Age | Commit message (Collapse) | Author | Files | Lines |
|
Fool-proof assert_checksum_valid so that one does not verify checksum on
wrong layer (because of how scapy internally works).
Make assert_packet_checksums_valid start checksum checking at inner
layers and outwards to make it more obvious where the error is. With old
behaviour, if one received an ICMP packet carrying a truncated TCP
packet, an error would be raised for ICMP checksum, as that one would be
the first to be wrong after recalculating all packet checksums, while
the real issue is TCP header being truncated and thus unsuitable for use
with this function.
Type: improvement
Signed-off-by: Klement Sekera <klement.sekera@gmail.com>
Change-Id: I39a2b50ec5610f969cfde9796416ee3a50ae0ba3
|
|
The musl libc does not support closedir(0) resulting in a crash. Only
call closedir() if we successfully opened it.
Type: fix
Change-Id: I3198454f44735501047afc42b94b2fea273212f4
Signed-off-by: Benoît Ganne <bganne@cisco.com>
|
|
Type: improvement
Signed-off-by: Florin Coras <fcoras@cisco.com>
Change-Id: I8c116efb41d561e30fd0db1388cdba903e2edffe
|
|
Since VPP binaries are being compiled on host system,
it makes sense to autodetect Ubuntu version when building test images
so that containers would be running version equal to host system.
Type: test
Signed-off-by: Maros Ondrejicka <maros.ondrejicka@pantheon.tech>
Change-Id: I0e13d9ba1ddcd3ad5835bce1b8cccfc048e5e528
|
|
Allow the CLI caller to specify an optional [index <idx>] index,
which will remove the ACL at that index. This mimicks the API behavior,
Add a 'delete acl-plugin acl index <idx>' to mimick the API acl_del
call, which will refuse to delete a non-existent index, as well as
an index that is referenced by an interface.
Type: improvement
Signed-off-by: pim@ipng.nl
Change-Id: I5f240f7a4e3bca14e8122917e8a5186d80094de2
|
|
Change-Id: I7888ab58abced93859ce15d0dbd1c3d7c94a02f5
Signed-off-by: Mohammed Hawari <mohammed@hawari.fr>
Type: fix
Fixes: 0654242d1ef51566f0d58445a16053cf376e5a6e
|
|
Move config files to resources and docker files to separate directory
Type: test
Signed-off-by: Filip Tehlar <ftehlar@cisco.com>
Change-Id: I24dd0705c4a463c06de525f28cb54d882527320a
|
|
Type: test
Signed-off-by: Filip Tehlar <ftehlar@cisco.com>
Change-Id: I8b06f4554a6ee5b13de829e47eaa82431a76c332
|
|
The current implementation of wireguard use dereference value from
pointer, but between get and dereference the value from pointer can be
occur change in pool memory, which means that this pointer can be
invalid. Since current implementation doesn't handle with invalid
pointers, segfault can occur.
The fix add a local variable to keep index of peer from pool and also
handle with null pointers from get pointer from pool.
Type: fix
Signed-off-by: Gabriel Oginski <gabrielx.oginski@intel.com>
Change-Id: Ic161ab08266e584493338c682d827ea1fd754b98
|
|
path implementation
In fast path implementation of spd policy lookup opposite convention to
the original implementation has been applied and local ip range has been
interchanged with the remote ip range. This fix addresses this issue.
Type: fix
Signed-off-by: Piotr Bronowski <piotrx.bronowski@intel.com>
Change-Id: I0b6cccc80bf52b34524e98cfd1f1d542008bb7d0
|
|
These functions do not need modifiable strings.
It helps with linker sections as well as C++ compatibility.
It is a good style to use const where approriate.
Type: refactor
Signed-off-by: void234@gmail.com
Change-Id: Ib437a01663aa61860c6a938d869ed1111da71ec7
|
|
These functions do not need modifiable strings.
It helps with linker sections as well as C++ compatibility.
It is a good style to use const where approriate.
Type: refactor
Signed-off-by: void234@gmail.com
Change-Id: I8d1e922197b3594122296e8c1af57e0a8ec0bf3d
|
|
Type: fix
Signed-off-by: Florin Coras <fcoras@cisco.com>
Change-Id: I021f8e8bba247b0050d390a37dbc75900dc6a598
|
|
Official nginx image is based on Debian with older libc version,
that causes a runtime fail when VPP libraries are compiled in Ubuntu
which has newer libc.
