summaryrefslogtreecommitdiffstats
AgeCommit message (Collapse)AuthorFilesLines
2022-10-17vlib: Counter free needs to NULL the allocated counter vectorNeale Ranns2-2/+14
otherwise the next time the counter is validated this is dangling. Type: fix Fixes: 58fd481d73 Signed-off-by: Neale Ranns <neale@graphiant.com> Change-Id: Ifa8d5ff27175cf6dfb30cbf023fa3251fe5c780e
2022-10-16ip-neighbor: delete redundant help information in cli.Huawei LI1-12/+17
Delete redundant help information in ip neighbor's cli. There is no code implementation about fib-id and proxy in the cli's subsequent process. Type: fix Signed-off-by: Huawei LI <lihuawei_zzu@163.com> Change-Id: I1e276aad030409e3f2f62fee489ea95d316e67b5
2022-10-15linux-cp: fix infinite loop in CLI lcp defaultluoyaozu1-3/+12
CLI lcp default clear or lcp default netns hangs in an infinite while loop. Type: fix Signed-off-by: luoyaozu <luoyaozu@foxmail.com> Change-Id: I699338abc045c84361707260adbb5b574a383170
2022-10-13l2: coverity complains dead codesSteven Luong1-14/+11
Coverity complains dead codes in 2 places due to a recent commit as pointed out in Fixes. The dead codes are if (seed < L2_BD_ID_MAX % 2) is_seed_low = 1; and if (is_seed_low) seed += (2 * (i % 2) - 1) * i; seed can never be less than (L2_BD_ID_MAX % 2). Consequently, is_seed_low is always 0. There is also other problem. The inner loop is iterating only once. The fix is to greatly simplify the code to generate a random bd_id. Type: fix Fixes: Ieb6919f958f437fc603d5e1f48cab01de780951d Signed-off-by: Steven Luong <sluong@cisco.com> Change-Id: I318773b9a59950920e051548ef14e36054ebd5e6
2022-10-13session: make session code compile with SESSION_DEBUG enableSteven Luong3-2/+16
Session debug code does not compile anymore due to vlib_mains global variable disappearing over time. Replace it with vlib_get_main_by_index call. Add a cmake variable and pass it from make command line to enable session debug. Notice transport debug is required for session debug. make rebuild VPP_EXTRA_CMAKE_ARGS=-DVPP_TCP_DEBUG_ALWAYS=ON VPP_EXTRA_CMAKE_ARGS+=-DVPP_SESSION_DEBUG=ON Type: fix Signed-off-by: Steven Luong <sluong@cisco.com> Change-Id: Ic2e887c6b10b77cbabd56934f4931fcfa04a6751
2022-10-13gomemif: migrate to govpp repositoryMatus Halaj17-3287/+1
Type: make Signed-off-by: Matus Halaj <mhalaj@cisco.com> Change-Id: I1d48c7e44fdf23438132996fd3288b29da1fe36e
2022-10-13docs: fix memory traces commandBenoît Ganne1-1/+1
Type: fix Change-Id: I8fc949da209a5067c702952fbd0e6ce77b921d02 Signed-off-by: Benoît Ganne <bganne@cisco.com>
2022-10-13misc: avoid permission issue when running envoyMaros Ondrejicka2-1/+6
Because envoy didn't have permission for `envoy.log` file it would stop. This made tests involving envoy fail. Adding `ENVOY_UID` environment variable makes envoy run as root, which avoids the problem. Type: fix Signed-off-by: Maros Ondrejicka <maros.ondrejicka@pantheon.tech> Change-Id: I910416ad1c87137396e7da89c13de7739ce74c70
2022-10-12vpp-swan: fix linked library to pluginGabriel Oginski1-2/+2
Due to refactor keeping api common code in vlibapi, changes order linked library to this plugin. Type: fix Signed-off-by: Gabriel Oginski <gabrielx.oginski@intel.com> Change-Id: Id94c0b78cbce4954d34a82123506a76370b12b23
