Age | Commit message (Collapse) | Author | Files | Lines |
|
Prevent malicious packets with spoofed embedded IPv4 addresses
by limiting the IPv6 ingress packets to known MAP-T domains.
Drop spoofed packets.
Add several tests that ensure spoofing isn't allowed.
Type: fix
Fixes: fc7344f9be
Change-Id: I80a5dd10d5fe7492e3a1b04de389d649a78065e2
Signed-off-by: Jon Loeliger <jdl@netgate.com>
(cherry picked from commit 65866f03d96bd41b99b1c823ea6f38cd77fac58c)
|
|
Steps to reproduce VPP crash:
1. configure localsid End behavior
2. ping the localsid address
Type: fix
Signed-off-by: Ignas Bacius <ignas@noia.network>
Change-Id: Id780e0875ec9cdb25252217990919fb3dddbf06a
(cherry picked from commit bd5c49a1615e36260a86184d087b5b47a5e747be)
|
|
The 'tag' parameter is expected to be a NULL-terminated C-string in
callees:
- make sure it is null-terminated in both API and CLI cases
- do not allocate & copy the string into a non-NULL-terminated vector
in API case
- fix leak in CLI case
Type: fix
Change-Id: I221a489a226240548cdeb5e3663bbfb94eee4600
Signed-off-by: Benoît Ganne <bganne@cisco.com>
(cherry picked from commit 3b37125bdb0251181f90a429a4532b339711cf89)
|
|
Type: fix
Change-Id: I5d47cb9bc7eb7f3c8485e3b42f0701e81d87ba2a
Signed-off-by: Dave Wallace <dwallacelf@gmail.com>
(cherry picked from commit c0c4eec3bc309bcc656eade82f17754875f9ed7c)
|
|
Currently if user want to set ip4 address to the api, it must convert to ip6
format, e.g. user want to ip4 "90.1.2.1" but must convert to "::5A01:0201",
it is not acceptable, this fix solved the issue.
Ticket: FDIO-753
Type: fix
Change-Id: I2ffa5a3d38400ee176cf601421074f71fc395f03
Signed-off-by: Yulong Pei <yulong.pei@intel.com>
(cherry picked from commit db43bb6af78c33e47d29889b047cced4b11fe4d7)
|
|
Type: fix
Change-Id: Iab7c65614c94497e8ec5a96624be72c1a139e486
Signed-off-by: Yu Ping <ping.yu@intel.com>
(cherry picked from commit d63b356bdf29fbb80f810d341dcaf8f5f92121c1)
|
|
Type: fix
Signed-off-by: Florin Coras <fcoras@cisco.com>
Change-Id: I9afba8dc9e087b8c436fe568531c02614a577a7c
(cherry picked from commit c95eefb393d05167ce6e35e5617179f536de0bda)
|
|
n_retry was never decremented and so never enforced.
Type: fix
Change-Id: I71d60a72c156286f7e5b82b1c77a723361317c69
Signed-off-by: Benoît Ganne <bganne@cisco.com>
(cherry picked from commit 207a1633094526697729f322269b937f841aaf47)
|
|
Type: fix
Signed-off-by: Neale Ranns <nranns@cisco.com>
Change-Id: I266fa5dc637383fd8dac6592c9c266a1b70a73e9
(cherry picked from commit 629e268aa171a8bc03fb93fc995725b78ae64063)
|
|
Type: fix
Change-Id: Id1602981fcc6efed1b0efe79a1fc8177457acdb5
Signed-off-by: Yu Ping <ping.yu@intel.com>
(cherry picked from commit 1c6486f7b8a00a1358d5c8f4ea1d874073bbcd6c)
|
|
Type: fix
Signed-off-by: Florin Coras <fcoras@cisco.com>
Change-Id: Id12b0a9b8bc47aef8b393544e5b4c8228ed6a606
(cherry picked from commit 479f7fec6a876bf06f6007c03fd7b9fa3404df54)
|
|
Type: fix
Change-Id: I8cfb48bd7f92689b296861dd368186408918061b
Signed-off-by: Yu Ping <ping.yu@intel.com>
(cherry picked from commit a9ed934745403461834b4361f06bd3865682f368)
|
|
Type: fix
Signed-off-by: Florin Coras <fcoras@cisco.com>
Change-Id: I6f7fb91e059996ff702eb9c36e3abaed237fe221
(cherry picked from commit 067f8f963d64b1cbc70f2b78ebd2c6d3791e7d22)
|
|
RR sourcing the destination FIB entry limits the number of tunnels
to 255 for a particular destination. This change removes this limit.
