Age | Commit message (Collapse) | Author | Files | Lines |
|
For AES-CBC, the IV must be unpredictable (see NIST SP800-38a Appendix
C). Chaining IVs like is done by ipsecmb and native backends for the
VNET_CRYPTO_OP_FLAG_INIT_IV is fully predictable.
Encrypt a counter as part of the message, making the (predictable)
counter-generated IV unpredictable.
Fixes: VPP-2037
Type: fix
Change-Id: If4f192d62bf97dda553e7573331c75efa11822ae
Signed-off-by: Benoît Ganne <bganne@cisco.com>
|
|
Change-Id: If637d21d3c8340ae146ac6f4264945fa94328774
Type: docs
Signed-off-by: Andrew Yourtchenko <ayourtch@gmail.com>
|
|
Initializing struct avf_ip6_psh by {0} using gcc with O2 optimize option
will trigger the -Werror=maybe-uninitialized compiling warning on Arm
because gcc compiler will think some members of the struct avf_ip6_psh
may not be initialized, which probably is a false positive in this case.
The compiling error log is shown as below. Avoid this compiling warning
by explicitly declaring the IPv6 src and dst ip in avf_ip6_psh as
ip6_address_t.
ccache /usr/lib/ccache/gcc-10 -DHAVE_FCNTL64 -DHAVE_GETCPU -DHAVE_MEMFD_CREATE -I/home/snowball/tasks/test_vpp_build/test-patch-9/vpp/src -I. -Iinclude -I/home/snowball/tasks/test_vpp_build/test-patch-9/vpp/src/plugins -Iplugins -Iplugins/avf -Wno-address-of-packed-member -g -fPIC -Werror -Wall -march=armv8-a+crc -O2 -fstack-protector -DFORTIFY_SOURCE=2 -fno-common -fPIC -DCLIB_MARCH_VARIANT=cortexa72 -march=armv8-a+crc+crypto -mtune=cortex-a72 -DCLIB_N_PREFETCHES=6 -MD -MT plugins/avf/CMakeFiles/avf_plugin_cortexa72.dir/output.c.o -MF plugins/avf/CMakeFiles/avf_plugin_cortexa72.dir/output.c.o.d -o plugins/avf/CMakeFiles/avf_plugin_cortexa72.dir/output.c.o -c /home/snowball/tasks/test_vpp_build/test-patch-9/vpp/src/plugins/avf/output.c
In file included from /home/snowball/tasks/test_vpp_build/test-patch-9/vpp/src/vppinfra/vector_funcs.h:41,
from /home/snowball/tasks/test_vpp_build/test-patch-9/vpp/src/vppinfra/vector.h:196,
from /home/snowball/tasks/test_vpp_build/test-patch-9/vpp/src/vppinfra/string.h:48,
from /home/snowball/tasks/test_vpp_build/test-patch-9/vpp/src/vppinfra/mem.h:49,
from /home/snowball/tasks/test_vpp_build/test-patch-9/vpp/src/vppinfra/vec.h:42,
from /home/snowball/tasks/test_vpp_build/test-patch-9/vpp/src/vppinfra/format.h:44,
from /home/snowball/tasks/test_vpp_build/test-patch-9/vpp/src/vppinfra/elf.h:41,
from /home/snowball/tasks/test_vpp_build/test-patch-9/vpp/src/vppinfra/elf_clib.h:41,
from /home/snowball/tasks/test_vpp_build/test-patch-9/vpp/src/vlib/vlib.h:44,
from /home/snowball/tasks/test_vpp_build/test-patch-9/vpp/src/plugins/avf/output.c:18:
/home/snowball/tasks/test_vpp_build/test-patch-9/vpp/src/plugins/avf/output.c: In function ‘avf_device_class_tx_fn_cortexa72’:
/home/snowball/tasks/test_vpp_build/test-patch-9/vpp/src/vppinfra/byte_order.h:59:10: error: ‘*((void *)&psh+32)’ may be used uninitialized in this function [-Werror=maybe-uninitialized]
59 | return __builtin_bswap16 (x);
| ^~~~~~~~~~~~~~~~~~~~~
/home/snowball/tasks/test_vpp_build/test-patch-9/vpp/src/plugins/avf/output.c:115:23: note: ‘*((void *)&psh+32)’ was declared here
115 | struct avf_ip6_psh psh = { 0 };
| ^~~
Type: fix
Change-Id: I2684b101b07823dfacc4a56cc29d152828d0cf37
Signed-off-by: Jieqiang Wang <jieqiang.wang@arm.com>
(cherry picked from commit 3daf1f5d3a5918564ae2acdd748b24acaef5bce0)
|
|
Type: fix
Change-Id: Ib22cc8a358d17782a01b7ebeded02d186898bc3a
Signed-off-by: zyf <807896415@qq.com>
|
|
Fix an issue where multiple VPP instances with DPDK starting at the
same time would not initialize VFs properly. This is done by using the
iavf PMD (where the issue can't be reproduced) instead of the i40evf
PMD.