2022-10-12ip: migrate ip4 full reassembly to use vlib_buffer_enqueue_to_nextDamjan Marion1-155/+144
Type: improvement Change-Id: Ibf683c9ba8a2751e0b40920f6735cfe0a35a6e6d Signed-off-by: Damjan Marion <dmarion@me.com>
2022-10-12ip: simpler and faster ip4_full_reass_drop_allDamjan Marion1-41/+19
Type: improvement Change-Id: I4a75583ce718ba6466cd09ca8373fd43988ef62a Signed-off-by: Damjan Marion <dmarion@me.com>
2022-10-12misc: fix issues reported by clang-15Damjan Marion26-75/+37
Type: improvement Change-Id: I3fbbda0378b72843ecd39a7e8592dedc9757793a Signed-off-by: Damjan Marion <dmarion@me.com>
2022-10-11l2: Add bridge_domain_add_del_v2 to l2 apiLaszlo Kiraly17-53/+226
https://jira.fd.io/browse/VPP-2034 Type: fix Signed-off-by: Laszlo Kiraly <laszlo.kiraly@est.tech> Change-Id: Ieb6919f958f437fc603d5e1f48cab01de780951d
2022-10-11tests: don't use tmp as the default log dir with run.pyNaveen Joy2-2/+8
The log file directory is configurable with run.py using the --log-dir argument. This patch removes the use of /tmp as the default dir for storing all test logs. The default log dir is now set to show the year, month and day of the test run. This provides a more meaningful aggregation of test logs for effective troubleshooting. The default log dir is set to <CWD>/test-run-YYYY-MM-DD. Type: improvement Change-Id: I6c9002e961f6e06fc953ca42d86febf4f218e566 Signed-off-by: Naveen Joy <najoy@cisco.com>
2022-10-11vppinfra: fix AddressSanitizerBenoît Ganne7-0/+8
When checking for CLIB_SANITIZE_ADDR to enable specific behavior for AddressSanitizer, we must have vppinfra/clib.h included as it is defined there. Type: fix Change-Id: I9060c3c29c1289d28596c215a1d1709b2ea7c84e Signed-off-by: Benoît Ganne <bganne@cisco.com>
2022-10-11nat: report time between current vpp time and last_heardDave Cornejo4-0/+274
existing details report the last_heard as the seconds since VPP started, this is not very useful, so report additionaly time_since_last_heard in seconds between VPP time and last_heard. Change-Id: Ifd34b1449e57919242b1f0e22156d3590af3c738 Type: improvement Signed-off-by: Dave Cornejo <dcornejo@netgate.com> Signed-off-by: Vladimir Ratnikov <vratnikov@netgate.com>
2022-10-11fib: fix crash when create vxlan/vxlan-gpe/geneve/gtpu tunnel.Huawei LI7-22/+22
Fix vpp crash when create vxlan/vxlan-gpe/geneve/gtpu tunnel with 0.0.0.0 dst ip in debug build. The ASSERT should be move out of fib_prefix_from_ip46_addr, which may be called when create vxlan/vxlan-gpe/geneve/gtpu tunnel with 0.0.0.0 dst ip. How to reproduce: 1. build debug vpp and run vpp 2. create vxlan t src 192.168.0.2 dst 0.0.0.0 vni 1 instance 1 create vxlan-gpe tunnel local 192.168.0.2 remote 0.0.0.0 vni 1 create geneve tunnel local 192.168.0.2 remote 0.0.0.0 vni 1 create gtpu tunnel src 192.168.0.2 dst 0.0.0.0 teid 1 Type: fix Change-Id: I19972f6af588f4ff7fd17de1b16b9301e43d596f Signed-off-by: Huawei LI <lihuawei_zzu@163.com>
2022-10-07tcp: cmake option VPP_TCP_DEBUG_ALWAYS=ON not taken by all filesSteven Luong1-0/+1
Some files include tcp_debug.h without including <vpp/vnet/config.h> As a result, those files do not get VPP_TCP_DEBUG_ALWAYS option set. The fix is to include <vpp/vnet/config.h> in tcp_debug.h Type: fix Signed-off-by: Steven Luong <sluong@cisco.com> Change-Id: I0c141147f1e8d1b49c5a1440fac1e97cbd96aaa7
