aboutsummaryrefslogtreecommitdiffstats
AgeCommit message (Collapse)AuthorFilesLines
2023-09-13vlib: reset stop_timer_handle on expired processesstable/2302Matthew Smith1-8/+23
Type: fix The main loop populates a vector of suspended process nodes to dispatch by calling TW (tw_timer_expire_timers_vec), which identifies expired timers and appends the user handle for each one to the vector. Subsequently, the vector is iterated and the process node corresponding to each handle is dispatched. The vast majority of the time, the process node will end up suspending itself again to wait for a new timer or event. Given a process node A whose timer has expired, between the point when the timer expired and the point when A is dispatched and suspends itself again, its stop_timer_handle contains a stale value. If another process node B is dispatched before A is dispatched, it may end up using the timer ID that A formerly used. If another process node C is dispatched after B and before A and calls vlib_process_signal_event() to signal A, the timer started by B can be deleted by vlib_process_signal_event_helper(). After getting the vector of process node IDs for expired timers, reset the stop_timer_handle on each of those nodes. Change-Id: I266da438e76e1fc356016da0b9b4941efac1c28a Signed-off-by: Matthew Smith <mgsmith@netgate.com> (cherry picked from commit 9aa4ac55b0a205e333e567f87c3cc9379af2363c)
2023-09-13vlib:process node scheduling use timing_wheel have problem.jinsh2-2/+6
The time wheel should not be started in the loop while processing expired events. can be set p->stop_timer_handle = ~0 to solve. Type: fix Signed-off-by: jinsh <jinsh11@chinatelecom.cn> Change-Id: Ie9a4293f39f981f50d280b39a5d958d319ee2300 Signed-off-by: Matthew Smith <mgsmith@netgate.com> (cherry picked from commit b7756b26a9cc6e04a969dec3914ad7e148086e91)
2023-05-29vcl: fix crash issue when connect an IP that VPP can't resolveqinyang1-3/+6
Type: fix Change-Id: Id0e56906da7cee7be955e87935b073fdd04c78e7 Signed-off-by: qinyang <qiny@yusur.tech>
2023-03-31nat: fix nat44 vrf handlersDaniel Béreš1-2/+2
Change of enums used in REPLY_MACRO() to appropriate one for handlers: -vl_api_nat44_ed_add_del_vrf_table_t_handler -vl_api_nat44_ed_add_del_vrf_route_t_handler Type: fix Change-Id: I58e97817b1678da7c025c0d03a8b938a4e0f7b6c Signed-off-by: Daniel Béreš <daniel.beres@pantheon.tech> (cherry picked from commit 2c03879ce45c6568da015c01d85300eef147ece7)
2023-03-03avf: fix bit calculation function fls_u32Ting Xu1-1/+1
In avf the function fls_u32 is used to calculate the power of 2. Fix the expression of this function. Type: fix Signed-off-by: Ting Xu <ting.xu@intel.com> Change-Id: I27160de8588a5efb3f24306597a5a240deb3ab74 (cherry picked from commit dc95634a237419433b8189bf41b3968640b1f97e)
2023-03-03avf: fix checksum offload configurationTing Xu2-3/+1
Fix some configurations of avf checksum offload to get the correct udp and tcp checksum. Change Tx checksum offload capability since avf supports ipv4, tcp and udp offload all. Remove the operation to swap bit of checksum. Type: fix Signed-off-by: Ting Xu <ting.xu@intel.com> Change-Id: I55a916cc9ee6bef5b2074b5b6bb5f517fc2c178d (cherry picked from commit 26d841870f5ad5d14883ec1b69c381f4b73cb279)
2023-03-03avf dpdk: fix incorrect handling of IPv6 src address in flowTing Xu2-3/+4
