summaryrefslogtreecommitdiffstats
AgeCommit message (Collapse)AuthorFilesLines
2023-02-06ipsec: fix SA names consistency in testsArthur de Kerhor5-127/+127
In some IPsec tests, the SA called scapy_sa designs the SA that encrypts Scapy packets and decrypts them in VPP, and the one called vpp_sa the SA that encrypts VPP packets and decrypts them with Scapy. However, this pattern is not consistent across all tests. Some tests use the opposite logic. Others even mix both correlating scapy_tra_spi with vpp_tra_sa_id and vice-versa. Because of that, sometimes, the SA called vpp_sa_in is used as an outbound SA and vpp_sa_out as an inbound one. This patch forces all the tests to follow the same following logic: - scapy_sa is the SA used to encrypt Scapy packets and decrypt them in VPP. It matches the VPP inbound SA. - vpp_sa is the SA used to encrypt VPP packets and decrypt them in Scapy. It matches the VPP outbound SA. Type: fix Signed-off-by: Arthur de Kerhor <arthurdekerhor@gmail.com> Change-Id: Iadccdccbf98e834add13b5f4ad87af57e2ea3c2a
2023-02-06ipsec: fix async crypto linked keys memory leakBenoît Ganne1-1/+6
Type: fix Change-Id: I7bd2696541c8b3824837e187de096fdde19b2c44 Signed-off-by: Benoît Ganne <bganne@cisco.com>
2023-02-03session: fix out of bounds event memcpyFlorin Coras1-3/+1
Type: fix Signed-off-by: Florin Coras <fcoras@cisco.com> Change-Id: If5300653edd2dad470985f4591959d00cad2a43b
2023-02-03nat: fix accidental o2i deletion/reuseDmitry Valter2-2/+79
Nat session is allocated before the port allocation. During port allocation candidate address+port are set to o2i 6-tuple and tested against the flow hash. If insertion fails, the port is busy and rejected. When all N attempts are unsuccessful, "out-of-ports" error is recorded and the session is to be deleted. During session deletion o2i and i2o tuples are deleted from the flow hash. In case of "out-of-ports" i2o tuple is not valid, however o2i is and it refers to **some other** session that's known to be allocated. By backing match tuple up session should be invalidated well enough not to collide with any valid one. Type: fix Signed-off-by: Dmitry Valter <d-valter@yandex-team.ru> Change-Id: Id30be6f26ecce7a5a63135fb971bb65ce318af82
2023-02-03vpp-swan: allow SAs to be used to the route-based IPsecAtzm Watanabe1-1/+17
This patch adds a "charon.plugins.kernel-vpp.use_tunnel_mode_sa" key into strongswan.conf. If this is turned off, SAs will be installed without tunnel information and can be used to "ipsec tunnel protect". For the route-based IPsec, it will be used with turning "policies" off in swanctl.conf. Type: feature Signed-off-by: Atzm Watanabe <atzmism@gmail.com> Change-Id: I58fb94bfe56627fa7002d9b95c48930a32993d2d
2023-02-03vppapigen: fix incorrect comments in jsonOndrej Fabry2-1/+4
Type: fix Signed-off-by: Ondrej Fabry <ofabry@cisco.com> Change-Id: I241cefbbce98cf6fef83f36bd87ae2c1f4b067f0
2023-02-02tls: openssl: fix SSL_read partial read scenarioOfer Heifetz1-8/+10
When application performs SSL_read from the app rx-fifo, it can pre-allocate multiple segments, but there is an issue if the OpenSSL manages to partially fill in the first segment, in this case, since data is assumed to be copied over by OpenSSL to the pre-allocated segments(s), vpp uses svm_fifo_enqueue_nocopy API which performs zero copy by passing the pre-allocated segment to SSL_read. If the decrypted data size is smaller than the pre-allocated fifo segment buffer size, application will fetch buffers including zero in the area not filled in by SSL_read. Type: fix Signed-off-by: Ofer Heifetz <oferh@marvell.com> Change-Id: I941a89b17d567d86e5bd2c35785f1df043c33f38
