aboutsummaryrefslogtreecommitdiffstats
AgeCommit message (Collapse)AuthorFilesLines
2023-02-06ipsec: fix AES CBC IV generation (CVE-2022-46397)stable/1908Benoît Ganne2-5/+28
For AES-CBC, the IV must be unpredictable (see NIST SP800-38a Appendix C). Chaining IVs like is done by ipsecmb and native backends for the VNET_CRYPTO_OP_FLAG_INIT_IV is fully predictable. Encrypt a counter as part of the message, making the (predictable) counter-generated IV unpredictable. Fixes: VPP-2037 Type: fix Change-Id: If4f192d62bf97dda553e7573331c75efa11822ae Signed-off-by: Benoît Ganne <bganne@cisco.com>
2020-10-14tcp: fix bt acked_sacked on recoveryFlorin Coras1-2/+3
Type: fix Signed-off-by: Florin Coras <fcoras@cisco.com> Change-Id: I2e2d76661fbb07dd8c6afa3583bb18e01b7a7fb6 (cherry picked from commit 3e2ec42a07ae51aed54e63d05e743a338c666e30)
2020-10-12virtio: fix the tcp/udp checksum offloadsSteven Luong1-5/+1
Some vhost-backend calculates the wrong checksum in case of tcp/udp offload when driver resets tcp/udp checksum field to '0'. Type: fix Signed-off-by: Steven Luong <sluong@cisco.com> Change-Id: I3c45df487f00d7e3d949b4efb32d7f7e01d1108b
2020-08-25misc: 19.08.3 Release Notesv19.08.3Andrew Yourtchenko1-0/+9
Change-Id: I809f417fabea96df506886ae6576b6e8c1b72caf Type: docs Signed-off-by: Andrew Yourtchenko <ayourtch@gmail.com>
2020-08-20ipsec: fix esp paddingMilan Lenco1-1/+1
Type: fix Signed-off-by: Milan Lenco <milan.lenco@pantheon.tech> Change-Id: Ic8db52b41d7e5af3425099f008984e50afb3da74
2020-08-20ikev2: use remote proposals when installing tunnelFilip Tehlar1-2/+2
Type: fix Change-Id: Ia1556aa854fa83fb5340308c4eec868b7b4f8351 Signed-off-by: Filip Tehlar <ftehlar@cisco.com>
2020-08-20ikev2: announce both 'ESN' and 'No ESN'Filip Tehlar1-1/+0
Type: fix Change-Id: If73b88b9478b9314df6d9163c3a13724d4253c80 Signed-off-by: Filip Tehlar <ftehlar@cisco.com> (cherry picked from commit fbd47cf83546613ce16f8fc10105609cf51cbfc2)
2020-08-20ikev2: fix wrong index computationFilip Tehlar1-1/+1
Type: fix Change-Id: Ia7b07b4ec9e5681946f3f5c01c230c1f814e2cf6 Signed-off-by: Filip Tehlar <ftehlar@cisco.com> (cherry picked from commit c17d6cfaf4fc66927f28af9d8d7cb8ce2a1d839c)
2020-08-20ikev2: fix incorrect reply messagesFilip Tehlar1-2/+2
Type: fix Change-Id: Idd679885f42de45429a1dcbf3b0af1037dc54d2b Signed-off-by: Filip Tehlar <ftehlar@cisco.com> (cherry picked from commit fe7b8c2b4aeadaa5cf3f55b0fcc04600c91df427)
2020-08-20http_static: fix session cleanupFlorin Coras2-42/+31
While cherry-picking: Fix extras/scripts/check_commit_msg so it accepts '_' characters in feature names. Type: fix Signed-off-by: Florin Coras <fcoras@cisco.com> Change-Id: Ibb380eecca76ed9c00ed14c167dfcf576f943db0 (cherry picked from commit 0f4e3c22ed5951e0a68e6b40fda1ac63ab5e3c3e) Signed-off-by: Andrew Yourtchenko <ayourtch@gmail.com>
2020-08-20dns: fix coverity warningsDave Barach1-1/+1
Type: fix Ticket: VPP-1837 Partial cherry-pick from a357a938019c8df2b061cc5bd14cd8a64fac694f Signed-off-by: Dave Barach <dave@barachs.net> Change-Id: I0d164147173b452fee7e720e01e6a9991f43b64a
2020-08-19memif: wrong interface counter is incrementedSteven Luong1-2/+2
vlib_increment_combined_counter takes sw_if_index, not hw_if_index. Type: fix Signed-off-by: Steven Luong <sluong@cisco.com> Change-Id: Iecde2697ed490940f0eff796d28d15381405b895 (cherry picked from commit 35050289e6b5f6e2939b1d08ed058ab952468943)