In current flow creating process in native avf and dpdk-plugins, when parsing the input arguments, it does not copy IPv6 src address correctly, so that IPv6 src address will not be configured in any flow rule, and any packet with the same address will not be matched. Type: fix Signed-off-by: Ting Xu <ting.xu@intel.com> Change-Id: Ic957c57e3e1488b74e6281f4ed1df7fd491af35c (cherry picked from commit 11d9d02459ee3ac6ae402dd565aabbdfeea2c4fb)
2023-03-03avf: fix incorrect flag for flow directorTing Xu1-2/+1
When parsing flow action type in avf, there is an incorrect flag for flow director, which makes flow director rule created unexpectedly. Type: fix Signed-off-by: Ting Xu <ting.xu@intel.com> Change-Id: Id9fed5db8ccacd5cc6c2f4833183364d763188c1 (cherry picked from commit 25ab42e33b03d9d9a0e3478c3ee346891cf65aef)
2023-02-21misc: VPP 23.02 Release Notesv23.02Andrew Yourtchenko2-0/+542
Type: docs Change-Id: I88ae8452ed1b39a4c6d82b790f63f31deae4c2fa Signed-off-by: Andrew Yourtchenko <ayourtch@gmail.com> Signed-off-by: Dave Wallace <dwallacelf@gmail.com>
2023-02-11misc: VPP 22.10.1 Release NotesDave Wallace2-0/+13
Type: docs Signed-off-by: Dave Wallace <dwallacelf@gmail.com> Change-Id: I70374ea376c895d92d5789debf4b437113e3d884 (cherry picked from commit 57302fe52f141c19b5448997774271d2eedf5cb1)
2023-02-10misc: VPP 22.06.1 Release NotesDave Wallace3-1/+13
Type: docs Signed-off-by: Dave Wallace <dwallacelf@gmail.com> Change-Id: I8770a35c801126ffd2de8f58d79e6616642709a9 (cherry picked from commit 1513b381d8879d9d437bbbc9a270b4ff5f4b19ba)
2023-02-08packetforge: fix lack of edge for ipv6 after gtppscv23.02-rc2Ting Xu1-0/+5
Add one new edge for ipv6 after gtppsc so that packetforge can parse this protocol combination. Type: fix Signed-off-by: Ting Xu <ting.xu@intel.com> Change-Id: I1bae1ec617c4867de2e0b3de27eda77b89e5580c (cherry picked from commit 656a550f1feda3ddfa96f8e1fc510e8eebd3ce7a)
2023-02-08packetforge: fix order of dst/src address of macTing Xu1-2/+2
In the defination of mac node, the order of dst and src address is reversed. Swap their order in this patch. Type: fix Signed-off-by: Ting Xu <ting.xu@intel.com> Change-Id: I039accc0a881eef12f13c75c5becf8b7df97d525 (cherry picked from commit 02bdd3f5cb0f2ff4988f972f31fb44da89fd786e)
2023-02-08vcl: drop lock on segment attach failureFlorin Coras1-0/+1
Type: fix Signed-off-by: Florin Coras <fcoras@cisco.com> Change-Id: I3bc2c7986f492b7b7dfbc84e4893202354223790 (cherry picked from commit aaad4f977cd7337b37cc6f00019f601f07abdced)
2023-02-08vcl: add ldp implementation for recvmmsgFlorin Coras1-31/+39
Type: improvement Signed-off-by: Florin Coras <fcoras@cisco.com> Change-Id: I7322abc3d3b0aa81399667bf02b03786fc62c958 (cherry picked from commit f1a232fd863e0e081a8edf8b1859a9417debb7c7)
2023-02-08vcl: better handlig of ldp apis that rely on gnu sourceFlorin Coras6-91/+139
Control use of apis that rely on _GNU_SOURCE being defined with compile time macro. Also fixes sendmmsg and recvmmsg which were not probably wrapped. Type: improvement Signed-off-by: Florin Coras <fcoras@cisco.com> Change-Id: I207de23210d4b9dc960bb4289159502760c5614d (cherry picked from commit 3684794336602435b91b91a1dc5bd9401a974432)
2023-02-08ipsec: fix AES CBC IV generation (CVE-2022-46397)Benoît Ganne3-29/+65