2023-02-02linux-cp: fix auto-sub-intStanislav Zaikin2-1/+5
lcp_itf_pair_pool could grew during sub-interface creation. Type: fix Signed-off-by: Stanislav Zaikin <zstaseg@gmail.com> Change-Id: Ideafe392f9bb2b418ce9d6faa4f08dfe26f4a273
2023-02-02ip: fix ip ACL tracesBenoît Ganne1-6/+9
If we match a next table, we must save its index in the trace instead of the index of the 1st table. Type: fix Change-Id: Idd862242e7fc200eb3ab29b17a26131b844af2c0 Signed-off-by: Benoît Ganne <bganne@cisco.com>
2023-02-02af_xdp: update custom XDP program exampleYulong Pei2-53/+65
Update custom XDP program example to work with libbpf 0.8.0 and libxdp 1.2.9. Type: fix Signed-off-by: Yulong Pei <yulong.pei@intel.com> Change-Id: Ib8d03f0be7f71fe996dfb7da0cfe35165711ebb0 Signed-off-by: Yulong Pei <yulong.pei@intel.com>
2023-02-02packetforge: fix order of dst/src address of macTing Xu1-2/+2
In the defination of mac node, the order of dst and src address is reversed. Swap their order in this patch. Type: fix Signed-off-by: Ting Xu <ting.xu@intel.com> Change-Id: I039accc0a881eef12f13c75c5becf8b7df97d525
2023-02-02af_xdp: fix default xdp program unload failYulong Pei1-20/+45
Change to get ad->linux_ifindex in af_xdp_create_if() instead of in af_xdp_load_program(), previous if did not load custom XDP program, ad->linux_ifindex will be none, but bpf_xdp_detach() need it, so default xdp program will be not unloaded when delete af_xdp interface. Type: fix Signed-off-by: Yulong Pei <yulong.pei@intel.com> Change-Id: Id8a640204e8d29152f03349a0b58104b275635aa
2023-02-02policer: API policer selection by indexMaxime Peim10-279/+917
Policer API calls were only by policer name. It is now possible to select a policer by its index. Some functionalities are also added to allow updating a policer configuration and to refill its token buckets. Some dead codes are being removed, and small fixes made. Type: improvement Signed-off-by: Maxime Peim <mpeim@cisco.com> Change-Id: I4cc8fda0fc7c635a4110da3e757356b150f9b606
2023-02-02fib: keep AddressSanitizer happyBenoît Ganne1-3/+2
adj_delegate_remove() makes 'ad' invalid, invalidate it only after its use. Type: fix Change-Id: I6908d3dd2962ebd3fdf37e946cb19dae727bda09 Signed-off-by: Benoît Ganne <bganne@cisco.com>
2023-02-01memif: improve error reportingDamjan Marion5-122/+64
Type: improvement Change-Id: I12b120d988347cced3df82810e86dc2fd5cfca80 Signed-off-by: Damjan Marion <dmarion@me.com>
2023-02-01wireguard: update ESTABLISHED flagArtem Glazychev2-6/+32
We cannot confidently say that if we have received and processed the handshake_initiation message, then the connection has been established. Because we also send a response. The fact that the connection is established can only be considered if a keepalive packet was received. Type: fix Signed-off-by: Artem Glazychev <artem.glazychev@xored.com> Change-Id: I61731916071990f28cdebcd1d0e4d302fa1dee15
2023-01-31tests: refactor quic tests to use app-socket-apiDave Wallace1-25/+40
- clean up nomenclature & use f-strings where applicable Type: test Signed-off-by: Dave Wallace <dwallacelf@gmail.com> Change-Id: I561b7808cfc3fbfa463f7698732d19759d9ddcd4
2023-01-30vppinfra: keep AddressSanitizer happyBenoît Ganne1-2/+3
The vector size must be increased before setting the element so that AddressSanitizer can keep track of the accessible memory. Type: fix Change-Id: I7b13ce98ff29d98e643f399ec1ecb4681d3cec92 Signed-off-by: Benoît Ganne <bganne@cisco.com>
2023-01-30vlib: chdir to runtime_dirDamjan Marion1-0/+3
Type: improvement Change-Id: Id8ab75ef4384a1029ab7ee84048f347708307830 Signed-off-by: Damjan Marion <dmarion@me.com>
