summaryrefslogtreecommitdiffstats
AgeCommit message (Collapse)AuthorFilesLines
2021-06-30vcl: coverity fixesFlorin Coras1-1/+1
Type: fix Signed-off-by: Florin Coras <fcoras@cisco.com> Change-Id: I290e4b0dff6afe7ce755074f3aaaf945dbbf3e09
2021-06-30ipsec: Derive the TUNNEL_V6 flag from the configured address typesNeale Ranns3-3/+8
Type: improvement There's no need for the user to set the TUNNEL_V6 flag, it can be derived from the tunnel's address type. Signed-off-by: Neale Ranns <neale@graphiant.com> Change-Id: I073073dc970b8a3f2b2645bc697fc00db1adbb47
2021-06-29session: free ctrl event data on connect rpcFlorin Coras1-0/+1
Type: fix Signed-off-by: Florin Coras <fcoras@cisco.com> Change-Id: I56c4682aef59ed0e69073f9001341c425e65bd48
2021-06-29ipsec: Fix setting the hi-sequence number for decryptNeale Ranns9-327/+1245
Type: fix two problems; 1 - just because anti-reply is not enabled doesn't mean the high sequence number should not be used. - fix, there needs to be some means to detect a wrapped packet, so we use a window size of 2^30. 2 - The SA object was used as a scratch pad for the high-sequence number used during decryption. That means that once the batch has been processed the high-sequence number used is lost. This means it is not possible to distinguish this case: if (seq < IPSEC_SA_ANTI_REPLAY_WINDOW_LOWER_BOUND (tl)) { ... if (post_decrypt) { if (hi_seq_used == sa->seq_hi) /* the high sequence number used to succesfully decrypt this * packet is the same as the last-sequnence number of the SA. * that means this packet did not cause a wrap. * this packet is thus out of window and should be dropped */ return 1; else /* The packet decrypted with a different high sequence number * to the SA, that means it is the wrap packet and should be * accepted */ return 0; } - fix: don't use the SA as a scratch pad, use the 'packet_data' - the same place that is used as the scratch pad for the low sequence number. other consequences: - An SA doesn't have seq and last_seq, it has only seq; the sequence numnber of the last packet tx'd or rx'd. - there's 64bits of space available on the SA's first cache line. move the AES CTR mode IV there. - test the ESN/AR combinations to catch the bugs this fixes. This doubles the amount of tests, but without AR on they only run for 2 seconds. In the AR tests, the time taken to wait for packets that won't arrive is dropped from 1 to 0.2 seconds thus reducing the runtime of these tests from 10-15 to about 5 sceonds. Signed-off-by: Neale Ranns <neale@graphiant.com> Change-Id: Iaac78905289a272dc01930d70decd8109cf5e7a5
2021-06-29tcp: add ACK flag to RST packetliuyacan1-1/+1
According to RFC 793, the ACK control bit is always sent once the connection is established. Type: fix Signed-off-by: liuyacan <liuyacan@corp.netease.com> Change-Id: Id0fe19114a0cc468dbce4c0938b345c2ac339e73
2021-06-29vcl: improvements to epoll ltFlorin Coras3-52/+85
Type: improvement Signed-off-by: Florin Coras <fcoras@cisco.com> Change-Id: If585b9c48f67599c56a8c4b4a5139375bc4287f6
2021-06-29ipsec: increment SPD policy counters for bypass and discard actions in ↵Zachary Leaf1-0/+20