For AES-CBC, the IV must be unpredictable (see NIST SP800-38a Appendix C). Chaining IVs like is done by ipsecmb and native backends for the VNET_CRYPTO_OP_FLAG_INIT_IV is fully predictable. Encrypt a counter as part of the message, making the (predictable) counter-generated IV unpredictable. Fixes: VPP-2037 Type: fix Change-Id: If4f192d62bf97dda553e7573331c75efa11822ae Signed-off-by: Benoît Ganne <bganne@cisco.com>
2023-02-03session: fix out of bounds event memcpyFlorin Coras1-3/+1
Type: fix Signed-off-by: Florin Coras <fcoras@cisco.com> Change-Id: If5300653edd2dad470985f4591959d00cad2a43b (cherry picked from commit af2e88d964ff8bd8eca30c182ab00e178213c1d4)
2023-02-03vppapigen: fix incorrect comments in jsonOndrej Fabry2-1/+4
Type: fix Signed-off-by: Ondrej Fabry <ofabry@cisco.com> Change-Id: I241cefbbce98cf6fef83f36bd87ae2c1f4b067f0 (cherry picked from commit a4f994f31e566cc5e6512d3aebf627a6e3ce2cc7)
2023-02-03tls: openssl: fix SSL_read partial read scenarioOfer Heifetz1-8/+10
When application performs SSL_read from the app rx-fifo, it can pre-allocate multiple segments, but there is an issue if the OpenSSL manages to partially fill in the first segment, in this case, since data is assumed to be copied over by OpenSSL to the pre-allocated segments(s), vpp uses svm_fifo_enqueue_nocopy API which performs zero copy by passing the pre-allocated segment to SSL_read. If the decrypted data size is smaller than the pre-allocated fifo segment buffer size, application will fetch buffers including zero in the area not filled in by SSL_read. Type: fix Signed-off-by: Ofer Heifetz <oferh@marvell.com> Change-Id: I941a89b17d567d86e5bd2c35785f1df043c33f38 (cherry picked from commit 905ec8797790380e134714e15ff3341eeeabb05e)
2023-01-18misc: Initial changes for stable/2302 branchv23.02-rc1Andrew Yourtchenko1-0/+1
Type: docs Signed-off-by: Andrew Yourtchenko <ayourtch@gmail.com> Change-Id: Icea0f6987e3fd240167cab4d2304cd3962997a41
2023-01-18lb: add source ip based sticky load balancingNobuhiro MIKI8-36/+716
This patch adds source ip based sticky session, which is already implemented in many hardware LBs and software LBs. Note that sticky sessions may be reset if the hash is recalculated as ASs are added or deleted. Since this feature is unrelated to the other existing options, the lb_add_del_vip API version has been upgraded to v2 and a new option "src_ip_sticky" has been added. Type: feature Signed-off-by: Nobuhiro MIKI <nmiki@yahoo-corp.jp> Change-Id: I3eb3680a28defbc701f28c873933ec2fb54544ab
2023-01-18build: use CMAKE_C_COMPILER_LAUNCHER for ccacheGuillaume Solignac1-2/+2
In some situations, CMake will find ccache in /usr/bin but /usr/bin might not present in PATH. The former fix for this was to place the ccache configuration logic before the project() declaration, but since CMake 3.4 there is a new variable to be used which handles this case. For the original problem, see also https://crascit.com/2016/04/09/using-ccache-with-cmake/ Type: fix Signed-off-by: Guillaume Solignac <gsoligna@cisco.com> Change-Id: Ie026e02b2b06e2dca2d62da5fea7b1a104bcc7c3
2023-01-18vppapigen: include comments in jsonOle Troan2-11/+24
Type: feature Signed-off-by: Ole Troan <ot@cisco.com> Change-Id: Ibd796adea734b64d9209c5e18c5b9800cbaf62c6 Signed-off-by: Dave Wallace <dwallacelf@gmail.com>
2023-01-18hs-test: zero timeout on docker stopFlorin Coras1-1/+1