2023-01-27api: keep AddressSanitizer happyBenoît Ganne1-10/+11
Playing with vector length prevents AddressSanitizer to track accessible memory. Make sure we update the size of the vector once we received the data. Type: fix Change-Id: If7808254d46d7ab37d516e3de49e3583d07bb9ff Signed-off-by: Benoît Ganne <bganne@cisco.com>
2023-01-27api: keep AddressSanitizer happyBenoît Ganne2-6/+8
socket_tx_buffer is a vector, update its length accordingly so that AddressSanitizer can keep track of the allowed memory area. By doing so we can get rid of socket_tx_nbytes which becomes redundant with the vector length. Type: fix Change-Id: Ied7cb430b5dd40d5ed1390aa15bd5f455a0dba62 Signed-off-by: Benoît Ganne <bganne@cisco.com>
2023-01-27api: keep AddressSanitizer happyBenoît Ganne1-0/+1
Type: fix Change-Id: I793206068b8dca15b2f7f525ae1049139333c5b8 Signed-off-by: Benoît Ganne <bganne@cisco.com>
2023-01-26dns: keep AddressSanitizer happyBenoît Ganne2-16/+23
Type: fix Change-Id: I0ae4071ee317f38daa882fec17087a55afe75d1d Signed-off-by: Benoît Ganne <bganne@cisco.com>
2023-01-26dpdk: add intf tag to dev{} subinputNathan Skrzypczak2-0/+6
This patch allows to pass a tag when specifying the dpdk `dev { }` interface configuration. It allows a control plane generating a vpp.conf file to retreive the resulting mapping between dpdk interfaces & sw_if_indices in VPP without having to change the interface name exposed to the user. Type: feature Change-Id: I55907417de0083b82d4a127172816cec3459acf3 Signed-off-by: Nathan Skrzypczak <nathan.skrzypczak@gmail.com>
2023-01-26wireguard: sending the first handshakeArtem Glazychev4-10/+46
After creating a peer, we send a handshake request. But it's not quite right to call wg_send_keepalive() directly. According to documentation, handshake initiation is sent after (REKEY_TIMEOUT + jitter) ms. Since it's the first one - we don't need to take REKEY_TIMEOUT into account, but we still have jitter. It also makes no sense to immediately send keepalives, because the connection is not created yet. Type: fix Signed-off-by: Artem Glazychev <artem.glazychev@xored.com> Change-Id: I61707e4be79be65abc3396b5f1dbd48ecbf7ba60
2023-01-25hs-test: handle error in config serializationFilip Tehlar1-0/+3
Type: test Signed-off-by: Filip Tehlar <ftehlar@cisco.com> Change-Id: If5bbf390df08acd1f67d31428b763f246dbcedf2
2023-01-25api: pcap capture api updateMaxime Peim6-5/+188
Allow enabling and disabling pcap capture via the API. A little bug is fixed along the way in vl_api_classify_pcap_set_table_t_handler. Type: improvement Signed-off-by: Maxime Peim <mpeim@cisco.com> Change-Id: I096129c82aecdc82bee5dbfb5e19c76a51d80aab
2023-01-24af_xdp: fix xdp socket create failChen Yahui1-2/+18
In libbpf code, xsk_socket__create will call xsk_link_lookup to get the xdp_sock bpf prog. But xsk_link_lookup can't get any bpf prog. This will cause Libbpf not to insert the fd into xsks_map and return ERROR. The solution to this problem is to insert fd into xsks_map ourselves instead of libbpf. Type: fix Change-Id: Ic5d279c6ddc02d67371262d6106a5b53b70e7913 Signed-off-by: Chen Yahui <goodluckwillcomesoon@gmail.com>
2023-01-23vppapigen: enable codegen for stream message typesStanislav Zaikin4-25/+51
Enable codegen for C type from 'rpc A returns B stream C' notation Type: improvement Change-Id: I05cfce71c385d414d7b177a080009628bc8c8fad Signed-off-by: Stanislav Zaikin <zstaseg@gmail.com>
2023-01-22vppinfra: fix random buffer OOB crash with ASANDmitry Valter1-1/+9