ipsec4_input_node ipsec_spd_policy_counters are incremented only for matched inbound PROTECT actions (:273 and :370). BYPASS + DISCARD actions also have SPD policy counters that should be incremented on match. This fix increments the counters for inbound BYPASS and DISCARD actions. Type: fix Signed-off-by: Zachary Leaf <zachary.leaf@arm.com> Change-Id: Iac3c6d344be25ba5326e1ed45115ca299dee5f49
2021-06-29vcl: Don't use app_socket_api to notify VPP in parent when child exitedwanghanlin1-1/+5
Type: fix Signed-off-by: wanghanlin <wanghanlin@corp.netease.com> Change-Id: Icd2fc3cc2d0a0a6060abfb262044cf9e09ab4ba2
2021-06-29vcl: Don't memset events to optimize CPU usagewanghanlin1-8/+6
In stress test case, memset may consume a lot of CPU because vls_epoll_wait is called very frequently. Type: improvement Signed-off-by: wanghanlin <wanghanlin@corp.netease.com> Change-Id: I9b4e1d6e1c4d7217cf0b2529d8efed792dea7b40
2021-06-28vcl: epoll fix postponed evt handlingFlorin Coras1-6/+33
Type: fix Signed-off-by: Florin Coras <fcoras@cisco.com> Change-Id: I3d208f8ef4638e7557929f4b2bca4d640af85baa
2021-06-28ipsec: Split the SA add_del API into an separate add and delNeale Ranns3-56/+100
Type: improvement the rationale being that the del only requires the SA's ID, so it's a bit mean to require the client to fill out all the other information as well. Signed-off-by: Neale Ranns <neale@graphiant.com> Change-Id: Ibbc20405e74d6a0e1a3797465ead5271f15888e4
2021-06-28ipsec: Enable the extended Sequence Number IPSec tests for GCMNeale Ranns1-2/+72
Type: test Signed-off-by: Neale Ranns <neale@graphiant.com> Change-Id: Ie691b1c8841f5e195525bfff990f12ab918ba394
2021-06-26vrrp: prevent segfault in multicast join due to missing LL AddrJon Loeliger1-2/+5
If an IPv6 Link Layer Address is missing from an interface, treat it as a down interface. While this fails to send a VRRP multicast group join, it also prevents a seg fault. Type: fix Fixes: 39e9428b90bc74d1bb15fc17759c8ef6ad712418 Signed-off-by: Jon Loeliger <jdl@netgate.com> Change-Id: Iebf69bb30604a96de6587655eb872aa818158a56
2021-06-25stats: reverts part of a fix on Python clientArthur de Kerhor1-12/+4
Puts return statements back inside code blocks under the lock Type: fix Change-Id: I76d426f336200035026b92bcb0ffe2b472a3142d Signed-off-by: Arthur de Kerhor <arthurdekerhor@gmail.com>
2021-06-25stats: revert "add a retry mechanism in a symlink test"Beno�t Ganne1-15/+1
This reverts commit d70777aa60a87001f323f3b226d7e5cee2cd23d8. Reason for revert: wrong fix Type: fix Change-Id: Ibff1b977eae8d2cc85888165ebf83c42eb661698 Signed-off-by: Benoît Ganne <bganne@cisco.com>
2021-06-25stats: fix race conditions in vpp-api stats clientArthur de Kerhor1-4/+12
Type: fix Signed-off-by: Arthur de Kerhor <arthurdekerhor@gmail.com> Signed-off-by: Dave Wallace <dwallacelf@gmail.com> Change-Id: Ie5c197f6ec0d41d5e405b22662701d83ad94d29e
2021-06-24session: fix session formated str output truncated in cliXiaoming Jiang2-12/+16
Type: fix Signed-off-by: Xiaoming Jiang <jiangxiaoming@outlook.com> Change-Id: I2c2b739a5aa246bbf53d6663efd403c3aee9dddd
2021-06-24linux-cp: stop managing adjacencies for tunnelsAlexander Chernavin1-0/+12