Should drop execution time for all tests by about 80%. Type: test Signed-off-by: Florin Coras <fcoras@cisco.com> Change-Id: Ib6b4ef9fb4e7745a61b40c0b34e53e4046ccdbcc
2023-01-18pppoe: fix memcpy out of bounds with gcc-11 on armTianyu Li1-1/+1
In function ‘memcpy’, inlined from ‘clib_memcpy_fast’ at /home/vpp/src/vppinfra/string.h:86:10, inlined from ‘memcpy_s_inline’ at /home/vpp/src/vppinfra/string.h:157:7, inlined from ‘vnet_pppoe_add_del_session’ at /home/vpp/src/plugins/pppoe/pppoe.c:356:7: error: ‘__builtin_memcpy’ offset [0, 5] is out of the bounds [0, 0] [-Werror=array-bounds] 34 | return __builtin___memcpy_chk (__dest, __src, __len, __bos0 (__dest)); | ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Cc1: all warnings being treated as errors Hardware address is zero length vector for PPP, use vec_len instead. Type: fix Fixes: 62f9cdd82c52 ("Add PPPoE Plugin") Signed-off-by: Tianyu Li <tianyu.li@arm.com> Change-Id: If9fb409cfbbac77c15559d103987f0130bf30255
2023-01-18vppinfra:fix pcap write large file(> 0x80000000) error.aihua20131-1/+1
Type: improvement Signed-off-by: aihua2013 <51931196@qq.com> Change-Id: I22670f49abfb5d1fd728686fc7d65fb40ea6bda2
2023-01-18tests: improve packet checksum functionsKlement Sekera1-6/+21
Fool-proof assert_checksum_valid so that one does not verify checksum on wrong layer (because of how scapy internally works). Make assert_packet_checksums_valid start checksum checking at inner layers and outwards to make it more obvious where the error is. With old behaviour, if one received an ICMP packet carrying a truncated TCP packet, an error would be raised for ICMP checksum, as that one would be the first to be wrong after recalculating all packet checksums, while the real issue is TCP header being truncated and thus unsuitable for use with this function. Type: improvement Signed-off-by: Klement Sekera <klement.sekera@gmail.com> Change-Id: I39a2b50ec5610f969cfde9796416ee3a50ae0ba3
2023-01-18pci: fix musl crashBenoît Ganne1-8/+9
The musl libc does not support closedir(0) resulting in a crash. Only call closedir() if we successfully opened it. Type: fix Change-Id: I3198454f44735501047afc42b94b2fea273212f4 Signed-off-by: Benoît Ganne <bganne@cisco.com>
2023-01-17hs-test: add http proxy env to container buildsFlorin Coras1-2/+4
Type: improvement Signed-off-by: Florin Coras <fcoras@cisco.com> Change-Id: I8c116efb41d561e30fd0db1388cdba903e2edffe
2023-01-17hs-test: autodetect ubuntu version during buildMaros Ondrejicka2-1/+12
Since VPP binaries are being compiled on host system, it makes sense to autodetect Ubuntu version when building test images so that containers would be running version equal to host system. Type: test Signed-off-by: Maros Ondrejicka <maros.ondrejicka@pantheon.tech> Change-Id: I0e13d9ba1ddcd3ad5835bce1b8cccfc048e5e528
2023-01-17acl: CLI allow replace, allow deletionPim van Pelt1-8/+66
Allow the CLI caller to specify an optional [index <idx>] index, which will remove the ACL at that index. This mimicks the API behavior, Add a 'delete acl-plugin acl index <idx>' to mimick the API acl_del call, which will refuse to delete a non-existent index, as well as an index that is referenced by an interface. Type: improvement Signed-off-by: pim@ipng.nl Change-Id: I5f240f7a4e3bca14e8122917e8a5186d80094de2
2023-01-17vlib: install dma.h to fix out-of-tree pluginsMohammed Hawari1-0/+1