Type: fix
The patch is based on 1f50bf8fc57ebf78f9056185a342493be460a847
that introduced the FIB entry tracking but did not update
the gtpu plugin.
Signed-off-by: Miklos Tirpak <miklos.tirpak@gmail.com>
Change-Id: I8a4a87382a6eb5120e2bb65b9bc3c446bbfdbd3b
(cherry picked from commit 75c72369186f6341a13374d2dd6e60ce3c7a88a6)
|
|
Type: fix
Change-Id: Id53eb6ed15f270d747b9831a7b585cbafe515dd2
Signed-off-by: Paul Vinciguerra <pvinci@vinciconsulting.com>
(cherry picked from commit 5fb2278cb8badbbfe727acbdcaeda008a7fd2833)
|
|
Type: fix
Change-Id: I454aff1b187b75a1328c90e30b9b487377ae5f68
Signed-off-by: Yu Ping <ping.yu@intel.com>
(cherry picked from commit ce9bdfe5fcfa6e2acd670ea0063ce5e0fde15096)
|
|
Type: fix
Change-Id: I5467bbe3b25b1ea3fb44157abe6e7bfb3f191e77
Signed-off-by: Jon Loeliger <jdl@netgate.com>
(cherry picked from commit 3aae3dc7acddbe2f46de785b50c3358b7d3e0acc)
|
|
If a map domain is created without a tag name, inspecting
the map data will segfault looking for an unset name in
the so-called "domain extras" vector.
Enhance "show map domain" to show all map domains.
Type: fix
Change-Id: Ic55662b84eec58221816da270b2ef9e89c3a31c3
Signed-off-by: Jon Loeliger <jdl@netgate.com>
(cherry picked from commit 4a6d093e7ef72b06b35ffee911d35033dfde0171)
|
|
Type: fix
This patch fixes crash issues(marked in brackets) in the below test cases
test flow enable index 0 1/1 -> [crash]
test flow disable index 0 1/1 -> [crash]
test flow add src-ip 192.168.8.8 proto udp redirect-to-queue 8
test flow enable index 0 1/1
test flow disable index 0 1/1 - [crash]
test flow add src-ip 192.168.8.8 proto udp redirect-to-queue 8
test flow enable index 0 1/1
test flow enable index 0 1/2
test flow del index 0 -> [crash]
Signed-off-by: Chenmin Sun <chenmin.sun@intel.com>
Change-Id: I84bc6faa3d93a2cab4c82e8a876a8b1067257b62
(cherry picked from commit be2ad0b4743ed8a3875a5b6039c10c66eb07614c)
|
|
Type: fix
Fixes: 5a2e278a09726be627b8310e03f0522d60aafedf
Change-Id: Ibdc2f0be44e382bfa4a8f3e16be8d6239d7a0ec1
Signed-off-by: Jon Loeliger <jdl@netgate.com>
(cherry picked from commit acaa04a22dd8bade2eca944ddd8517961433a34f)
|
|
Type: fix
Ticket: VPP-1747
Change-Id: If282aae3e584d7017c200f897b99c8a37eb1b2e5
Signed-off-by: Filip Varga <fivarga@cisco.com>
(cherry picked from commit 9a6dc8a9376e7270331255861b3ead1045b40c6d)
|
|
Type: fix
Change-Id: I38a5cbd53b278c21142bac4ee1bbe5dc8bcaaac9
Signed-off-by: Florin Coras <fcoras@cisco.com>
(cherry picked from commit 3bbbf0dbd367fd8611f9f390a2c6e31a89ce08a9)
|
|
Type: fix
quicly_connections have internal references to crypto
contexts which need to be updated when we switch thread
as the supporting pools are thread-based.