2022-10-07tests: disable broken wireguard tests on vpp_debug imageDave Wallace2-1/+13
Type: test Signed-off-by: Dave Wallace <dwallacelf@gmail.com> Change-Id: I3a53d57e42f4c1f5ba0de6d2b181c7f2ad083a3a
2022-10-07tcp: build image with TCP_DEBUG_ALWAYS via makeSteven Luong2-0/+5
Add cmake option to enable TCP_DEBUG_ALWAYS. make rebuild VPP_EXTRA_CMAKE_ARGS=-DVPP_TCP_DEBUG_ALWAYS=ON make rebuild VPP_EXTRA_CMAKE_ARGS=-DVPP_TCP_DEBUG_ALWAYS=OFF Type: improvement Signed-off-by: Steven Luong <sluong@cisco.com> Change-Id: I911a8d615f76516ae0a988bc6135c3b0d8fcb3df
2022-10-07build: retain dpdk_mlx_default setting for ci scriptDave Wallace2-3/+3
- tell git to ignore all build/external generated files Type: make Signed-off-by: Dave Wallace <dwallacelf@gmail.com> Change-Id: I4af26a76a0248939366cd09b577d422af801c0c3
2022-10-07urpf: add mode for specific fib index lookuphedi bouattour5-38/+175
this patch adds a mode to urpf in order to perform the lookup in a specified vrf instead of the interface vrf Type: feature Change-Id: Ieb91de6ccdfbf32b6939364f3bebeecd2d57af19 Signed-off-by: hedi bouattour <hedibouattour2010@gmail.com>
2022-10-07fib: add fib_entry_get_path_list_for_sourceDamjan Marion2-0/+22
Type: improvement Change-Id: Ie035bebf64226691cffc84484e4bf7310287d1b7 Signed-off-by: Damjan Marion <dmarion@me.com>
2022-10-07abf: return status of attachment add/delMatthew Smith1-7/+5
Type: fix The handler for abf_itf_attach_add_del was always returning 0. Set rv to the return value of call to abf_itf_attach() or abf_itf_detach(). Signed-off-by: Matthew Smith <mgsmith@netgate.com> Change-Id: Ibb888bb148e6e03fc2776e2384b3a6e26148a429
2022-10-06vcl: add api to check if vcl disconnected from vppMaros Ondrejicka2-1/+21
Type: feature Signed-off-by: Maros Ondrejicka <maros.ondrejicka@pantheon.tech> Change-Id: I98bc108360f9d04a33126865ce49d2702cbe9cdf
2022-10-06gso: set the header offsets in gro hdr fixupMohsin Kazmi1-0/+3
Type: fix Signed-off-by: Mohsin Kazmi <sykazmi@cisco.com> Change-Id: I9d5004f8764b1833e5ca825bc52345e23770c6bc
2022-10-06gso: fix the checksum for odd number of data bytesMohsin Kazmi1-0/+1
Type: fix Signed-off-by: Mohsin Kazmi <sykazmi@cisco.com> Change-Id: I07b694323e0f6745dec2b846785026b152d78af6
2022-10-06gomemif: update to libmemif version 4.0Daniel Béreš7-10/+553
Type: improvement This patch provides: 1. interrupt mode support, 2. abstract socket support, 3. overriding responder example and divides it to two examples: -icmp_responder_cb -icmp_responder_poll Signed-off-by: Daniel Béreš <dberes@cisco.com> Change-Id: I99c86d053521760c457541fc596ed554f4077608
2022-10-05fib: only invoke adj delegate create callback on mcast adj createPeter Morrow1-2/+2
adj_delegate_adj_created() is incorrectly called when an existing adj is found and returned. This can lead to crashes in some cases in the pmtu delegate: (gdb) bt 0 0x00007f2aa8fc9ce1 in raise () from /lib/x86_64-linux-gnu/libc.so.6 1 0x00007f2aa8fb3537 in abort () from /lib/x86_64-linux-gnu/libc.so.6 2 0x0000564361b5403a in os_exit (code=code@entry=1) at ./src/vpp/vnet/main.c:437 3 0x00007f2aa9271a3e in unix_signal_handler (signum=11, si=<optimized out>, uc=<optimized out>) at ./src/vlib/unix/main.c:188 4 <signal handler called> 5 0x00007f2aa9970d5a in fib_table_get_table_id_for_sw_if_index (proto=FIB_PROTOCOL_IP4, sw_if_index=<optimized out>) at ./src/vnet/fib/fib_table.c:1156 6 0x00007f2aa964aebf in ip_pmtu_adj_delegate_adj_created (ai=8) at ./src/vnet/ip/ip_path_mtu.c:197 7 0x00007f2aa9993ee5 in adj_delegate_adj_created (ai=ai@entry=8) at ./src/vnet/adj/adj_delegate.c:166 8 0x00007f2aa998dbde in adj_mcast_add_or_lock (proto=proto@entry=FIB_PROTOCOL_IP6, link_type=link_type@entry=VNET_LINK_IP6, sw_if_index=sw_if_index@entry=7) at ./src/vnet/adj/adj_mcast.c:95 9 0x00007f2aa95c7b3e in ip6_link_enable (sw_if_index=7, link_local_addr=link_local_addr@entry=0x0) at ./src/vnet/ip/ip6_link.c:217 10 0x00007f2aa9621587 in vl_api_sw_interface_ip_enable_disable_t_handler (mp=0x7f2a4fa5ad10) at ./src/vnet/ip/ip_api.c:108 11 0x00007f2aaa3b7e44 in msg_handler_internal (free_it=0, do_it=1, trace_it=<optimized out>, msg_len=<optimized out>, the_msg=0x7f2a4fa5ad10, am=0x7f2aaa3cc020 <api_global_main>) at ./src/vlibapi/api_shared.c:593 12 vl_msg_api_handler_no_free (the_msg=0x7f2a4fa5ad10, msg_len=<optimized out>) at ./src/vlibapi/api_shared.c:810 13 0x00007f2aaa3a1702 in vl_socket_process_api_msg (rp=<optimized out>, input_v=<optimized out>) at ./src/vlibmemory/socket_api.c:208 14 0x00007f2aaa3a95d8 in vl_api_clnt_process (vm=<optimized out>, node=<optimized out>, f=<optimized out>) at ./src/vlibmemory/memclnt_api.c:429 15 0x00007f2aa9226f37 in vlib_process_bootstrap (_a=<optimized out>) at ./src/vlib/main.c:1235 16 0x00007f2aa91824a8 in clib_calljmp () at /builds/graphiant/graphnos/vpp/debian/output/source_dir/src/vppinfra/longjmp.S:123 17 0x00007f2a47cf5d60 in ?? () 18 0x00007f2aa922853f in vlib_process_startup (f=0x0, p=0x7f2a494dc000, vm=0x7f2a489ed680) at ./src/vlib/main.c:1260 19 dispatch_process (vm=0x7f2a489ed680, p=0x7f2a494dc000, last_time_stamp=<optimized out>, f=0x0) at ./src/vlib/main.c:1316 20 0x0000000000000000 in ?? () (gdb) Type: fix Change-Id: I2d3c041e0be8284471771c7882c89f743baab0e5 Signed-off-by: Peter Morrow <pdmorrow@gmail.com>
2022-10-05ip: reassembly - custom context instead of VRFMohammed Hawari2-40/+137
Change-Id: Id8d6ab96a710cdd207068cf19a6363bbcd584de4 Type: improvement Signed-off-by: Mohammed Hawari <mohammed@hawari.fr>
2022-10-05ip: reassembly - custom context of ipv6Mohammed Hawari2-26/+129
Change-Id: Ia5ec7fc0c71e6a0ad1b43df24bb6b88e616d260d Type: improvement Signed-off-by: Mohammed Hawari <mohammed@hawari.fr>
2022-10-05build: change make verify gate os to ubuntu 22.04Dave Wallace1-2/+3
- Also fix log output to remove hardcoded compiler version Type: make Change-Id: I1b224d8e9a042c58dbae689a8be706089cc1377f Signed-off-by: Dave Wallace <dwallacelf@gmail.com>
2022-10-04rdma: unhackish build of rdma-coreMohammed Hawari4-26/+11
Change-Id: I2040b560b2a00f8bd176ae6ad46035678a2b249e Type: improvement Signed-off-by: Mohammed Hawari <mohammed@hawari.fr>
2022-10-04build: mlx dpdk-rdma compatibility matrixMohammed Hawari5-4/+16
- Verify mlx_rdma_dpdk_matrix.txt versions, build MLX drivers in dpdk if the versions match. Also output version comparison results to a file for CI job to send notification email when the versions do not match. Change-Id: Id1384ba4ea4b1f855f4d77d1d8e2c38683abfe1f Type: improvement Signed-off-by: Mohammed Hawari <mohammed@hawari.fr> Signed-off-by: Dave Wallace <dwallacelf@gmail.com>