Change-Id: I7888ab58abced93859ce15d0dbd1c3d7c94a02f5 Signed-off-by: Mohammed Hawari <mohammed@hawari.fr> Type: fix Fixes: 0654242d1ef51566f0d58445a16053cf376e5a6e
2023-01-16hs-test: better directory structureFilip Tehlar7-4/+4
Move config files to resources and docker files to separate directory Type: test Signed-off-by: Filip Tehlar <ftehlar@cisco.com> Change-Id: I24dd0705c4a463c06de525f28cb54d882527320a
2023-01-16hs-test: restrict concurrency on envoyFilip Tehlar3-8/+16
Type: test Signed-off-by: Filip Tehlar <ftehlar@cisco.com> Change-Id: I8b06f4554a6ee5b13de829e47eaa82431a76c332
2023-01-16wireguard: add local variableGabriel Oginski1-17/+53
The current implementation of wireguard use dereference value from pointer, but between get and dereference the value from pointer can be occur change in pool memory, which means that this pointer can be invalid. Since current implementation doesn't handle with invalid pointers, segfault can occur. The fix add a local variable to keep index of peer from pool and also handle with null pointers from get pointer from pool. Type: fix Signed-off-by: Gabriel Oginski <gabrielx.oginski@intel.com> Change-Id: Ic161ab08266e584493338c682d827ea1fd754b98
2023-01-16ipsec: fix transpose local ip range position with remote ip range in fast ↵Piotr Bronowski3-45/+48
path implementation In fast path implementation of spd policy lookup opposite convention to the original implementation has been applied and local ip range has been interchanged with the remote ip range. This fix addresses this issue. Type: fix Signed-off-by: Piotr Bronowski <piotrx.bronowski@intel.com> Change-Id: I0b6cccc80bf52b34524e98cfd1f1d542008bb7d0
2023-01-14vlib: add const to char* params of several funcsSergey Nikiforov2-2/+3
These functions do not need modifiable strings. It helps with linker sections as well as C++ compatibility. It is a good style to use const where approriate. Type: refactor Signed-off-by: void234@gmail.com Change-Id: Ib437a01663aa61860c6a938d869ed1111da71ec7
2023-01-14vppinfra: add const to char* params of several funcsSergey Nikiforov3-11/+9
These functions do not need modifiable strings. It helps with linker sections as well as C++ compatibility. It is a good style to use const where approriate. Type: refactor Signed-off-by: void234@gmail.com Change-Id: I8d1e922197b3594122296e8c1af57e0a8ec0bf3d
2023-01-13vcl: set deq notify flag on epoll connected sessionsFlorin Coras1-0/+4
Type: fix Signed-off-by: Florin Coras <fcoras@cisco.com> Change-Id: I021f8e8bba247b0050d390a37dbc75900dc6a598
2023-01-13hs-test: use equal ubuntu versions in test imagesMaros Ondrejicka5-12/+18
Official nginx image is based on Debian with older libc version, that causes a runtime fail when VPP libraries are compiled in Ubuntu which has newer libc. Using equal version of Ubuntu in VPP image and in nginx image ensures that running nginx won't fail due to different libc versions. Type: test Signed-off-by: Maros Ondrejicka <maros.ondrejicka@pantheon.tech> Change-Id: I48f3b23be30a9d9d9144351437ce163d64a4bb6b
2023-01-13vppinfra: fix else if check in _vec_set_len()Liangxing Wang1-1/+1
Type: fix Signed-off-by: Liangxing Wang <liangxing.wang@arm.com> Change-Id: I1f757abccd228b9e73f25c96754738c8e6bff259
2023-01-13build: cmake NAMELINK_COMPONENT in vpp librariesNick Brown1-2/+4