This under the assumption that the new contexts will be
exactly identical
Change-Id: I38083e59657ff068e347d9e7b47abe91a1167b6c
Signed-off-by: Nathan Skrzypczak <nathan.skrzypczak@gmail.com>
(cherry picked from commit d9942bcc61d83cee390fc2c6a428e562ec9750f0)
|
|
- session_transport_delete_notify() is called before
and inside quic_connection_delete()
Type: fix
Signed-off-by: Dave Wallace <dwallacelf@gmail.com>
Change-Id: I5c79a3269e36c4aab5aa99fdfdac06c1334f0f6f
(cherry picked from commit 34d92ebde67efb96784e0360f25a3b3c3b86b8f0)
|
|
Type: fix
Disable test until fixed.
Change-Id: I1f03630d126e61578c63a3536a0dd1a7b4da2b92
Signed-off-by: Florin Coras <fcoras@cisco.com>
(cherry picked from commit 3ad984732961d0a8ec3bd6e68a37a4927275419d)
|
|
Type: fix
Change-Id: I10ebcc653491d11ca798e0a60be6eeef82c41766
Signed-off-by: Mathias Raoul <mathias.raoul@gmail.com>
(cherry picked from commit 74dcbf97af4e55cb29932dad7d65472403c6006d)
|
|
Type: fix
Signed-off-by: Mrityunjay Kumar <kumarnitp@gmail.com>
Change-Id: I31cc5e853b57e285064647503231b251e5152d3f
(cherry picked from commit 3f0579e8df831d42745e0b97191eb5e4bcffb011)
|
|
Type: fix
Signed-off-by: Jakub Grajciar <jgrajcia@cisco.com>
Change-Id: I9a34465c85597baecdbc672ce395265f7dbb7f00
(cherry picked from commit 8a1dea4ce6fd0684aef6d0b0843a90658775129d)
|
|
Type: fix
the GBP unit tests would peridocially fail. The reason being that there
is dynamic state whose presence nneds to be created, tested and then
timeed out. The failures occurded when the timeout occured before the
state could be tested. the previous timeout was 2 seconds, this has been
doubled, as a result i saw no faliures running continuously for ~16
hours.
bumping the timer increasing the test run time from ~40 to ~53 seconds,
a small price to pay.
in test cases where the state is not timed out i bumped the timer to 60
seconds.
Signed-off-by: Neale Ranns <nranns@cisco.com>
Change-Id: I11b0970570caa8eebf486fe8cd8e44a4b2b1fc36
(cherry picked from commit 8d0d8d2fcccd77e462f30b21f7f8810db312ee62)
|
|
vppinfra source files MUST NOT #include <vlib/vlib.h>, <vnet/vnet.h>
or similar. Move mpcap_add_packet(...), mpcap_add_buffer(...) to a new
file: src/vnet/mpcap.h.
Type: refactor
Signed-off-by: Dave Barach <dave@barachs.net>
Change-Id: Id517aef6fe49b618f853ce32940b91ba45a1e60d
(cherry picked from commit 2a41919e39d4672f76a654f30be9c2093cef4fad)
|
|
Type: fix
Signed-off-by: Rajesh Goel <rajegoel@cisco.com>
Change-Id: I8d128598b4c872f19b64c779c19b5908ba2f2c08
(cherry picked from commit d1d90f5951df93625594f1904cddd95880838ff0)
|
|
The code sets f->n_vectors = n_to_send, but it can bail out of the
loop if vlib_buffer_copy(...) returns 0.