Type: fix
Ticket: VPP-1943
Signed-off-by: Juraj Linkeš <juraj.linkes@pantheon.tech>
Change-Id: I023138896610dc2b3bb731759f62afc605e9bb09
|
|
Change-Id: I17228bd35cc7aa0d207a16502bf1376c75675302
Signed-off-by: Mohammed Hawari <mohammed@hawari.fr>
Type: fix
(cherry picked from commit 933b0ca073a481a976ef64bf8f5ddfe19a346f30)
|
|
When building DPDK with rdma linkage, this patch avoids linking against
useless verb providers. It also hard-codes the library directory to lib
to fix CentOS behavior.
Change-Id: I3acd94adf1b7e59e023346b3c254bd4bba6157df
Type: fix
Signed-off-by: Mohammed Hawari <mohammed@hawari.fr>
(cherry picked from commit df849f8ea8750e934a7a2c9ea2d5628b0c209056)
|
|
Enable DPDK AVX-512 Vector PMDs on Intel Icelake
Type: improvement
Signed-off-by: Ray Kinsella <mdr@ashroe.eu>
Signed-off-by: Radu Nicolau <radu.nicolau@intel.com>
Change-Id: Ie5d5bf54ccaa65c1d053d56a2f2973fe8625193b
(cherry picked from commit 1cebf98e1cdc99e215d30dadd5570ba836b1a6d9)
|
|
The move from ip4(6)_src_address_for_packet to fib_sas4(6)_get changed
the behavior, so that the new looked only to adjacent gleans. This
caused a problem for destinations routed according to FIB table.
To reproduce:
vpp# create tap
vpp# set interface state tap0 up
vpp# set interface ip address tap0 192.168.11.1/24
vpp# ip route add 192.168.20.0/24 via 192.168.11.2
linux$ sudo ip addr add 192.168.20.1/24 dev lo
linux$ sudo ip link set tap0 up
linux$ sudo ip addr add 192.168.11.2/24 dev tap0
vpp# ping 192.168.20.1
Failed: no source address for egress interface
Type: fix
Signed-off-by: Július Milan <julius.milan@pantheon.tech>
Signed-off-by: Neale Ranns <neale@graphiant.com>
Change-Id: I22899f4dbbf8c1c85ccce72f801b92c183195b5d
(cherry picked from commit 98874cda5853ea2d6b2dc32001b935d394b88430)
|
|
Running vpp without any interface configured and then invoking the
binary-api l2_xconnect_dump causes vpp to crash in l2_input_is_xconnect due
to l2input_main.configs has no memory allocated to it, not even for the local
interface which exists all the times.
The reason that l2input_main.configs has no memory allocated to it was due to
gerrit patch 29232 which took out a line in l2input_init
/* Create the config vector */
vec_validate (mp->configs, 100);
The fix is to iterate through l2input_main.configs for each interface in
l2 to call l2_input_is_xconnect when dumping l2_xconnect interfaces.