Type: fix Outbound packets which arrive on tun/L3 interfaces use a default adjacency for the interface & address family from the corresponding interface pair. However, there are entries in the linux-cp adj table that are created for them. Managing these entries might cause a segfault because the rewrite data might exceed the reserved space for it of 28 bytes in the linux-cp adj key (e.g. in case of GRE IPv6). With this change, stop creating adjacencies for tun/L3 interfaces in the linux-cp adj table and delegating them. Signed-off-by: Alexander Chernavin <achernavin@netgate.com> Change-Id: I4bcd685860053ab87c65064c182e3ed53fd4fae9
2021-06-24svm: fix asan check failed @svm_map_region on armTianyu Li1-4/+3
==283032==AddressSanitizer CHECK failed: compiler-rt/lib/asan/asan_mapping.h:366 "((AddrIsInMem(p))) != (0)" (0x0, 0x0) #0 0x49c128 in __asan::AsanCheckFailed #1 0x4ae8dc in __sanitizer::CheckFailed #2 0x495dec in __asan::ShadowSegmentEndpoint::ShadowSegmentEndpoint #3 0x495e48 in __asan_unpoison_memory_region #4 0xfffff4e851f8 in svm_map_region /home/vpp/src/svm/svm.c:611:7 #5 0xfffff4e86d9c in svm_region_init_internal /home/vpp/src/svm/svm.c:797:8 #6 0xfffff4e87ce4 in svm_region_init_args /home/vpp/src/svm/svm.c:880:3 #7 0xfffff7f30d30 in vlibmemory_init /home/vpp/src/vlibmemory/memory_api.c:974:3 #8 0xfffff4fd5368 in vlib_main /home/vpp/src/vlib/main.c:1986:16 svm_global_region_base_va 0x200000000000 is not in the aarch64 mapping range, leading check failure and vpp cannot start. aarch64 asan mapping || `[0x201000000000, 0xffffffffffff]` || HighMem || || `[0x041200000000, 0x200fffffffff]` || HighShadow || || `[0x001200000000, 0x0411ffffffff]` || ShadowGap || || `[0x001000000000, 0x0011ffffffff]` || LowShadow || || `[0x000000000000, 0x000fffffffff]` || LowMem || x86 asan mapping || `[0x10007fff8000, 0x7fffffffffff]` || HighMem || || `[0x02008fff7000, 0x10007fff7fff]` || HighShadow || || `[0x00008fff7000, 0x02008fff6fff]` || ShadowGap || || `[0x00007fff8000, 0x00008fff6fff]` || LowShadow || || `[0x000000000000, 0x00007fff7fff]` || LowMem || Type: fix Signed-off-by: Tianyu Li <tianyu.li@arm.com> Change-Id: I55ddbdcd361d66d4cfaf6459b2fa20fd8b64af37
2021-06-24vcl: fix vcl_session_write_ready when connectingliuyacan1-0/+4
Applications like curl will poll the fd after a non-blocking connect, so we need to avoid returning the wrong event. Type: fix Signed-off-by: liuyacan <liuyacan@corp.netease.com> Change-Id: I7ea146fc954fda631b3d88b46bb80adfbcdf137c
2021-06-24l2: api cleanupFilip Tehlar5-1748/+25
Use autogenerated code. Does not change API definitions. Type: improvement Signed-off-by: Filip Tehlar <ftehlar@cisco.com> Change-Id: I7b84767e75d5f8310ec071036a5780fa4530f79f
2021-06-24linux-cp: add callbacks for pair managementMatthew Smith2-15/+41
Type: improvement Allow callbacks to be registered which will be called when an interface pair is added or deleted. Change-Id: I1c413ac2ada802021f9e56e2f878ce67e5eda2f5 Signed-off-by: Matthew Smith <mgsmith@netgate.com>
2021-06-23virtio: api cleanupFilip Tehlar4-363/+13
Use autogenerated code. Does not change API definitions. Type: improvement Signed-off-by: Filip Tehlar <ftehlar@cisco.com> Change-Id: I4f9316b16f16a48e2042aa17db596bfd181bd314
2021-06-23mss_clamp: iterate enabled direction as a vector, not poolJon Loeliger1-2/+2
Type: fix Fixes: bf55e9931ce203049385fbf55dde291ead556679 Signed-off-by: Jon Loeliger <jdl@netgate.com> Change-Id: I5410a7a5a8cdc1d41abcc42fe5b42e6e2991dc06