2020-08-18vppinfra: fix clib_count_equal_u8/16/32/64 overflowBenoît Ganne1-47/+30
Type: fix Change-Id: Id5ca868cd7a2abc9320206f0336aa3348f5906e3 Signed-off-by: Benoît Ganne <bganne@cisco.com> (cherry picked from commit 2a0bd4a7d1745bee38ac80bcc4c8bc6e5af2a7cc)
2020-08-18ip: fix punt cli to only consumes a line of inputBenoît Ganne1-4/+25
Type: fix Change-Id: Idb6f82e08b29e3805ed2133acb5fd7226148f672 Signed-off-by: Benoît Ganne <bganne@cisco.com> (cherry picked from commit 9ae3c6a40f268741b87f94a5b75f1b5d1d2128e3)
2020-08-18hsa: fix http server session cleanupFlorin Coras1-36/+31
Type: fix Signed-off-by: Florin Coras <fcoras@cisco.com> Change-Id: I6832e3f24a56e043415a32eb4072d0bfb7697251 (cherry picked from commit 7d941d45bc649f760c650dab3e715585a61d9cf9)
2020-08-18lisp: fix cli locator-set name null terminationFlorin Coras2-8/+4
Type: fix Change-Id: I5f550bd6a03f47b829ef99803cb6b9ac86329450 Signed-off-by: Florin Coras <fcoras@cisco.com> (cherry picked from commit 39771adc1da61943978c18b58b35dedc9dddc4b0)
2020-08-18lisp: fix lisp/one enable/disableFlorin Coras2-85/+67
Type: fix Change-Id: Iefe6b3a1a0a999d89ef9812fc14d31159043e60c Signed-off-by: Florin Coras <fcoras@cisco.com> (cherry picked from commit 508dc51bd075f6bb16862265c0c43e8efb76349c)
2020-08-18lacp: fix vector overflowBenoît Ganne1-2/+2
Type: fix Change-Id: I8f776ce10ee8c29689db5ceef70df42dfb6b747c Signed-off-by: Benoît Ganne <bganne@cisco.com> (cherry picked from commit c72995dd79500dd5791e71fd3edeae527c257351)
2020-08-18interface: fix show/clear hardware-interfaces string overflowBenoît Ganne1-5/+19
Type: fix Change-Id: Iab99bc1f6c309fae6eaa714b484274fe7072a4cb Signed-off-by: Benoît Ganne <bganne@cisco.com> (cherry picked from commit 17814d74dbbc85573adbf970644caa4b1ac9bbb4)
2020-08-18pci: fix non NULL-terminated vector used as C string overflowBenoît Ganne2-4/+12
Type: fix Change-Id: Iab512ba8c72c9e20aeba2d4265276bcabf095d46 Signed-off-by: Benoît Ganne <bganne@cisco.com> (cherry picked from commit e3a24300d08f04146935ec0d3b02e03276d6cc68)
2020-08-18session: cleanup lookup table for rejected sessionFlorin Coras1-1/+4
Type: fix Signed-off-by: Ivan Shvedunov <ivan4th@gmail.com> Signed-off-by: Florin Coras <fcoras@cisco.com> Change-Id: Id20f693a5acdee74ab534e9964418973537b977f (cherry picked from commit c7fd24e30bb5ac68f3c82eafee9dc192289add7f)
2020-08-18feature: fix feature config data initialization overflowBenoît Ganne1-5/+10
Copy only exactly the data provided by the user even when it is not a 4-bytes multiple. Type: fix Change-Id: I2ef987c37e58523a38b46b09227529db2c26aa55 Signed-off-by: Benoît Ganne <bganne@cisco.com> (cherry picked from commit c79a14f13a0db6f59123e0e6b0b71d4f24433b01)
2020-08-18pppoe: fix uninitialized memory bugTimotheeChauvin3-1/+7
In pppoe_cp_node.c, node->errors[error0] was accessed without node->errors being initialized. Found with AFL + ASAN. Type: fix Signed-off-by: TimotheeChauvin <timchauv@cisco.com> Change-Id: Ide8a60021b2d47b5e2fce7062d8f12c7f4d225f7 (cherry picked from commit 2887159a1a5f5c501c2df59bf88e6faa38e9699f)
2020-08-18vppinfra: fix format_c_identifier vector overflowBenoît Ganne2-5/+3
In case of vector, we must check length before trying to access element. Also fix wrong DPDK plugin workaround. Type: fix Change-Id: I2ecef1c88ebef2362f48cab0d462699aa43cd4b9 Signed-off-by: Benoît Ganne <bganne@cisco.com> (cherry picked from commit 1bd6f61820c6c15534ebb04a4b070ba84bf08a9d)