Type: fix
Fixes: gerrit 29232
Signed-off-by: Steven Luong <sluong@cisco.com>
Change-Id: I8d9cba4b7eba4c2e0c60887c4fd57d5ec3b06d3b
(cherry picked from commit 16f08657758db0f32b60cc88644b3a1c8fc28cbc)
|
|
Change-Id: I8fa48e631b9405f2882ea975927c42dbbd32cf1f
Signed-off-by: Andrew Yourtchenko <ayourtch@gmail.com>
Signed-off-by: Ray Kinsella <mdr@ashroe.eu>
Type: docs
|
|
Type: docs
Change-Id: Ia541839e1f1ceddfae4579dece43b9cc820702e2
Signed-off-by: Andrew Yourtchenko <ayourtch@gmail.com>
|
|
Propagate the multi-arch variant selection to interfaces.
Type: fix
Signed-off-by: Radu Nicolau <radu.nicolau@intel.com>
Change-Id: I99c4a7896f172f0d14d2ded22a27383825529a7d
(cherry picked from commit 5a48b3b9d88fa2793793e2bf3db8bf156fe2951f)
|
|
Add a use-case writeup.
Type: docs
Signed-off-by: Dave Barach <dave@barachs.net>
Change-Id: Ib6e79e80455edbdeedcc96943dd98f16c57c559e
(cherry picked from commit b8f6122b4f4c828dee103d1f3116d27e6e3e6f3a)
|
|
The RPM build ends up with "vXX.YY" to vstring,
which is not what we'd expect - so fix it up.
Change-Id: I0af68e69b1e40fc49ade759bb2f0ed9f47614217
Type: fix
Signed-off-by: Andrew Yourtchenko <ayourtch@gmail.com>
(cherry picked from commit 072def4738f149a6e3f2f3884fae55690d6ad3a1)
|
|
Use vlib_buffer_t::current_data instead of
vnet_buffer_opaque_t::l2_hdr_offset to compute l2_len for checksum
offload (l2_hdr_offset might be invalid if packet originates from an L3
interface)
Change-Id: I2031ea6fd6a7af4b6e186751e119ebd6161641b5
Type: fix
Signed-off-by: Mohammed Hawari <mohammed@hawari.fr>
(cherry picked from commit 533ac64330436752f82477973e4587e2197c4719)
|
|
- In a new centos-8 installation, vpp-ext-deps fails on missing
ssl.h header file after 'make install-deps'.
Type: fix
Signed-off-by: Dave Wallace <dwallacelf@gmail.com>
Change-Id: I521d817dd1f1e21aff427d98b9832ea7c7b89339
|
|
Minor fixes for Intel AVX-512 alignment, and cache update.
Type: fix
Signed-off-by: Ray Kinsella <mdr@ashroe.eu>
Change-Id: I9f9bebb4ecb3265ffc765affd1ed94d0ba979066
(cherry picked from commit 480600662ccbe6175971053ac732e1e92295a43f)
|
|
Fix build errors related to chachapoly when the
system openssl version is < 0x10100000.
Type: fix
Signed-off-by: Ray Kinsella <mdr@ashroe.eu>
Change-Id: I62283fcc44c952ddd4d6a9f621c18e8be1af8af1
(cherry picked from commit bf93c6e9bf340e323157ca2b4ffa8e83a36e5108)
|
|
The list of plugins is outdated.
This change introduces a dynamically
generated list of the plugins along with their descriptions,
extracted directly from the sources.
Type: docs
Change-Id: Icb7b65e6b45289e257d71a1c18d10f62ced59cbe
Signed-off-by: Paul Vinciguerra <pvinci@vinciconsulting.com>
(cherry picked from commit 630ca994e0ff210a3de80d73bb395c931d2fd83f)
|
|
type: docs
Change-Id: Ifa09b63924f4b7bf2719bba6ada0e1122407641c
Signed-off-by: Paul Vinciguerra <pvinci@vinciconsulting.com>
(cherry picked from commit ac9a585c6207ac876025f924aeb96ddcac8c8805)
|
|
Switch to markdown format.
Update docs to current production configs. Add remote software
installation scripts.
Type: docs
Signed-off-by: Dave Barach <dave@barachs.net>
Change-Id: Ieaf507a4393c1e4600fb40ae0722c52472bb0f8f
(cherry picked from commit 5bfaa6e7e3225f06403be718eb6185b5fad01c91)
|
|
Change-Id: Iff6360ced87bdded50ad3aa4a028d5373bac3e1d
Type: docs
Signed-off-by: Andrew Yourtchenko <ayourtch@gmail.com>
|
|
Add safeguards when tracing packets to avoid cases where clear trace
was issue while buffers were held in reassembly.