Using equal version of Ubuntu in VPP image and in nginx image
ensures that running nginx won't fail due to different libc versions.
Type: test
Signed-off-by: Maros Ondrejicka <maros.ondrejicka@pantheon.tech>
Change-Id: I48f3b23be30a9d9d9144351437ce163d64a4bb6b
|
|
Type: fix
Signed-off-by: Liangxing Wang <liangxing.wang@arm.com>
Change-Id: I1f757abccd228b9e73f25c96754738c8e6bff259
|
|
Installs the unversioned .so symlink in the -dev component.
This prevent debian lintian error:
link-to-shared-library-in-wrong-package
NAMELINK_COMPONENT was added in cmake 3.12
Type: make
Change-Id: I9d743218fa1f6b677659d745525e399ff66e73f4
Signed-off-by: Nick Brown <nickbroon@gmail.com>
|
|
AF_XDP support is deprecated in libbpf since v0.7.0 [1], the libxdp library
now provides the functionality which once was in libbpf, this commit updates
af_xdp plugin to depend on libxdp, libbpf still remains a dependency even if
libxdp is present, as it need use libbpf APIs for program loading.
libxdp is distributed within xdp-tool [2], xdp-tools package also
include libbpf in it as dependency, so here installed libxdp v1.2.9 and
libbpf v0.8.0, both from xdp-tool-1.2.9 package.
More information about libxdp compatibility can be found in the libxdp
README [3].
In libbpf v0.8.0, The bpf_prog_load function was deprecated and changed to
bpf_object__open_file and bpf_object__next_program and bpf_object__load,
The bpf_get_link_xdp_id and bpf_set_link_xdp_fd functions were deprecated
and changed to bpf_xdp_attach and bpf_xdp_detach, The bpf_object__unload
function was deprecated and changed to bpf_object__close.
[1] https://github.com/libbpf/libbpf/commit/277846bc6c15
[2] https://github.com/xdp-project/xdp-tools/releases/tag/v1.2.9
[3] https://github.com/xdp-project/xdp-tools/blob/master/lib/libxdp/README.org
Type: improvement
Change-Id: Ifbf6e3aa38bc6e0b77561f26311fd11c15ddb47e
Signed-off-by: Yulong Pei <yulong.pei@intel.com>
|
|
serialize_get() -> serialize_write_not_inline(...) was losing track of
the current buffer index when it managed to empty the overflow vector
but had to turn around and use it again.
Test-case added to test_serialize.c.
This issue dates from 2010.
Type: fix
Signed-off-by: Dave Barach <dave@barachs.net>
Change-Id: I024a03f7a50fd6df543ddbc7c45d85def4f1981d
|
|
This fixes an issue on systems with http proxy set.
Type: test
Signed-off-by: Filip Tehlar <ftehlar@cisco.com>
Change-Id: Ic84fcd0b8a7698ef101b369d46be858cbe85fc73
|
|
Musl is stricter than glibc and has a warning that including fctnl.h and
poll.h should be prefered rather than their sys/ counterparts, which
breaks -Wall setups.
Type: fix
Signed-off-by: Guillaume Solignac <gsoligna@cisco.com>
Change-Id: Id101e999371951b0927cc8c4109f8f1536de1bc2
|
|
Type: improvement
Signed-off-by: Josh Dorsey <jdorsey@netgate.com>
Change-Id: Iee43ca9278922fc7396764b88cff1a87bcb28349
|
|
Copy necessary only plugins in docker image
Type: improvement
Signed-off-by: Filip Tehlar <ftehlar@cisco.com>
Change-Id: I5f60a8a1ccbbe099ac60774562dc5901f3b4fbed
|
|
Volumes can be referenced with anchors to reduce text duplication
and to explicitly show which containers share a volume.
Type: test
Signed-off-by: Maros Ondrejicka <maros.ondrejicka@pantheon.tech>
Change-Id: Id408a78262573b3faf2257c32bfa569eca2e2049
|
|
Type: improvement
Change-Id: I30e66370c927afeb62ba3a2b3334bdc2a31d4561
Signed-off-by: Benoît Ganne <bganne@cisco.com>
|
|
Type: improvement
Change-Id: Ifea4badd58f7e2b5e792d7506f6747851a08587f
Signed-off-by: Benoît Ganne <bganne@cisco.com>
|
|
Creation of LCP will return garbled host_sw_if_index of the newly
created TAP interface.