2022-10-03tcp: replace tcp_time_now with tcp_time_now_usSteven Luong2-29/+30
It looks like tcp_time_now has been deprecated for a while and the replacement is tcp_time_now_us Type: fix Signed-off-by: Steven Luong <sluong@cisco.com> Change-Id: Ifaed2632baa49d489d4e03f2623d8cc9a6f36e64
2022-10-03sr: new messages created to return packet statistics in sr localsid detailsChinmayaAgarwal2-0/+98
Type: improvement Signed-off-by: ChinmayaAgarwal <chinmaya.agarwal@hsc.com> Change-Id: I27d5981a77d4166a92db9ecf73d9b0eed962ec19
2022-09-30fib: fix dpo-receive address in ip6-ll fibsVladislav Grishenko2-2/+9
Need to fill frp_addr for local path, it's used by dpo-receive. If not, address output can be invalid: $ sudo vppctl sh ip6-ll fe80::dcad:ff:fe00:3/128 IP6-link-local:loop3, fib_index:2, locks:[IPv6-nd:1, ] fe80::dcad:ff:fe00:3/128 fib:2 index:55 locks:2 IPv6-nd refs:1 entry-flags:connected,import,local, src-flags:added,contributing,active, path-list:[72] locks:2 flags:shared,local, uPRF-list:58 len:0 itfs:[] path:[82] pl-index:72 ip6 weight=1 pref=0 receive: oper-flags:resolved, cfg-flags:local,glean, [@0]: dpo-receive: 8000:100:fe80::dcad:ff on loop3 forwarding: unicast-ip6-chain [@0]: dpo-load-balance: [proto:ip6 index:57 buckets:1 uRPF:58 to:[0:0]] [0] [@2]: dpo-receive: 8000:100:fe80::dcad:ff on loop3 Type: fix Change-Id: Ib9874c5eac74af789e721098d512a1058cb8e404 Signed-off-by: Vladislav Grishenko <themiron@yandex-team.ru>
2022-09-30udp: add udp encap source port entropy supportVladislav Grishenko9-41/+355
Encode entropy value in UDP source port when requested per RFC 7510. CLI already has "src-port-is-entropy", use zero UDP source port in API to avoid breaking changes, since zero port is not something to be used in wild. Also, mark UDP encapsualtion API as mp-safe as already done for CLI. Type: feature Change-Id: Ieb61ee11e058179ed566ff1f251a3391eb169d52 Signed-off-by: Vladislav Grishenko <themiron@yandex-team.ru>
2022-09-29gso: clear the offload flags from segmented buffersMohsin Kazmi1-0/+1
Type: fix Signed-off-by: Mohsin Kazmi <sykazmi@cisco.com> Change-Id: I2901628d23f9b81edb32d0ced3877e5799a6cec7
2022-09-29api: deprecate vl_msg_api_set_handlersDamjan Marion12-116/+168
Type: refactor Change-Id: I7b7ca9ec62cb70243c5b7e87968eab1338d67ec8 Signed-off-by: Damjan Marion <damarion@cisco.com>
2022-09-28vpp-swan: Add scripts for testingGabriel Oginski12-0/+409
Added scripts to reparing setups for testing To prepare and run containers: sudo ./extras/strongswan/vpp_sswan/docker/run.sh prepare_containers To prepare setups: sudo ./extras/strongswan/vpp_sswan/docker/run.sh config To clean-up settups: sudo ./extras/strongswan/vpp_sswan/docker/run.sh clean To deleted all containers and images in Docker: sudo ./extras/strongswan/vpp_sswan/docker/run.sh deleted Type: feature Signed-off-by: Gabriel Oginski <gabrielx.oginski@intel.com> Change-Id: I77f01c0419dccc95f610046c8552ae825f2c7e12
2022-09-28vpp-swan: Add plugin for vpp-swanGabriel Oginski13-0/+3713
Added plugin vpp-swan is a plugin that helps offloading Strongswan IPsec ESP process from Linux Kernel to VPP. Type: feature Signed-off-by: Gabriel Oginski <gabrielx.oginski@intel.com> Change-Id: Iec77945892453fac1890d3c49d7d86fc6b09c893
2022-09-28tests: stabilize wireguard ratelimiting testAlexander Chernavin1-29/+13