2021-06-23nat: ICMP handling fixesKlement Sekera4-24/+110
If ICMP comes from a router on path, source address must not be rewritten in o2i path to avoid getting wrong checksum. Fix ICMP checksum computations. Type: fix Signed-off-by: Klement Sekera <ksekera@cisco.com> Change-Id: I035debccf966d7dbd63c364cb1e43380d641f708
2021-06-23mpls: api cleanupFilip Tehlar4-688/+10
Use autogenerated code. Does not change API definitions. Type: improvement Signed-off-by: Filip Tehlar <ftehlar@cisco.com> Change-Id: I148022278a792b3687402b6915fe6fb513858a2a
2021-06-23span: api cleanupFilip Tehlar4-226/+16
Use autogenerated code. Does not change API definitions. Type: improvement Signed-off-by: Filip Tehlar <ftehlar@cisco.com> Change-Id: I7ec4bbb21a079c6f6adfb4f954054b2b07bf19c5
2021-06-22syslog: api cleanupFilip Tehlar3-47/+8
Use autogenerated code. Does not change API definitions. Type: improvement Signed-off-by: Filip Tehlar <ftehlar@cisco.com> Change-Id: I0971f12b7b82d5134d06ed0539d41624429c992b
2021-06-22tcp: api cleanupFilip Tehlar4-93/+9
Use autogenerated code. Does not change API definitions. Type: improvement Signed-off-by: Filip Tehlar <ftehlar@cisco.com> Change-Id: I3c06e9cb3fabdcdce9c17e93cfedfd771295f589
2021-06-22session: avoid reordering unlisten and connect msgFlorin Coras1-6/+33
Type: fix Signed-off-by: Florin Coras <fcoras@cisco.com> Change-Id: Ibe32f7965f8cf457c39845713b029c8a4647ee55
2021-06-22virtio: api cleanupFilip Tehlar3-606/+22
Use autogenerated code. Does not change API definitions. Type: improvement Signed-off-by: Filip Tehlar <ftehlar@cisco.com> Change-Id: I047310b8c9fcc51dcfb187710ff59b7895abe217
2021-06-22misc: punt: api cleanupFilip Tehlar4-93/+9
Use autogenerated code. Does not change API definitions. Type: improvement Signed-off-by: Filip Tehlar <ftehlar@cisco.com> Change-Id: I13dae61ddb7150c7fe9a7fd0eae73055ff3f2816
2021-06-22dpdk: enable igc devicesMatthew Smith2-27/+29
Type: improvement Set port type and supported flow actions on 2.5G Intel NICs which are managed by the igc PMD. Change-Id: Id144eaa158e24a3f10effb6b517d1c62fba0d2e8 Signed-off-by: Matthew Smith <mgsmith@netgate.com>
2021-06-22devices: af_packet api cleanupFilip Tehlar3-229/+8
Use autogenerated code. Does not change API definitions. Type: improvement Signed-off-by: Filip Tehlar <ftehlar@cisco.com> Change-Id: Ic7979755494a2fd23b9fa3d74e14f6b9ea0a46d0
2021-06-22qos: api cleanupFilip Tehlar3-108/+11
Use autogenerated code. Does not change API definitions. Type: improvement Signed-off-by: Filip Tehlar <ftehlar@cisco.com> Change-Id: I39505763371c98b75ff7b697dacd3eeb0d41d40a
2021-06-22api: asan: use vec_set_len() so ASan can keep track of buffer lenBenoît Ganne1-6/+6
ASan poison/unpoison vectors based on the vector length, but _vec_len() bypass ASan annotations, contrary to vec_set_len(). Type: fix Change-Id: I5265a5adcddef1aa11c77e0c3827346b1a66c306 Signed-off-by: Benoît Ganne <bganne@cisco.com>
2021-06-22vcl: validate vep handle when copying sessions on forkwanghanlin1-0/+31
When copying sessions from parent on fork, we should validate vep handle in order to EPOLL_CTL_DEL in vcl_session_cleanup correctly when child exit. Type: fix Signed-off-by: wanghanlin <wanghanlin@corp.netease.com> Change-Id: I7696ecd898460c9a296d2800e46c7140e2218ed7