Example PAPI code:
```
lcp_add = vpp.api.lcp_itf_pair_add_del_v2(is_add=True, sw_if_index=17,
host_if_type=VppEnum.vl_api_lcp_itf_host_type_t.LCP_API_ITF_HOST_TAP,
host_if_name="loop0", netns="dataplane")
print(lcp_add)
lcp_ret = vpp.api.lcp_itf_pair_get()
print(lcp_ret)
```
Before, the returned host_sw_if_index has the wrong endianness:
VPP version is 23.02-rc0~212-gf06a518f8
lcp_itf_pair_add_del_v2_reply(_0=103, context=2, retval=0, host_sw_if_index=301989888)
(lcp_itf_pair_get_reply(_0=105, context=3, retval=0, cursor=4294967295),[lcp_itf_pair_details(_0=106, context=3, phy_sw_if_index=17, host_sw_if_index=18, vif_index=594, host_if_name='loop0', host_if_type=<vl_api_lcp_itf_host_type_t.LCP_API_ITF_HOST_TAP: 0>, netns='dataplane')])
After, it is correctly showing idx 18:
VPP version is 23.02-rc0~212-gf06a518f8
lcp_itf_pair_add_del_v2_reply(_0=103, context=2, retval=0, host_sw_if_index=18)
(lcp_itf_pair_get_reply(_0=105, context=3, retval=0, cursor=4294967295), [lcp_itf_pair_details(_0=106, context=3, phy_sw_if_index=17, host_sw_if_index=18, vif_index=595, host_if_name='loop0', host_if_type=<vl_api_lcp_itf_host_type_t.LCP_API_ITF_HOST_TAP: 0>, netns='dataplane')])
Type: fix
Signed-off-by: pim@ipng.nl
Change-Id: I9085bac0c4a9ad64356c67f9b85f4910131e349e
|
|
This patch removes a
.runs_after = VNET_FEATURES ("ip6-lookup"),
On the 'pt' node, as 'ip6-lookup' does not belong to the 'ip6-output' arc.
Type: fix
Change-Id: Ie34aaf7351593f08c61e3b02aaf9f72a4de1a437
Signed-off-by: Nathan Skrzypczak <nathan.skrzypczak@gmail.com>
|
|
Type: fix
Change-Id: Ifc709b6e7217a893d13aee6d3019e699637366ef
Signed-off-by: Benoît Ganne <bganne@cisco.com>
|
|
Uses VPP's clib_host_to_net functions, and initializes a potentially
uninitialized variable.
Type: fix
Signed-off-by: Guillaume Solignac <gsoligna@cisco.com>
Change-Id: Ie6b035c698f57ff39aeb955b35db8ec40f383b7a
|
|
Change-Id: I704c35644b3caf6567be4b43dc4e550d1394e438
Type: improvement
Signed-off-by: Naveen Joy <najoy@cisco.com>
|
|
In most cases we only need OpenSSL libcrypto (crypto primitives) but
not libssl (tls).
Type: improvement
Change-Id: I9dce27d23d65bf46aea2d0f8aaf417240701efcc
Signed-off-by: Benoît Ganne <bganne@cisco.com>
|
|
Type: fix
Signed-off-by: Florin Coras <fcoras@cisco.com>
Change-Id: Ibff9f32e4fcaf0344207d8e43f3547180cbd4eef
|
|
Type: fix
This patch adds a fix for an issue in the ipsecmb library resulting in
lower than expected performance in multi-threaded scenarios. This is
due to multiple threads writing the same global variable simultaneously.
Signed-off-by: marcel.d.cornu@intel.com
Change-Id: Ibcac321aa40da4b1709198dec3e18226e3891138
|
|
When use update api delete a virtual address, no matter which IP want to delete, always delete the last one.
Type: fix
Signed-off-by: GaoChX <chiso.gao@gmail.com>
Change-Id: Ia67c06dd53a442740794e1884d1a4aaa06965398
|
|
Type: fix
Signed-off-by: Florin Coras <fcoras@cisco.com>
Signed-off-by: Steven Luong <sluong@cisco.com>
Change-Id: Ibebe9e4ab7331c3ae66c9502e910368acaba51ec
|
|
Type: fix
Signed-off-by: Florin Coras <fcoras@cisco.com>
Signed-off-by: Steven Luong <sluong@cisco.com>
Change-Id: I1b5a35b9d53cc56d4d8050de70f40b95e92f1011
|
|
Type: style
Signed-off-by: Filip Tehlar <ftehlar@cisco.com>
Change-Id: Ia87b28e81b6fd06c8c3681bf3cb1dd6ce8c84f41
|
|
This will add a new target (fixstyle) to Makefile that runs gofmt tool.