Type: test "test_wg_handshake_ratelimiting_multi_peer" has been unstable recently because the test strongly relies on execution speed. Currently, the test triggers ratelimiting for peer 1 and sends handshake initiations from peer 1 and 2 mixed up. After that, the test expects that all handshake initiations for peer 1 are ratelimited and a handshake response for peer 2 is received. Ratelimiting is based on the token bucket algorithm. The more time passes between triggering ratelimiting for peer 1 and sending a mixture of handshake initiations from peer 1 and 2, the more tokens will be added into the bucket for peer 1. Depending on delays between these steps, the number of tokens might be enough to process handshake initiations from peer 1 while they are expected to be rejected due to ratelimiting. With this change, these two steps are combined into one and the logic modified. The test triggers ratelimiting for both peer 1 and 2. Packets that trigger ratelimiting and that are to be rejected are sent in one batch that is going to reduce delays between packet processing. Also, verify that number of rejected handshake messages is in expected range instead of verifying the exact number as it still may slightly vary. Also, this should finish making the wireguard tests stable on Ubuntu 22.04 and Debian 11. Signed-off-by: Alexander Chernavin <achernavin@netgate.com> Change-Id: I3407d15abe1356dde23a241ac3650e84401c9802
2022-09-28af_xdp: change RLIMIT_MEMLOCK before load bpf programChen Yahui1-0/+7
default RLIMIT_MEMLOCK is 64. if we use multi af_xdp interfaces or load complex bpf program, libbpf will return permission error. root cause is default 64 is not large enough. So we change it before load bpf program. Type: fix Change-Id: Ia6aed19c9256c498cf1155586a54a32b3f444105 Signed-off-by: Chen Yahui <goodluckwillcomesoon@gmail.com>
2022-09-27tests: enable ipsec-esp 'make test' testcases on ubuntu-22.04Dave Wallace2-59/+1
Type: test Signed-off-by: Dave Wallace <dwallacelf@gmail.com> Change-Id: I016fd169813e369208089df122477152aaf9ffc2
2022-09-27wireguard: stop sending handshakes when wg intf is downAlexander Chernavin2-4/+199
Type: fix Currently, when a wg interface is administratively disabled initially or during operation, handshake packets continue to be sent. Data packets stop being sent because routes pointing to the wg interface will not be used. But data keys remain. With this fix, when a wg interface is administratively disabled during peer creation, avoid connection initialization to the peer. Data keys and timers should be empty at this point. When a wg interface is disabled during operation, disable all peers (i.e. stop all timers, clear data keys, etc.). Thus, state should be identical in both cases. When a wg interface is administratively enabled, enable all peers (i.e. get ready to exchange data packets and initiate a connection). Also, cover these scenarios with tests. Signed-off-by: Alexander Chernavin <achernavin@netgate.com> Change-Id: Ie9a620077e55d519d21b0abc8c0d3c87b378bca3
2022-09-27crypto-openssl: use no padding for encrypt/decryptVladimir Ratnikov1-6/+1
