aboutsummaryrefslogtreecommitdiffstats
AgeCommit message (Collapse)AuthorFilesLines
2023-02-07ipsec: fix AES CBC IV generation (CVE-2022-46397)stable/2106Benoît Ganne3-29/+65
For AES-CBC, the IV must be unpredictable (see NIST SP800-38a Appendix C). Chaining IVs like is done by ipsecmb and native backends for the VNET_CRYPTO_OP_FLAG_INIT_IV is fully predictable. Encrypt a counter as part of the message, making the (predictable) counter-generated IV unpredictable. Fixes: VPP-2037 Type: fix Change-Id: If4f192d62bf97dda553e7573331c75efa11822ae Signed-off-by: Benoît Ganne <bganne@cisco.com>
2021-11-30rdma: fix rdma-core installBenoît Ganne1-3/+3
We should not install symlinks to local build directory. Type: fix Change-Id: I81e624dd5775ec9c5dd8c58f578ee51c5acfef73 Signed-off-by: Benoît Ganne <bganne@cisco.com> (cherry picked from commit 521a9f8eb9d35d2d8783175b89821c6a157237ca)
2021-11-30build: Remove boost dependencies from VOMDave Wallace1-3/+2
- VOM was deprecated in VPP 21.06, but the boost library dependencies did not get cleaned up. Type: make Signed-off-by: Dave Wallace <dwallacelf@gmail.com> Change-Id: I0fb860a7a37676c1a1a0981c91f383882d9a820a (cherry picked from commit bfcd23968246086b5b884f7df1e78adb1a059724) Signed-off-by: Dave Wallace <dwallacelf@gmail.com>
2021-07-07dpdk: fix missing symbolFan Zhang3-11/+23
Type: fix This patch fixes the missing symbol of dpdk_plugin.so when creating symmetric key. The solution is to add dependency of libssl to dpdk cryptodev and disable cryptodev engine when libssl is not presented. Signed-off-by: Fan Zhang <roy.fan.zhang@intel.com> Change-Id: I30aa6e3e3af1faefa82883bad613e1d82235a2ec (cherry picked from commit 3f3da0d27dcf83808f2691205b891a42ac2b4679)
2021-06-30misc: 21.06 Release Notesv21.06Andrew Yourtchenko1-5/+1273
Change-Id: Iedd1263a971e50aceb2d579982484dd8873814dc Type: docs Signed-off-by: Andrew Yourtchenko <ayourtch@gmail.com> Signed-off-by: Dave Wallace <dwallacelf@gmail.com>
2021-06-29session: free ctrl event data on connect rpcFlorin Coras1-0/+1
Type: fix Signed-off-by: Florin Coras <fcoras@cisco.com> Change-Id: I56c4682aef59ed0e69073f9001341c425e65bd48 (cherry picked from commit 595724a49072b30356e365ce78a3cc815980d342)
2021-06-29vcl: Don't use app_socket_api to notify VPP in parent when child exitedwanghanlin1-1/+5
Type: fix Signed-off-by: wanghanlin <wanghanlin@corp.netease.com> Change-Id: Icd2fc3cc2d0a0a6060abfb262044cf9e09ab4ba2 (cherry picked from commit b940fd4d5a16b62a5aa09b924140a135fd06c6bb)
2021-06-29vcl: epoll fix postponed evt handlingFlorin Coras1-6/+33
Type: fix Signed-off-by: Florin Coras <fcoras@cisco.com> Change-Id: I3d208f8ef4638e7557929f4b2bca4d640af85baa (cherry picked from commit 87f7600dd67debf68d1236395cefdc5d6e7484fb)
2021-06-25stats: fix race conditions in vpp-api stats clientArthur de Kerhor1-1/+1
Type: fix Signed-off-by: Arthur de Kerhor <arthurdekerhor@gmail.com> Signed-off-by: Dave Wallace <dwallacelf@gmail.com> Change-Id: Ie5c197f6ec0d41d5e405b22662701d83ad94d29e (cherry picked from commit c9ae8cfaccd75fbc2dc27bdebccdbd14fc0cb60c)
2021-06-22session: avoid reordering unlisten and connect msgFlorin Coras1-6/+33
Type: fix Signed-off-by: Florin Coras <fcoras@cisco.com> Change-Id: Ibe32f7965f8cf457c39845713b029c8a4647ee55 (cherry picked from commit c53eb72931bc8c75204141f3952ac7682f0ae697)