Installs the unversioned .so symlink in the -dev component. This prevent debian lintian error: link-to-shared-library-in-wrong-package NAMELINK_COMPONENT was added in cmake 3.12 Type: make Change-Id: I9d743218fa1f6b677659d745525e399ff66e73f4 Signed-off-by: Nick Brown <nickbroon@gmail.com>
2023-01-13af_xdp: update af_xdp driver plugin to depend on libxdpYulong Pei10-90/+167
AF_XDP support is deprecated in libbpf since v0.7.0 [1], the libxdp library now provides the functionality which once was in libbpf, this commit updates af_xdp plugin to depend on libxdp, libbpf still remains a dependency even if libxdp is present, as it need use libbpf APIs for program loading. libxdp is distributed within xdp-tool [2], xdp-tools package also include libbpf in it as dependency, so here installed libxdp v1.2.9 and libbpf v0.8.0, both from xdp-tool-1.2.9 package. More information about libxdp compatibility can be found in the libxdp README [3]. In libbpf v0.8.0, The bpf_prog_load function was deprecated and changed to bpf_object__open_file and bpf_object__next_program and bpf_object__load, The bpf_get_link_xdp_id and bpf_set_link_xdp_fd functions were deprecated and changed to bpf_xdp_attach and bpf_xdp_detach, The bpf_object__unload function was deprecated and changed to bpf_object__close. [1] https://github.com/libbpf/libbpf/commit/277846bc6c15 [2] https://github.com/xdp-project/xdp-tools/releases/tag/v1.2.9 [3] https://github.com/xdp-project/xdp-tools/blob/master/lib/libxdp/README.org Type: improvement Change-Id: Ifbf6e3aa38bc6e0b77561f26311fd11c15ddb47e Signed-off-by: Yulong Pei <yulong.pei@intel.com>
2023-01-12vppinfra: fix longstanding corner case bug in serialize_get()Dave Barach2-0/+47
serialize_get() -> serialize_write_not_inline(...) was losing track of the current buffer index when it managed to empty the overflow vector but had to turn around and use it again. Test-case added to test_serialize.c. This issue dates from 2010. Type: fix Signed-off-by: Dave Barach <dave@barachs.net> Change-Id: I024a03f7a50fd6df543ddbc7c45d85def4f1981d
2023-01-12hs-test: fix tests using wgetFilip Tehlar1-1/+1
This fixes an issue on systems with http proxy set. Type: test Signed-off-by: Filip Tehlar <ftehlar@cisco.com> Change-Id: Ic84fcd0b8a7698ef101b369d46be858cbe85fc73
2023-01-12misc: use right include for fctnl.h and poll.hGuillaume Solignac13-14/+5
Musl is stricter than glibc and has a warning that including fctnl.h and poll.h should be prefered rather than their sys/ counterparts, which breaks -Wall setups. Type: fix Signed-off-by: Guillaume Solignac <gsoligna@cisco.com> Change-Id: Id101e999371951b0927cc8c4109f8f1536de1bc2
2023-01-12abf: exclude networks with deny rulesJosh Dorsey3-6/+136
Type: improvement Signed-off-by: Josh Dorsey <jdorsey@netgate.com> Change-Id: Iee43ca9278922fc7396764b88cff1a87bcb28349
2023-01-11hs-test: optimize size of docker imageFilip Tehlar2-8/+16
Copy necessary only plugins in docker image Type: improvement Signed-off-by: Filip Tehlar <ftehlar@cisco.com> Change-Id: I5f60a8a1ccbbe099ac60774562dc5901f3b4fbed
2023-01-11hs-test: use anchors in yaml config filesMaros Ondrejicka7-16/+25
Volumes can be referenced with anchors to reduce text duplication and to explicitly show which containers share a volume. Type: test Signed-off-by: Maros Ondrejicka <maros.ondrejicka@pantheon.tech> Change-Id: Id408a78262573b3faf2257c32bfa569eca2e2049