Internaly, vpp uses it's own padding, so all the data is padded using blocksize in /src/vnet/ipsec/ipsec.c Openssl should add it's own padding, but the data is already padded. So on decrypt stage when padding should be removed, it can't be done. And it produces error `bad decrypt` Previous versions of openSSL decrypted data almost at the beginning of EVP_DecryptUpdate/EVP_DecryptFinal_ex and produced the same error, but data was already decrypted. Now it's not, so some algorithms could have some problems with it PS. openSSL 3.x.x Type: fix Signed-off-by: Vladimir Ratnikov <vratnikov@netgate.com> Change-Id: If715a80228548b4e588cee222968d9da9024c438
2022-09-27af_xdp: compile error undeclared identifier 'SOL_XDP'Chen Yahui1-0/+3
Type: fix Signed-off-by: Chen Yahui <goodluckwillcomesoon@gmail.com> Change-Id: Ia447420f692f1487d343886845d648d766e43c27 Signed-off-by: Chen Yahui <goodluckwillcomesoon@gmail.com>
2022-09-27vnet: fix ip4 version and IHL checkDmitry Valter2-3/+11
Validate version and IHL regardless of present options. Originally VPP would accept seriously damaged headers in case IHL != 5. Type: fix Signed-off-by: Dmitry Valter <d-valter@yandex-team.ru> Change-Id: Ifd59622efa63dfad7f6e4858dec40ccac3274574
2022-09-27wireguard: fix re-handshake timer when response sentAlexander Chernavin2-23/+48
Type: fix As per the protocol: A handshake initiation is retried after "REKEY_TIMEOUT + jitter" ms, if a response has not been received... Currently, if retransmit handshake timer is started, it will trigger after "REKEY_TIMEOUT + jitter" ms and will try to send a handshake initiation via wg_send_handshake() given that no responses have been received. wg_send_handshake() will verify that time stored in REKEY_TIMEOUT has passed since last handshake initiation sending and if has, will send a handshake initiation. Time when a handshake initiation was last sent is stored in last_sent_handshake. The problem is that last_sent_handshake is not only updated in wg_send_handshake() when sending handshake initiations but also in wg_send_handshake_response() when sending handshake responses. When retransmit handshake timer triggers and a handshake response has been sent recently, a handshake initiation will not be sent because for wg_send_handshake() it will look like that time stored in REKEY_TIMEOUT has not passed yet. Also, the timer will not be restarted. wg_send_handshake_response() must not update last_sent_handshake, because this time is used only when sending handshake intitiations. And the protocol does not say that handshake initiation retransmission and handshake response sending (i.e. replying to authenticated handshake initiations) must coordinate. With this fix, stop updating last_sent_handshake in wg_send_handshake_response(). Also, this fixes tests that used to wait for "REKEY_TIMEOUT + 1" seconds and did not receive any handshake initiations. Then they fail. Also, long-running tests that send wrong packets and do not expect anything in reply may now receive handshake intiations, consider them as replies to the wrond packets, and fail. Those are updated to filter out handshake initiations in such verifications. Moreover, after sending wrong packets, error counters are already inspected there to confirm packet processing was unsuccessful. Signed-off-by: Alexander Chernavin <achernavin@netgate.com> Change-Id: I43c428c97ce06cb8a79d239453cb5f6d1ed609d6