Type: style
Signed-off-by: Filip Tehlar <ftehlar@cisco.com>
Change-Id: Icba60633f82aa8bbc75749f080e00f0375b55a18
|
|
Type: test
Signed-off-by: Filip Tehlar <ftehlar@cisco.com>
Change-Id: Idd5352f254df0d1f36c1270e73440c9287247b81
|
|
Type: fix
Signed-off-by: Florin Coras <fcoras@cisco.com>
Change-Id: I1a3393b579caeb5dc25b60bc1b4a71706fb07051
|
|
unformat_ip46_address() requires the address type as 2nd parameter.
Type: fix
Change-Id: Iaa1aebaebd1a947dab6c936c3b931854c0a3facc
Signed-off-by: Benoît Ganne <bganne@cisco.com>
|
|
Type: improvement
Allow vapi to signal to an application's RX thread that it should wake
up and exit.
Before disconnecting from VPP's API, libvlibmemoryclient inserts an
rx_thread_exit message into the client's own input queue to cause its
RX thread to wake up from its blocking dequeue and exit cleanly. Add a
function to vapi's API which will allow libvapi client applications
which have an RX thread waiting for incoming messages using vapi_wait()
to do the same thing.
The existing libvlibmemoryclient code which does this was moved to a
separate function and made available for vapi_stop_rx_thread() to call.
Also fixed some inconsistencies in indentation of function prototypes in
vapi.h to make checkstyle.sh happy.
Signed-off-by: Matthew Smith <mgsmith@netgate.com>
Change-Id: I7bbb73470807123cc63ef313cfb91d1fd31b34e5
|
|
Type: fix
Signed-off-by: Dave Barach <dave@barachs.net>
Change-Id: Idbdfdf2d3fdbb64366f50d5a7458c4073a4f2746
|
|
Type: fix
Signed-off-by: Dave Barach <dave@barachs.net>
Change-Id: I720b1395ee8714de2e2386b31a0f2c041272042a
|
|
We were creating an additional worker not backed by any VPP threads,
leading off-by-1 access in the session main workers vector.
Also uses vec_elt_at_index() when accessing session main workers vector
elements to catch those errors more easily.
Type: fix
Change-Id: I6059116b7b64ae6b26ad83c1fcf55df8522868ad
Signed-off-by: Benoît Ganne <bganne@cisco.com>
|
|
Type: fix
Signed-off-by: Arthur de Kerhor <arthurdekerhor@gmail.com>
Change-Id: I208724a515c9a38c4032f101bdf73aa87b1c13be
|
|
Previously it was linked and worker properly. While rdma build
was simplified, link was lost so all encrypted data won't pass
via Mellanox interfaces(ipsec, ipip, ssh etc) and NetVSC taps
won't created the right way.
Errors:
mlx5_common: Verbs device not found: 21a5:00:02.0
mlx5_common: Failed to initialize device context.
EAL: Requested device 21a5:00:02.0 cannot be used
Tested on Azure. Same errors appears on physical machine with
Mellanox connect adapter
Type: fix
Signed-off-by: Vladimir Ratnikov <vratnikov@netgate.com>
Change-Id: Ib68976282e0ed91c016a7318db6b5eddf5510c47
|
|
Type: improvement
Signed-off-by: Mohsin Kazmi <sykazmi@cisco.com>
Change-Id: I3ec857adb3a9e8a778072a202a4d23f4101e83b2
|
|
Type: test
Signed-off-by: Filip Tehlar <ftehlar@cisco.com>
Change-Id: Ifa56da632b139acd5e743c3076c24b5b55388924
|
|
- load openssl legacy providers during quic init
when building with openssl 3.0 or greater
- re-enable quic 'make test' testcases on
ubuntu-22.04
Type: fix
Change-Id: Icfd429b6bc1bddf9f9937baa44cc47cd535ac5f2
Signed-off-by: Dave Wallace <dwallacelf@gmail.com>
|