2020-08-18vppinfra: enable STATIC_ASSERT with clangBenoît Ganne2-6/+3
For some reason clang does not support &((struct foo*)0)->field in static assertion contrary to gcc. Use offsetof() macro implementation provided by both compilers instead. Type: fix Change-Id: I3311cdd29c5861e45dc0ef92f2bbd66242ca73b8 Signed-off-by: Benoît Ganne <bganne@cisco.com> (cherry picked from commit 5e60c17f49082b7731778e81b58177177a31b58f)
2020-08-18ip: fix format_ip6_address_and_mask() bugChenmin Sun1-3/+2
Previously there's a format_ip4_address in format_ip6... This patch fixes this typo Type: fix Signed-off-by: Chenmin Sun <chenmin.sun@intel.com> Change-Id: Ice124db6594720ed35a992d069341f399c331e1d (cherry picked from commit e30f9c5c6342a0f2430848ec4166b75596642964)
2020-08-18ip: set ip4 mask for ip_copy and ip_set when dealing with ip4 typejiangxiaoming1-2/+8
Type: fix Signed-off-by: jiangxiaoming <jiangxiaoming@outlook.com> Change-Id: I3ace7dfe3ddacb4f7fa7a974a2ffe2b3cf902ff9 (cherry picked from commit 9268b5823fa7a16195f638e5b1f9c54b430f2f3c)
2020-08-18ip: fix the order in ip4 punt redirectMohsin Kazmi1-2/+2
Type: fix Fixes: a84cb715f5a4366dd2f32de18ad92bec566924da Change-Id: Id448d6ae9cfdd3122e8187121c509412835117c5 Signed-off-by: Mohsin Kazmi <sykazmi@cisco.com> (cherry picked from commit c6eae9c079defa4812270945d614c4598db262d8)
2020-08-18classify: fix debug CLIDave Barach1-1/+5
unformat_ip6_mask wasn't accounting for customized field names when deciding if it managed to parse at least one field. Type: fix Signed-off-by: Dave Barach <dave@barachs.net> Change-Id: I26cab4c6828b510e277079628af5115ac43af3ff (cherry picked from commit 126c88544103d3775252f741398111875f6a62d7)
2020-08-18tcp: avoid rcv wnd more than RX fifo can enqueueRyujiro Shibuya2-7/+12
Type: fix Signed-off-by: Ryujiro Shibuya <ryujiro.shibuya@owmobility.com> Signed-off-by: Florin Coras <fcoras@cisco.com> Change-Id: Ie358b731f8ecb1fcaebd6e79f5ce5c10802c2814 (cherry picked from commit cc1085647b2ae36e6c086d65b4e81b9f1cf9fc9a)
2020-08-18udp: align udp_encap_t_ to 2 cachelinesVadym Martsynovskyy1-4/+4
Based on the comments in the struct, udp_encap_t_ is meant to span 2 cachelines. Due to the 64 bit alignment of dpo_id_t, the struct spanned 3 cachelines. This caused fetching ue_ip_proto to trigger an additional cache miss. This patch rearranges the ordering of the struct fields so that udp_encap_t_ only spans 2 cachelines as intended. before: (gdb) print (int)&((struct udp_encap_t_*)0)->cacheline1 $8 = 128 after: (gdb) print (int)&((struct udp_encap_t_*)0)->cacheline1 $1 = 64 Type: fix Signed-off-by: Vadym Martsynovskyy <vmartsyn@fb.com> Change-Id: I066c08654d4a8ef3e2d3954e957d4c5d382b209f (cherry picked from commit 42386fc974148f812ef3eb73ff09a603caa23565)
2020-08-18ip: fix the punt redirect for ip4Mohsin Kazmi1-6/+9
Type: fix Change-Id: I39341f201209931392f315ead5adfddd8b567caf Signed-off-by: Mohsin Kazmi <sykazmi@cisco.com> (cherry picked from commit a84cb715f5a4366dd2f32de18ad92bec566924da)
2020-08-18nat: avoid division by zeroKlement Sekera1-1/+8
Return error instead of dividing by zero. Type: fix Signed-off-by: Klement Sekera <ksekera@cisco.com> Change-Id: I9f6a942e87ab87e8f1921e744ec1add45884e74a (cherry picked from commit fe77bdc1906cca6a76bd44b1aceffc971f64cec4)
2020-08-18nat: deterministic: disallow invalid configKlement Sekera2-5/+20