Type: fix
Change-Id: I1bdd1e629e8bc08ce63913fd3c4b2327e47dec04
Signed-off-by: Klement Sekera <ksekera@cisco.com>
|
|
Type: improvement
Signed-off-by: Dave Barach <dave@barachs.net>
Change-Id: I0bc970cf2d88f891e7a251a5bdfedfe815be786d
|
|
- CentOS-7 support has been deprecated.
Type: fix
Signed-off-by: Dave Wallace <dwallacelf@gmail.com>
Change-Id: If7f1988487d0b63a596dfee9dd03af89fb159573
|
|
Split ED and EI nat44 test cases. Added multi worker
support for ED test cases.
Type: refactor
Change-Id: Ibcc2f62b94cacff69ed35c5d914b55f9fdbcf882
Signed-off-by: Filip Varga <fivarga@cisco.com>
|
|
Add a couple of tests to check l2bd learn limit behaviour
Type: test
Signed-off-by: Jerome Tollet <jtollet@cisco.com>
Change-Id: Iee16c81e5bb41066e3d6446d0e6ea4f389241270
|
|
This reverts commit 510aaa8911843206f7b9ff48b41e3c7b8c4a99fe.
Reason for revert: failed in case of no api file in changeset.
Change-Id: I2c6f01b25a35128df870418eef0008766bb590df
Type: fix
Signed-off-by: Ole Troan <ot@cisco.com>
|
|
Type: fix
Change-Id: Ie41e2fb9393bf63099519150bb158b830d2c0d87
Signed-off-by: Alexander Chernavin <achernavin@netgate.com>
|
|
Change-Id: If7a9edf328bd2dc943246f491bf34a740edfb056
Signed-off-by: Andrew Yourtchenko <ayourtch@gmail.com>
Type: make
|
|
Add lookup/get/set API calls to manage both PCAP and Trace
filtering Classifier tables.
The "lookup" call may be used to identify a Classifier table
within a chain of tables taht matches a particular mask vector.
For efficiency, this call should be used to determine to which
table a match vector should be added.
The "get" calls return the first table within a chain (either
a PCAP or the Trace) set of tables. The "set" call may be
used to add a new table to one such chain. If the "sort_masks"
flag is set, the tables within the chain are ordered such that
the most-specific mask is first, and the least-specific mask
is last. A call that "sets" a chain to ~0 will delete and free
all the tables with a chain.
The PCAP filters are per-interface, with "local0", (that is,
sw_if_index == 0) holding the system-wide PCAP filter.
The Classifier used a reference-counted "set" for each PCAP
or trace filter that it stored. The ref counts were not used,
and the vector of tables was only used temporarily to establish
a sorted order for tables based on masks. None of that
complexity was actually warranted, and where it was used,
the same could be achieved more simply.
Type: refactor
Signed-off-by: Jon Loeliger <jdl@netgate.com>
Change-Id: Icc56116cca91b91c631ca0628e814fb53f3677d2
|
|
- For check patchset ignore files outside of src directory
- For check patchset ignore files that have version < 1.0.0
- fix Pylint warnings
- Modify vppapigen_crc to include version in JSON output
Type: fix
Signed-off-by: Ole Troan <ot@cisco.com>
Change-Id: I93f7bebeeaeedc19b2b1e5e135ea1035517d7f76
Signed-off-by: Ole Troan <ot@cisco.com>
|
|
Python2 was EOL's in Jan 2020.
RHEL6 was EOL'd in Nov 2020.
Type: fix
Change-Id: Id6910258cfe808c1e6a8fe16334c23d7991509dc
Signed-off-by: Paul Vinciguerra <pvinci@vinciconsulting.com>
|
|
Type: improvement
Change-Id: If991165406d10d877aa6c7b2a03b4b741272928c
Signed-off-by: Benoît Ganne <bganne@cisco.com>
|
|
format_ip_address() to display {local,remote}_id does not work because
we do not store ip_address_t but ip{4,6}_address_t, hence we lack the
ip_address_family_t version field.