Need to fix f->n_vectors in the error return path, or we enqueue some
number of 0xfefefefe buffer indices in a debug image or worse in a
production image.
Type: fix
Signed-off-by: Dave Barach <dave@barachs.net>
Change-Id: I2d886266006c6c1c2f9ef8e3b95eb46ac6c0b3df
(cherry picked from commit 8324c55f95dd5ddbf1f5f9c47907204a12e152ef)
|
|
vlib_buffer_copy(...) returns NULL if the system is temporarily out of
buffers.
This is NOT correct. Please don't be this person:
c0 = vlib_buffer_copy (vm, p0);
ci0 = vlib_get_buffer_index (vm, c0);
Type: fix
Signed-off-by: Dave Barach <dave@barachs.net>
(cherry picked from commit c25ef58965871ea5d2b40904df9506803f69e47e)
Change-Id: I6cd4f289c4fadc3f36c3203b53546e9a788ef99b
|
|
Fix a bug that caused some input packets to be dropped due to errors of
the type 'ip4 length > l2 length'. The change is related to the second
call to the rdma_device_input_bufs() function that happens when the end
of the ring buffer is reached.
Type: fix
Change-Id: I332d69ab22242b3443a0baca6e5dd86349a54765
Signed-off-by: Elias Rudberg <elias.rudberg@bahnhof.net>
(cherry picked from commit e5ecf3ea4b456afb710f4ed903cd7e4c1ae87859)
|
|
While TSO is supported for Intel NIC, Cisco VIC does not work.
The problem is due to txmode offloads is not properly set for
the Cisco VIC when enable-tcp-udp-checksum is configured.
Type: fix
Ticket: VPP-1838
Signed-off-by: Steven Luong <sluong@cisco.com>
Change-Id: I72c41db9b327ed8d08ef70d74e8cc6206d4a102f
|
|
For chain buffer, need to traverse b->next_buffer to transmit all buffers
in the chain. Only set EOP at the last descriptor in the chain to signal
this is a chain descriptor.
Introduce slow path to handle ring wrap. This is needed because chain
buffer may consist of multiple pieces and it may span from near the end of
the ring to the beginning of the ring.
Type: fix
Ticket: VPP-1843
Signed-off-by: Steven Luong <sluong@cisco.com>
Change-Id: Id7c872f3e39e09f3566aa63f3cdba8f40736d508
(cherry picked from commit f7ab7b2d9bc0f42c1e766d22d49dd0dc4f28abb6)
|
|
Type: fix
Change-Id: I80cb666d9eae9d0f780d51fb95454d97ed320454
Signed-off-by: Neale Ranns <nranns@cisco.com>
(cherry picked from commit bb688a4dc188b097a2dbca91da58fc5585ab6838)
|
|
Type: fix
Signed-off-by: Aleksander Djuric <aleksander.djuric@gmail.com>
Change-Id: I186286b8959ae138528a5171c22d3e1b00f46baf
Signed-off-by: Aleksander Djuric <aleksander.djuric@gmail.com>
(cherry picked from commit 50c99b4a8679e6c0d6f48677a5b91455bb612c86)
|
|
Ticket: FDIO-753
Type: fix
Change-Id: I4a8cf06970b658dfa15768459a3ff76571d6dfff
Signed-off-by: Hongjun Ni <hongjun.ni@intel.com>
(cherry picked from commit e69f4714323e1f7e7754fef58a2d75949e146317)
|
|
traffic selector vector isn't freed when freeing child SA
Type: fix
Change-Id: Icf6c240db5093f45d141451bad6f6627a61821cf
Signed-off-by: Filip Tehlar <ftehlar@cisco.com>
(cherry picked from commit 99eefc2cfee4f71e1aaad1d420e6d9335072eb2c)
|
|
In a rare event, we may be skipping processing lacp pdu's when the it is
not in steady state.