2021-06-21vlib: fix coverity warningDave Barach1-0/+3
Type: fix Signed-off-by: Dave Barach <dave@barachs.net> Change-Id: Ib563e2c09d46cc26fb983ffde3d5fcb88166f6a5 (cherry picked from commit bfb9a66fab43e935772806e9d2f6b0ecf7146d67)
2021-06-17vcl: fix worker cleanupFlorin Coras1-0/+7
Type: fix Signed-off-by: Florin Coras <fcoras@cisco.com> Change-Id: I575068df56623f24c0290fa42b8d301548a089d4 (cherry picked from commit cba215dad3101c6b03483c5c40f806903de8460d)
2021-06-17tls: increase engine bits room in handle to support custom engine typejxm1-1/+1
Type: improvement Signed-off-by: jxm <jiangxiaoming@outlook.com> Change-Id: I80a51e841f9727b68d1de713b6b6d51675ef53c5 (cherry picked from commit 975fde82b11307180b3df7dc9b5b1b496f207a08)
2021-06-16vcl: fix fifo sharingFlorin Coras6-2/+35
Type: fix Signed-off-by: Florin Coras <fcoras@cisco.com> Change-Id: Iec1fe8315a057214901250d5fb06d1c1e33dda46 (cherry picked from commit 8eb8d50ecfd7507aae340cb05a0fb07a790e4303)
2021-06-14session: fix listener ct transport retrieval on acceptv21.06-rc2Florin Coras1-6/+8
Type: fix Signed-off-by: Florin Coras <fcoras@cisco.com> Change-Id: Ied2608e7a28c59c908803ca676abbe93072fadb8 (cherry picked from commit ba02641cc7a27ff02aca65036ffc4bd003497f0b)
2021-06-14tcp: fix proto in port reuse checkFlorin Coras1-2/+2
Type: fix Signed-off-by: Florin Coras <fcoras@cisco.com> Change-Id: I338e61654a62ed6308ecd8bb15e1a8b13cd859b9 (cherry picked from commit 41a6fbada173b2733ca3b43bf620d6a9634c50da)
2021-06-13vlib: fix dangling reference in node_by_name hashDave Barach1-1/+4
When recycling a debug CLI process node, unix_cli_file_add() needs to delete and recreate the related node_by_name hash table entry. Type: fix Signed-off-by: Dave Barach <dave@barachs.net> Change-Id: I635da4918509d5b22eae37627c2d9b3608380ca6 (cherry picked from commit 52c33d60bc63626d400067e38ab0af312fdb8594)
2021-06-11memif: fix crash with zero-copy slaveDamjan Marion1-1/+1
Type: fix Change-Id: I456cc0b0a6f2dc32b14791baf9d4a7f67279e8df Signed-off-by: Damjan Marion <damarion@cisco.com>
2021-06-11session: half-open free only on main threadFlorin Coras1-4/+3
TCP and (D)TLS clean up half-opens on main without a lock/barrier so cleanup initiated from first worker, e.g., cut-throughs, can corrupt the session pool. Type: fix Signed-off-by: Florin Coras <fcoras@cisco.com> Change-Id: I2e5162831c0e201b22454f17fe55bfac44b85fa9 (cherry picked from commit 6bd54caf46aaa68dddbae6161688d428ce60550b)
2021-06-11docs: cleanup, remove stale materialDave Barach78-2370/+16
Point https://fd.io/docs/vpp/master/links/index.html at docs.fd.io/vpp instead of at one specific stale release Remove https://fd.io/docs/vpp/master/featuresbyrelease/index.html Remove https://fd.io/docs/vpp/master/events/index.html Remove dead projects from https://fd.io/docs/vpp/master/relatedprojects/index.html Remove unsupported distros from https://fd.io/docs/vpp/master/whatisvpp/supported.html Reduce (doxygen) list of test framework doc files to actively supported releases Type: docs Signed-off-by: Dave Barach <dave@barachs.net> Change-Id: I179966fbbe09ac123e5f2647787a8dea93190b5c (cherry picked from commit 3db2c670a157b8bf2daccf77a872c154f88f6d0a)