Update format_ikev2_id_type_and_data() to support all types and use it
instead.
Type: fix
Change-Id: I7a81beb0b22fcf1c5d1bf03a32a6cc4f030f4361
Signed-off-by: Benoît Ganne <bganne@cisco.com>
|
|
Type: fix
Signed-off-by: Florin Coras <fcoras@cisco.com>
Change-Id: Idb62154191e85651263be9ae116dd87b93e3a140
|
|
Type: fix
Exhuberant ctags --tag-relative expects =[yes|no]
Signed-off-by: Jerome Tollet <jtollet@cisco.com>
Change-Id: Ic60b7014508d5c8c286f85f26e9eb0bdc0e90aa5
|
|
Type: refactor
Change-Id: I077110e1a422722e20aa546a6f3224c06ab0cde5
Signed-off-by: Damjan Marion <damarion@cisco.com>
|
|
Type: refactor
Change-Id: Ie67dc579e88132ddb1ee4a34cb69f96920101772
Signed-off-by: Damjan Marion <damarion@cisco.com>
|
|
- reduces number of instructions generated 4 times compared to old code
- adds pool_foreach2 which is more friendly to clang-format
Type: improvement
Change-Id: I51e9c7fb09655c60d883987dadf5b2666c12b3f7
Signed-off-by: Damjan Marion <damarion@cisco.com>
|
|
Type: fix
Change-Id: I269214e3eae72e837f25ee61d714556d976d410f
Signed-off-by: Paul Vinciguerra <pvinci@vinciconsulting.com>
|
|
This reverts commit bfba2d555331ce67f707e608877e96dbd2aacd80.
Reason for revert: breaks test test_nat44.TestNAT44.test_ipfix_max_sessions
Change-Id: I6eed4d02835ab792e7e3491fc14240cc88a86710
Type: fix
Signed-off-by: Damjan Marion <damarion@cisco.com>
|
|
Type: feature
This patch bumps DPDK to 20.11. In addtion a few changes are
made:
- Changed dynamic rx offload flag display.
- Updated deprecating options.
Signed-off-by: Fan Zhang <roy.fan.zhang@intel.com>
Change-Id: I6e4399d551a7eb8e1a9fc9ef6e39e74266450ad4
|
|
Previously, RX interface for PPPoE packets was set as the original interface.
Now it is set as corresponding PPPoE interface in the "pppoe-input" node.
We need to do it because otherwise IP or other settings won't be working onto the PPPoE interface (only on original rx interface).
Type: fix
Signed-off-by: Stanislav Zaikin <zstaseg@gmail.com>
Change-Id: If9cc37608aa5fe685b8278dd99b819b7eddc6c38
|
|
Type: improvement
ip4_rewrite_inline_with_gso() did vlib_prefetch_buffer_header() for all nodes.
However it is not necessary for ip-rewrite, it is only needed by ip-midchain.
This patch makes ip4-rewrite prefetches less buffers to save cycles.
Signed-off-by: PiotrX Kleski <piotrx.kleski@intel.com>
Change-Id: Ib82dcb0eda4a2d1d7b8d664f2224d49b72aef50f
|
|
Type: fix
Change-Id: I7ca955882c0e263a9ace4b14021e51488564e411
Signed-off-by: Benoît Ganne <bganne@cisco.com>
|
|
Represent enum flags as JSON arrays (as these can have multiple values).
Add unit tests.
Type: improvement
Change-Id: I680c5b6f76ef6f05f360e2f3b9c4cbb927e15d7d
Signed-off-by: Ole Troan <ot@cisco.com>
|
|
Type: style
Change-Id: Iee9463735c4d114a97e6167d717d1911c4477e70
Signed-off-by: Paul Vinciguerra <pvinci@vinciconsulting.com>
|
|
Type: fix
The code for quota exceeded events is a u32 and was being copied
into ipfix packets in host byte order. Same for the limit field.
Swap the order before copying into packet buffer.
Change-Id: I881766e1c52acc9bebde38d85228fa492214ee21
Signed-off-by: Matthew Smith <mgsmith@netgate.com>
|