Prevent overflow if input network prefix is too small and crash on packet #1 due to vector not being allocated/initialized. Type: fix Signed-off-by: Klement Sekera <ksekera@cisco.com> Change-Id: I3494cc62ce889df48cc59cc9340b5dd70338c3a8 (cherry picked from commit f3d7bd9d4d652b1c4b687267acdb9fdb908a74bd)
2020-08-18vppinfra: fix u32x4_gather definitionDamjan Marion1-1/+1
Type: fix Change-Id: I3df8d3f277bfadee95bfc329e8ce8b929a986af6 Signed-off-by: Damjan Marion <damarion@cisco.com> (cherry picked from commit 97b9e008b9e072120ea8b0d98e81e898c3adbd4d)
2020-08-18misc: fix sonarclound warningsDave Barach3-2/+11
Type: fix Ticket: VPP-1888 Signed-off-by: Dave Barach <dave@barachs.net> Change-Id: I9c2fb926a5e010658088a74051c8c3462ff61734 (cherry picked from commit 1af730d0dfbb91475c6808ed579494d3d223b724)
2020-08-18api: check id is valid for bounce checkingBenoît Ganne1-1/+1
If the id is invalid we cannot check whether we must free the message or not, free it anyway. Type: fix Change-Id: Ie4426f601390d1e5e14c739f670e8c1e6e3aaf1e Signed-off-by: Benoît Ganne <bganne@cisco.com> (cherry picked from commit ff13e46215ab96df988310b4a20eddefad92de99)
2020-08-18buffers: fix non-default sized buffers initializationBenoît Ganne1-5/+21
Type: fix Change-Id: I4a93e1d9936414c514cb237a22624986b3ef5b3d Signed-off-by: Benoît Ganne <bganne@cisco.com> (cherry picked from commit c16fe4689055242c64c71d83e41908a8fb6c2726)
2020-08-18vlib: node recyling and node deletion missing triggering graph node syncSteven Luong1-27/+1
When recycling a graph node vnet_register_interface, it is missing an explicit call to vlib_worker_thread_node_runtime_update(). However, there is an implicit call to vlib_worker_thread_node_runtime_update() via vnet_sw_interface_set_flags_helper() if it enables a new feature on the interface for the first time. But that implicit call is not guaranteed. For example, if an interface is created, deleted, and created, then it may skip the implicit call to vlib_worker_thread_node_runtime_update(). When that happens, the graph nodes on thread 0 are not sync'ed to the worker threads. So the worker thread's graph nodes are out of sync momentarily with the main thread's graph nodes until some other event happens which calls for a sync is needed. During this window, the worker thread's graph node is vulnerable and may experience a crash. When deleting a graph node, we never trigger a sync to the worker thread. A patch was committed 3 years ago via https://gerrit.fd.io/r/c/vpp/+/7523 to fix a show run crash. In hindsight, the approach taken by 7523 is not orthogonal. While at it, let's fix it right for both issues with a call to vlib_worker_thread_node_runtime_update() in the appropriate place and remove 7523. Type: fix Ticket: VPPSUPP-86 Fixes: gerrit 7523 / 19e9d954bd9eb4f04d48640d6540198e84ef65d7 Signed-off-by: Steven Luong <sluong@cisco.com> Change-Id: Ic9472bd2d3a212dbfeceb526506ed0400983a142 (cherry picked from commit 1eae8ecb7acc7d80d5c08e300295bec94bf78f0b)
2020-08-18mactime: print error if feature not enabledDave Barach1-1/+8
Type: fix Signed-off-by: Dave Barach <dave@barachs.net> Change-Id: I8fbc4baefecf512573126c5085ed7a6e2e360fbe (cherry picked from commit c1f0d9c105c25c67d9ef86a53c10d43d40b61fe0)
2020-08-18fib: fix multiple dpo pool expand casesDave Barach6-7/+76