2021-06-10vcl: touch fifo on epoll del only if session openFlorin Coras1-3/+6
Type: fix Signed-off-by: Florin Coras <fcoras@cisco.com> Change-Id: I0971c18a183319d09486459b0da08d44ce38acef (cherry picked from commit f1ddeeb15555e783a9cb0133d4f8eb9c40852ab5)
2021-06-09fib: make sure dpo is valid even when path pool expandsBenoît Ganne1-8/+22
The path pool can expand during in fib_path_attached_next_hop_get_adj() when calling adj_nbr_add_or_lock(). If dpo points to a path->fp_dpo, its reference becomes stale. Use a temporary copy instead. Type: fix Change-Id: Ie966cb5f3f7b416425964dca12f1f586bfc2010c Signed-off-by: Benoît Ganne <bganne@cisco.com> (cherry picked from commit e9d7b0982d7bd189097260b6581abff472da251a)
2021-06-09fib: make sure adj is valid during walkBenoît Ganne1-0/+3
The adj can be deleted during fib_walk_sync(), make sure it can happen only after clearing the SYNC_WALK_ACTIVE flag. Type: fix Change-Id: I68be00e9602e2783d9dced71c51547c38b7e8a00 Signed-off-by: Benoît Ganne <bganne@cisco.com> (cherry picked from commit 9f10edbb46dc1937ed99469a581723cb1ac1ff45)
2021-06-09ipsec: fix crypto ops in esp decryptBenoît Ganne1-2/+7
When both chained and non-chained buffers are processed in the same vector, make sure the non-chained buffers are processed as non-chained crypto ops. Type: fix Change-Id: I19fc02c25a0d5e2e8a1342e2b88bbae3fe92862f Signed-off-by: Benoît Ganne <bganne@cisco.com> (cherry picked from commit e631ece4aa32b33651ed458200ab551ffb8fbb47)
2021-06-08vppinfra: pool_free_elts() now supports fixed-size poolsDave Barach4-29/+112
Test added to the unittest plugin / test_vlib.py Type: improvement Signed-off-by: Dave Barach <dave@barachs.net> Change-Id: I73445e57918347c102ff6f5e8c9ddb9bd96f1407 (cherry picked from commit 4de5f9be88857197ddf17e3bff66318f78f4b6bb)
2021-06-07vcl: avoid multiple reads on peekFlorin Coras1-0/+4
Only try once and return what was found. Type: fix Signed-off-by: Florin Coras <fcoras@cisco.com> Change-Id: I50b1d26babf1b7431d36f6b7472a1fb01475bb35 (cherry picked from commit 233683180638d1c7f517b713722cbbeb3b4be86e)
2021-06-07vcl: avoid updating errno on ldp init checkFlorin Coras1-71/+43
Type: fix Signed-off-by: Florin Coras <fcoras@cisco.com> Change-Id: I7f5887865aa29c9881b5063be1d7d42369a493c1
2021-06-07tls: change picotls plugin crypto module to accommodate new version picotlsSimon Zhang2-3/+3
Type: fix Change-Id: I58931e235535be7d596ca578790f389b64a4fbd2 Signed-off-by: Simon Zhang <yuwei1.zhang@intel.com> (cherry picked from commit 778b3186fc911af2aabbbfbf56bc1df5e2373061)
2021-06-07vcl: accept zero length writesFlorin Coras1-7/+8
Type: fix Signed-off-by: Florin Coras <fcoras@cisco.com> Change-Id: I84985f59274e77219a38ea6ac865fc73ac635d72 (cherry picked from commit 0b0d28e9bf1ea078ce1a846d22e499d13eadd464)
2021-06-07vcl: epoll error handling fixes and improvementsFlorin Coras2-6/+22
- return VPPCOM_EEXIST if attempting to re-add a session - return VPPCOM_ENOENT if the session to be removed is not epolled - generate EPOLLIN if adding it through a mod operation on a session that has data and did not have the event previously set. Type: fix Signed-off-by: Florin Coras <fcoras@cisco.com> Change-Id: I728a06b8cf84af8d8c1dea7406e284de8886dffc (cherry picked from commit 2645f68985df4955fd8a161224595dad9f4ab488)