Don't truncate with vec_set_len bytes before they can be used. When built with ASAN, it these bytes are poisoned and trigger SIGSEGV when read. Type: fix Signed-off-by: Dmitry Valter <d-valter@yandex-team.ru> Change-Id: I912dbbd83822b884f214b3ddcde02e3527848592
2023-01-21vlib: make pending_interrupts valid for AddressSanitizerBenoît Ganne1-1/+1
vec_alloc_aligned() pre-allocates the vector memory but does not update its size, making ASan unhappy when trying to access it. Type: fix Change-Id: I80e753cf2458cf516d1180a24cfaca4f382339d5 Signed-off-by: Benoît Ganne <bganne@cisco.com>
2023-01-20vppinfra: clib_bitmap fixMaxime Peim2-33/+144
In clib_bitmap_set_region and clib_bitmap_set_multiple the index of the last bit to set was off by 1. If this index was pointing to the last bit of the bitmap, another uword would have been allocated, even though it was unnecessary. Moreover, in clib_bitmap_set_region, bits in the last word were not properly set. Indeed, the n_bits_left value is wrong since n_bits is not decreased by the number of already set bits. Type: fix Signed-off-by: Maxime Peim <mpeim@cisco.com> Change-Id: I8d7ef6f47abb9f1f64f38297da2c59509d74dd72
2023-01-19vxlan: convert vxlan to a pluginSteven Luong18-39/+77
per https://jira.fd.io/browse/VPP-2058 Type: improvement Signed-off-by: Steven Luong <sluong@cisco.com> Change-Id: Ica0828de218d25ada2d0d1491e373c3b78179ac1
2023-01-19ip: add the missing offload checkMohsin Kazmi1-2/+2
Type: fix Signed-off-by: Mohsin Kazmi <sykazmi@cisco.com> Change-Id: I64283648985c98e81f315da32a451cef6e60f933
2023-01-18af_packet: add the missing header-len for packets with checksum offloadMohsin Kazmi1-0/+4
Type: fix Signed-off-by: Mohsin Kazmi <sykazmi@cisco.com> Change-Id: Ifb790c25b38b2b1865cda7d95891bddd4195c601
2023-01-18misc: Initial 23.06-rc0 commitv23.06-rc0Andrew Yourtchenko2-1/+1
Type: docs Signed-off-by: Andrew Yourtchenko <ayourtch@gmail.com> Change-Id: I28c5cc0d54963389fe513c7de634f1a84c0bf11b
2023-01-18lb: add source ip based sticky load balancingNobuhiro MIKI8-36/+716
This patch adds source ip based sticky session, which is already implemented in many hardware LBs and software LBs. Note that sticky sessions may be reset if the hash is recalculated as ASs are added or deleted. Since this feature is unrelated to the other existing options, the lb_add_del_vip API version has been upgraded to v2 and a new option "src_ip_sticky" has been added. Type: feature Signed-off-by: Nobuhiro MIKI <nmiki@yahoo-corp.jp> Change-Id: I3eb3680a28defbc701f28c873933ec2fb54544ab
2023-01-18build: use CMAKE_C_COMPILER_LAUNCHER for ccacheGuillaume Solignac1-2/+2
In some situations, CMake will find ccache in /usr/bin but /usr/bin might not present in PATH. The former fix for this was to place the ccache configuration logic before the project() declaration, but since CMake 3.4 there is a new variable to be used which handles this case. For the original problem, see also https://crascit.com/2016/04/09/using-ccache-with-cmake/ Type: fix Signed-off-by: Guillaume Solignac <gsoligna@cisco.com> Change-Id: Ie026e02b2b06e2dca2d62da5fea7b1a104bcc7c3
2023-01-18vppapigen: include comments in jsonOle Troan2-11/+24
Type: feature Signed-off-by: Ole Troan <ot@cisco.com> Change-Id: Ibd796adea734b64d9209c5e18c5b9800cbaf62c6 Signed-off-by: Dave Wallace <dwallacelf@gmail.com>
2023-01-18hs-test: zero timeout on docker stopFlorin Coras1-1/+1
Should drop execution time for all tests by about 80%. Type: test Signed-off-by: Florin Coras <fcoras@cisco.com> Change-Id: Ib6b4ef9fb4e7745a61b40c0b34e53e4046ccdbcc
2023-01-18pppoe: fix memcpy out of bounds with gcc-11 on armTianyu Li1-1/+1