Add dpo_pool_barrier_sync/release, use them to clean up thread-unsafe pool expansion cases. Type: fix Signed-off-by: Dave Barach <dave@barachs.net> Change-Id: I09299124a25f8d541e3bb4b75375568990e9b911 (cherry picked from commit 26d890eb4b1ab19fea4d2d02bfc6dc89d2c1b771)
2020-08-18fib: fix adj pool expand casesDave Barach1-1/+24
adj_alloc (...) is not thread safe when the adj pool or combined counter vectors expand. Type: fix Signed-off-by: Dave Barach <dave@barachs.net> Change-Id: I55710de6ecc083b7434e11798659cca9250c9131 (cherry picked from commit c2d2228e928b7c69dc88e9c3b7502966d0e32d8d)
2020-08-18fib: add barrier sync, pool/vector expand casesDave Barach3-1/+66
load_balance_alloc_i(...) is not thread safe when the load_balance_pool or combined counter vectors expand. Type: fix Signed-off-by: Dave Barach <dave@barachs.net> Change-Id: I7f295ed77350d1df0434d5ff461eedafe79131de (cherry picked from commit 8341f76fd1cd4351961cd8161cfed2814fc55103)
2020-08-18nat: fix coverity warningKlement Sekera1-1/+1
Type: fix Change-Id: I0e87021b11009a955f5839bdb68af897145816c1 Signed-off-by: Klement Sekera <ksekera@cisco.com> (cherry picked from commit c39c79c5aa7b5410f3aad4a770a741ab04f7dcc5)
2020-08-18misc: ipfix-export unformat u16 collector_port fixElias Rudberg3-1/+20
Use %U and unformat_udp_port instead of %u for unformat() call for u16 collector_port number in set_ipfix_exporter_command_fn() to avoid corruption of other variables which can happen if unformat() with %u is used with a 16-bit variable. This avoids crash due to corrupted fib_index value. Type: fix Signed-off-by: Elias Rudberg <elias.rudberg@bahnhof.net> Change-Id: Id54273fcc458a7f9c5aa4025aa91711f160c1c1a (cherry picked from commit 2dca180db989ea7afacdf4e70cc85e4408557382)
2020-08-18tap: fix rx queue indexMohsin Kazmi1-1/+2
Type: fix Change-Id: I5601bdeb47d08118476ff7bd29435d2c1dba34b9 Signed-off-by: Mohsin Kazmi <sykazmi@cisco.com> (cherry picked from commit 04f4d91c9fe6c8d639e28edb5dd3df2c82f92428)
2020-08-18dhcp: use per-thread vlib main instead of global oneBenoît Ganne1-2/+2
Type: fix Change-Id: I8890aa5cc3c576fc9fb68735549dfab721714310 Signed-off-by: Benoît Ganne <bganne@cisco.com> (cherry picked from commit dcd4aa2110e274f9185e1e5b47ec22d66cc23136)
2020-08-18nat: fix regarding vm arg for vlib_time_now callElias Rudberg1-1/+2
Change in snat_ipfix_header_create() to use thread-specific vlib_main_t *vm pointer to avoid problems with different threads accessing the same vlib_main_t data structure. This avoids assertion failure when vlib_time_now() is called with a vm corresponding to a different thread. Type: fix Signed-off-by: Elias Rudberg <elias.rudberg@bahnhof.net> Change-Id: I2096c1debb5688d3b97e5ed9a0ea78d94053d8b7 (cherry picked from commit 5556813fb63d28240a17ccf18f947e60c4cbb263)
2020-08-18fib: Fix interpose source reactivateNeale Ranns1-0/+14
Type: fix when the interpose is on an adj-fib and the cover is removed the adj source will not install. this lead to no path list being found for the interpose source and a crash. pick a drop path list in this case. Signed-off-by: Neale Ranns <nranns@cisco.com> Change-Id: Ied217da043926c913657080f5ffb151201225d23 (cherry picked from commit 1bf6df4ff9c83bac1fc329a4b5c4d7061f13720a)
2020-08-18dpdk: fix pktmbuf pool private data initBenoît Ganne1-0/+1
Type: fix Change-Id: I7349840af48eec209532dab43a8ad0bd68993268 Signed-off-by: Benoît Ganne <bganne@cisco.com> (cherry picked from commit c32a84c70efb45081568fc8aa5fa1884d74865fe)