2021-06-07dpdk: silence coverity warning on use of uninitialized valuepibr1-0/+1
Type: fix Signed-off-by: Piotr Bronowski <piotrx.bronowski@intel.com> Change-Id: I76923ad5035498aae821db4fd42a127617476fbb (cherry picked from commit d838e533f1f8f5335ceadb193fa9554f44d04fbf)
2021-06-07build: fix build error after make wipeTianyu Li1-1/+1
ninja: error: '/home/vpp/src/vpp-api/vapi/fake.api.json', needed by 'CMakeFiles/vpp-api/vapi/fake.api.vapi.h', missing and no known rule to make it Recent fake.api.json has been moved from test/ to src/, update make wipe to reflect the movement. Type: fix Signed-off-by: Tianyu Li <tianyu.li@arm.com> Change-Id: I1e8ef414a3f8a2fce11767e0778fe21e14d54e6f (cherry picked from commit 0b652134752890fd987152005ed378a9520d2c68)
2021-06-07nat: fix broken nat44-ed cliRuslan Babayev2-10/+1
snat_set_frame_queue_nelts has been replaced with nat44_ed_set_frame_queue_nelts. Type: fix Signed-off-by: Ruslan Babayev <ruslan@babayev.com> Change-Id: I8d970be71376fdbb2bfd383d4d5824a8def93bb3
2021-06-05build: fix centos-8 cmake missing package dependencyDave Wallace1-1/+1
Type: fix Signed-off-by: Dave Wallace <dwallacelf@gmail.com> Change-Id: I199fea4607cf38a127ed31b2ddf1dd993a2462ba (cherry picked from commit e20d3c8c007bb7437ef7d1db47cfefb4235c0fe6)
2021-06-04tests: Fix 'test-wipe'Neale Ranns1-1/+0
Type: fix Error: vagrant@ ~/vpp (make-test-wipe) $ make test-wipe make[1]: Entering directory '/home/vagrant/vpp/test' make[2]: Entering directory '/home/vagrant/vpp/test' make[2]: *** ext: No such file or directory. Stop. make[2]: Leaving directory '/home/vagrant/vpp/test' make[1]: *** [Makefile:239: wipe] Error 2 make[1]: Leaving directory '/home/vagrant/vpp/test' make: *** [Makefile:440: test-wipe] Error 2 Signed-off-by: Neale Ranns <neale@graphiant.com> Change-Id: I3615a962882d5d56c394aa628e9942fed07cde84 (cherry picked from commit 46cb4c40941e06d726c116975c321603766d24bd)
2021-06-03dpdk: disable i40evf in favor of iavf patchJuraj Linkeš1-0/+232
Fix an issue where multiple VPP instances with DPDK starting at the same time would not initialize VFs properly. This is done by using the iavf PMD (where the issue can't be reproduced) instead of the i40evf PMD. Type: fix Ticket: VPP-1943 Signed-off-by: Juraj Linkeš <juraj.linkes@pantheon.tech> Change-Id: I444bd24722f81faec836478851e7cc3c72143227
2021-06-03svm: release mem order for fifo chunk list CASFlorin Coras1-6/+9
Type: fix Signed-off-by: Florin Coras <fcoras@cisco.com> Signed-off-by: Dave Wallace <dwallacelf@gmail.com> Change-Id: Ifad679f46abd6e9c18a3eaf7e55800a09f3791ab (cherry picked from commit 324d161963025a595a79a10cf953b23250f825a1)
2021-06-03session: avoid ct connects loopFlorin Coras1-1/+2
Type: fix Signed-off-by: Florin Coras <fcoras@cisco.com> Change-Id: I99af136ecab9be1f9e00de6d197b8f1c74ab4b20 (cherry picked from commit 821b5002bf5cd18e1ec7750ff1b6fb379b241869)
2021-06-03session: lcl transport info on acceptFlorin Coras3-2/+5
Type: improvement Signed-off-by: Florin Coras <fcoras@cisco.com> Change-Id: Ia46b0b8afed30f84b244c06f0457303f9e8832cd (cherry picked from commit 67c90a32b7ad0c5a38c483ce849cc7a231e7ba54)
2021-06-03srtp: cleanup build and default to disabledFlorin Coras2-12/+1
