f76ef6f05f360e2f3b9c4cbb927e15d7d Signed-off-by: Ole Troan <ot@cisco.com>
2020-12-11misc: cop - clean up stray doxygen blockPaul Vinciguerra1-7/+0
Type: style Change-Id: Iee9463735c4d114a97e6167d717d1911c4477e70 Signed-off-by: Paul Vinciguerra <pvinci@vinciconsulting.com>
2020-12-11nat: fix byte order on ipfix message fieldsMatthew Smith1-3/+6
Type: fix The code for quota exceeded events is a u32 and was being copied into ipfix packets in host byte order. Same for the limit field. Swap the order before copying into packet buffer. Change-Id: I881766e1c52acc9bebde38d85228fa492214ee21 Signed-off-by: Matthew Smith <mgsmith@netgate.com>