2021-06-22vcl: move child wrk cleanup from sighandler to vls_epoll_waitwanghanlin1-1/+42
Main process may enter sighandler with a lock, such as lock in localtime or in mspace_free, and child wrk cleanup may try to get such locks and cause deadlock. The patch move cleanup to vls_epoll_wait to wait app's next call. Type: fix Signed-off-by: wanghanlin <wanghanlin@corp.netease.com> Change-Id: I9b208038a0f49b0ace44684189234aeac9d94730
2021-06-22devices: tapv2 api cleanupFilip Tehlar3-453/+12
Use autogenerated code. Does not change API definitions. Type: improvement Signed-off-by: Filip Tehlar <ftehlar@cisco.com> Change-Id: I0a2c1cbbe798ddf9d08da78bf0b458a0f54fa13a
2021-06-22sr: api cleanupFilip Tehlar4-245/+12
Use autogenerated code. Does not change API definitions. Type: improvement Signed-off-by: Filip Tehlar <ftehlar@cisco.com> Change-Id: I0bdf870e2e9b0ebc11a3ce252fbd0667a83de4e6
2021-06-22devices: api cleanupFilip Tehlar2-53/+8
Use autogenerated code. Does not change API definitions. Type: improvement Signed-off-by: Filip Tehlar <ftehlar@cisco.com> Change-Id: I03f51393a92bae45608d9fc9f53164f3b0add3cd
2021-06-22bonding: api cleanupFilip Tehlar3-714/+16
Use autogenerated code. Does not change API definitions. Type: improvement Signed-off-by: Filip Tehlar <ftehlar@cisco.com> Change-Id: I1de45c4db57444d2d2c9fb91b8a66a4f01be699b
2021-06-22nat: don't drop packet with ttl=1 if output featureKlement Sekera2-2/+28
TTL was already decremented in ip4-rewrite so it's okay if it's 1. Type: fix Signed-off-by: Klement Sekera <ksekera@cisco.com> Change-Id: I587dc343737c15247eb62837a06d5e44c0d11acc
2021-06-22ipsec: api cleanupFilip Tehlar4-527/+19
Use autogenerated code. Does not change API definitions. Type: improvement Signed-off-by: Filip Tehlar <ftehlar@cisco.com> Change-Id: I0db7343e907524af5adb2f4771b45712927d5833
2021-06-22ethernet: api cleanupFilip Tehlar4-163/+8
Use autogenerated code. Does not change API definitions. Type: improvement Signed-off-by: Filip Tehlar <ftehlar@cisco.com> Change-Id: Iacaefbf04834f000a14f151c4b848f280ac46d63
2021-06-22policer: api cleanupFilip Tehlar4-539/+9
Use autogenerated code. Does not change API definitions. Type: improvement Signed-off-by: Filip Tehlar <ftehlar@cisco.com> Change-Id: I5dd30870443a22a7da65f6b5a6d3967991e2aceb
2021-06-22bfd: api cleanupFilip Tehlar3-63/+11
Use autogenerated code. Does not change API definitions. Type: improvement Signed-off-by: Filip Tehlar <ftehlar@cisco.com> Change-Id: I7a0a189ce635a4a74e63ac4cb133686b8b7ba53a
2021-06-22stats: add a retry mechanism in a symlink testArthur de Kerhor1-1/+15
When creating a new node, a corresponding node symlink is created when the nodes counters update. To be sure we are able to access this symlink, a retry mechanism was added. Type: fix Signed-off-by: Arthur de Kerhor <arthurdekerhor@gmail.com> Change-Id: Ieb08d8554b4fd13d01e79062b5f820b235be9a13
2021-06-22build: vpp-ext-deps rpm version check may fail if system language is not Englishjiangxiaoming1-1/+1
Type: fix Signed-off-by: Xiaoming Jiang <jiangxiaoming@outlook.com> Change-Id: Ib691d8f66b0d6047d23a0bdc4f3d15e6380f31eb
2021-06-21vlib: fix coverity warningDave Barach1-0/+3
Type: fix Signed-off-by: Dave Barach <dave@barachs.net> Change-Id: Ib563e2c09d46cc26fb983ffde3d5fcb88166f6a5