Type: fix Signed-off-by: Florin Coras <fcoras@cisco.com> Change-Id: I62fb56257445a05105e556d1ea6cc6280b5eeccc (cherry picked from commit 427feb6fdd8aee373405dbd3a59f69440107b046)
2021-06-03misc: bug fixes and improvements for stats Fuse fsArthur de Kerhor8-122/+267
Added syslogs Added support for symlinks Relocated make commands in a local Makefile Dumping stats on index instead of paths Updated README Added go.mod and go.sum with relevant dependencies for the module Type: fix Change-Id: I2c91317939b2f4d765771ab7038372ae27d3109d Signed-off-by: Arthur de Kerhor <arthurdekerhor@gmail.com> (cherry picked from commit 9cfbd3b7869db3ca5131c6fd0c0f77b787fa4312)
2021-06-01interface: fix vnet_sw_interface_update_unnumberedDave Barach1-6/+13
Unless a software interface is actually unnumbered, do not set ip[46]_main.lookup_main.if_address_pool_index_by_sw_if_index [sw_if_index] to ~0 Fixes this scenario: loop create set int state loop0 up create sub-interface loop0 1 set interface ip addr loop0.1 192.168.1.1/24 delete sub-interface loop0.1 set int ip addr loop0 192.168.1.1/24 Type: fix Signed-off-by: Dave Barach <dave@barachs.net> Change-Id: I46141d862fa57d70b93d7bb0c105403708165264 (cherry picked from commit 64d20e76b9108c9158b2b538cd2312d740f48103)
2021-06-01tls: fix handling of failed acceptsFlorin Coras1-3/+12
Type: fix Signed-off-by: Florin Coras <fcoras@cisco.com> Change-Id: I34b53dcaf4f049157b538ea40a39033d43e525a5 (cherry picked from commit b6fe52f3da79d4c4ea8095b9d36988b0825a9891)
2021-05-29hsa: proxy listener support addition of fifo segmentsFlorin Coras1-0/+1
Type: fix Signed-off-by: Florin Coras <fcoras@cisco.com> Change-Id: I59218f784140ef5ecb8468af6aebfe25fd7703a4 (cherry picked from commit b740fdc8ff7f58637524e999d5fe01b8b010810d)
2021-05-28svm: fix inadequate atomic load for chunk mgrDave Wallace2-6/+4
- Fixes intermittent LDP cut thru iperf3 test failure on AARCH64 Type: fix Change-Id: Id21a078d642e03d974bacacd1f4d0faa42fb6652 Signed-off-by: Dave Wallace <dwallacelf@gmail.com> (cherry picked from commit 5c520919e838bcb645ddd879641d54c620740989)
2021-05-26vppinfra: explicit blocking mode for sock connectsFlorin Coras4-5/+9
Type: fix Signed-off-by: Florin Coras <fcoras@cisco.com> Change-Id: I3a33230de13fef613dc9523cf24a9968d200c2e5 (cherry picked from commit 57e0af924b8b48cf39b1020bf11f10e3c227f22c)
2021-05-26misc: Initial changes for stable/2106 branchv21.06-rc1Andrew Yourtchenko1-0/+1
Change-Id: Ia484268463cc504902402cde2243f0cfdb02d101 Type: docs Signed-off-by: Andrew Yourtchenko <ayourtch@gmail.com>
2021-05-26fib: During the mfib lookup set the unicast FIB index in the packet so that ↵Neale Ranns2-28/+67
a uRPF check on a for-us packet is done in the correct VRF Type: fix Signed-off-by: Neale Ranns <neale@graphiant.com> Change-Id: Iafa6efea0d96962aa9136dccefc148a961f74476
2021-05-26pg: revert exec file fixesRay Kinsella1-6/+1
This reverts commit fd4fd0d1853ae7384e7a64c4cad17a3469720b95. Type: fix Change-Id: I6ef84f646372270ded486eacee81817067e49106 Signed-off-by: Ray Kinsella <mdr@ashroe.eu>
2021-05-26nat: add thread index assertionsKlement Sekera4-0/+11
Add extra assertions to debug build. Type: improvement Signed-off-by: Klement Sekera <ksekera@cisco.com> Change-Id: Ib20130365e8f9dbb556fcbb4321dd184c7eff603