In function ‘memcpy’, inlined from ‘clib_memcpy_fast’ at /home/vpp/src/vppinfra/string.h:86:10, inlined from ‘memcpy_s_inline’ at /home/vpp/src/vppinfra/string.h:157:7, inlined from ‘vnet_pppoe_add_del_session’ at /home/vpp/src/plugins/pppoe/pppoe.c:356:7: error: ‘__builtin_memcpy’ offset [0, 5] is out of the bounds [0, 0] [-Werror=array-bounds] 34 | return __builtin___memcpy_chk (__dest, __src, __len, __bos0 (__dest)); | ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Cc1: all warnings being treated as errors Hardware address is zero length vector for PPP, use vec_len instead. Type: fix Fixes: 62f9cdd82c52 ("Add PPPoE Plugin") Signed-off-by: Tianyu Li <tianyu.li@arm.com> Change-Id: If9fb409cfbbac77c15559d103987f0130bf30255
2023-01-18vppinfra:fix pcap write large file(> 0x80000000) error.aihua20131-1/+1
Type: improvement Signed-off-by: aihua2013 <51931196@qq.com> Change-Id: I22670f49abfb5d1fd728686fc7d65fb40ea6bda2
2023-01-18tests: improve packet checksum functionsKlement Sekera1-6/+21
Fool-proof assert_checksum_valid so that one does not verify checksum on wrong layer (because of how scapy internally works). Make assert_packet_checksums_valid start checksum checking at inner layers and outwards to make it more obvious where the error is. With old behaviour, if one received an ICMP packet carrying a truncated TCP packet, an error would be raised for ICMP checksum, as that one would be the first to be wrong after recalculating all packet checksums, while the real issue is TCP header being truncated and thus unsuitable for use with this function. Type: improvement Signed-off-by: Klement Sekera <klement.sekera@gmail.com> Change-Id: I39a2b50ec5610f969cfde9796416ee3a50ae0ba3
2023-01-18pci: fix musl crashBenoît Ganne1-8/+9
The musl libc does not support closedir(0) resulting in a crash. Only call closedir() if we successfully opened it. Type: fix Change-Id: I3198454f44735501047afc42b94b2fea273212f4 Signed-off-by: Benoît Ganne <bganne@cisco.com>
2023-01-17hs-test: add http proxy env to container buildsFlorin Coras1-2/+4
Type: improvement Signed-off-by: Florin Coras <fcoras@cisco.com> Change-Id: I8c116efb41d561e30fd0db1388cdba903e2edffe
2023-01-17hs-test: autodetect ubuntu version during buildMaros Ondrejicka2-1/+12
Since VPP binaries are being compiled on host system, it makes sense to autodetect Ubuntu version when building test images so that containers would be running version equal to host system. Type: test Signed-off-by: Maros Ondrejicka <maros.ondrejicka@pantheon.tech> Change-Id: I0e13d9ba1ddcd3ad5835bce1b8cccfc048e5e528
2023-01-17acl: CLI allow replace, allow deletionPim van Pelt1-8/+66
Allow the CLI caller to specify an optional [index <idx>] index, which will remove the ACL at that index. This mimicks the API behavior, Add a 'delete acl-plugin acl index <idx>' to mimick the API acl_del call, which will refuse to delete a non-existent index, as well as an index that is referenced by an interface. Type: improvement Signed-off-by: pim@ipng.nl Change-Id: I5f240f7a4e3bca14e8122917e8a5186d80094de2
2023-01-17vlib: install dma.h to fix out-of-tree pluginsMohammed Hawari1-0/+1
Change-Id: I7888ab58abced93859ce15d0dbd1c3d7c94a02f5 Signed-off-by: Mohammed Hawari <mohammed@hawari.fr> Type: fix Fixes: 0654242d1ef51566f0d58445a16053cf376e5a6e
2023-01-16hs-test: better directory structureFilip Tehlar7-4/+4
Move config files to resources and docker files to separate directory Type: test Signed-off-by: Filip Tehlar <ftehlar@cisco.com> Change-Id: I24dd0705c4a463c06de525f28cb54d882527320a
2023-01-16hs-test: restrict concurrency on envoyFilip Tehlar3-8/+16
Type: test Signed-off-by: Filip Tehlar <ftehlar@cisco.com> Change-Id: I8b06f4554a6ee5b13de829e47eaa82431a76c332