Type: fix
Signed-off-by: Steven Luong <sluong@cisco.com>
Change-Id: I4e4f81dfd4e95433879ee66cdf6edb8d8afbe9b0
|
|
Type: fix
Several tunnels encapsulation use udp as outer header and udp src port
is set by inner header flow hash, such as gtpu, geneve, vxlan, vxlan-gbd
Since flow hash of inner header is already been calculated, keeping it
to vnet_buffere[b]->ip.flow_hash should save load-balance node work to
select ECMP uplinks.
Change-Id: I0e4e2b27178f4fcc5785e221d6d1f3e8747d0d59
Signed-off-by: Shawn Ji <xiaji@tethrnet.com>
(cherry picked from commit 623b4f85e6ee4611ae15bb3103fe30725ca977ed)
|
|
Type: refactor
Change-Id: I2c6b59013bfd21136a2955442c779685f951932b
Signed-off-by: Neale Ranns <nranns@cisco.com>
(cherry picked from commit ea93e48cf6e918937422638cb574964b88a146b6)
|
|
Type: fix
Change-Id: Ic221cd4fcad89aece71239ed96152bf0311f3286
Signed-off-by: Benoît Ganne <bganne@cisco.com>
(cherry picked from commit ab9b9a5c0e3257136701cde6cdfdc66c35bf8f3d)
|
|
To improve gcov/lcov code coverage stats, it's necessary to send
incorrect debug CLI commands; to force vpp into debug CLI error paths.
cli_return_response() sends commands and returns the response object,
so test vectors can handle failures.
Type: feature
Signed-off-by: Dave Barach <dave@barachs.net>
Change-Id: I4fab591c9d2e30c996f016e18e4fd69b9c5bed06
(cherry picked from commit 5932ce17e128c096fcc56eb04b27e780da3cf255)
|
|
Type: fix
Change-Id: I604e4dd2b29962bfcd8e950a0074637dab53c79e
Signed-off-by: Benoît Ganne <bganne@cisco.com>
(cherry picked from commit 318fbfe89d4143824cec1ed81f9f7fbcddc21639)
|
|
When creating rdma interface without specifying a name, we need to
generate one instead of NULL.
Type: fix
Change-Id: If41870691dec47e8e673d48ac4b4ddffd2385a03
Signed-off-by: Benoît Ganne <bganne@cisco.com>
(cherry picked from commit a50892e1504401e243076f08d9077675eb0b030e)
|
|
- Fix AAD initialization. With use-esn the aad data consists of the SPI
and the 64-bit sequence number in big-endian order. Fix the u32 swapped
code.
- Remove salt-reinitialization. The GCM code seems inspired by the GCM
RFCs recommendations on IKE keydata and how to produce a salt
value (create an extra 4 octets of keying material). This is not IKE
code though and the SA already holds the configured salt value which
this code is blowing away. Use the configured value instead.
Type: fix
Change-Id: I5e75518aa7c1d91037bb24b2a40fe4fc90bdfdb0
Signed-off-by: Christian Hopps <chopps@labn.net>
(cherry picked from commit d58419f19b33560d224471bc16674a525427308e)
|
|
Type: fix
crypto perf test crashes for key size different than 16 bytes.
This patch fixes the issue
Signed-off-by: Fan Zhang <roy.fan.zhang@intel.com>
Change-Id: Ic8a8ca83ca189c879815dc5d065b8c6f7826cd41
(cherry picked from commit bc2e640db7533394a3de7bdffd78fadf2a2ffd9f)
|
|
Ticket: VPP-1798
Type: fix
Change-Id: I42f02d5824575720e95b9fc99cfa864252221a82
Signed-off-by: Filip Varga <fivarga@cisco.com>
(cherry picked from commit 5854b43de4c04a7c52b0cf03cd548c9cac86c325)
|