summaryrefslogtreecommitdiffstats
path: root/src/plugins
AgeCommit message (Collapse)AuthorFilesLines
2020-08-12map: Prevent IPv4 prefix spoofing during IPv6 -> IPv4Jon Loeliger2-2/+279
Prevent malicious packets with spoofed embedded IPv4 addresses by limiting the IPv6 ingress packets to known MAP-T domains. Drop spoofed packets. Add several tests that ensure spoofing isn't allowed. Type: fix Fixes: fc7344f9be Change-Id: I80a5dd10d5fe7492e3a1b04de389d649a78065e2 Signed-off-by: Jon Loeliger <jdl@netgate.com> (cherry picked from commit 65866f03d96bd41b99b1c823ea6f38cd77fac58c)
2020-08-12sr: fix possible null-pointer dereferenceIgnas Bacius1-9/+26
Steps to reproduce VPP crash: 1. configure localsid End behavior 2. ping the localsid address Type: fix Signed-off-by: Ignas Bacius <ignas@noia.network> Change-Id: Id780e0875ec9cdb25252217990919fb3dddbf06a (cherry picked from commit bd5c49a1615e36260a86184d087b5b47a5e747be)
2020-08-12map: api: fix tag overflow and leakBenoît Ganne2-4/+6
The 'tag' parameter is expected to be a NULL-terminated C-string in callees: - make sure it is null-terminated in both API and CLI cases - do not allocate & copy the string into a non-NULL-terminated vector in API case - fix leak in CLI case Type: fix Change-Id: I221a489a226240548cdeb5e3663bbfb94eee4600 Signed-off-by: Benoît Ganne <bganne@cisco.com> (cherry picked from commit 3b37125bdb0251181f90a429a4532b339711cf89)
2020-08-12nsim: enable output scheduling on main threadDave Wallace2-2/+29
Type: fix Change-Id: I5d47cb9bc7eb7f3c8485e3b42f0701e81d87ba2a Signed-off-by: Dave Wallace <dwallacelf@gmail.com> (cherry picked from commit c0c4eec3bc309bcc656eade82f17754875f9ed7c)
2020-08-12lb: fix that lb_add_del_vip and lb_add_del_as api doesn't work correctlyYulong Pei3-12/+9
Currently if user want to set ip4 address to the api, it must convert to ip6 format, e.g. user want to ip4 "90.1.2.1" but must convert to "::5A01:0201", it is not acceptable, this fix solved the issue. Ticket: FDIO-753 Type: fix Change-Id: I2ffa5a3d38400ee176cf601421074f71fc395f03 Signed-off-by: Yulong Pei <yulong.pei@intel.com> (cherry picked from commit db43bb6af78c33e47d29889b047cced4b11fe4d7)
2020-08-12tls: enable async node on demandYu Ping1-3/+1
Type: fix Change-Id: Iab7c65614c94497e8ec5a96624be72c1a139e486 Signed-off-by: Yu Ping <ping.yu@intel.com> (cherry picked from commit d63b356bdf29fbb80f810d341dcaf8f5f92121c1)
2020-08-12tcp: handle ack advancement with no holes and renegingFlorin Coras1-1/+35
Type: fix Signed-off-by: Florin Coras <fcoras@cisco.com> Change-Id: I9afba8dc9e087b8c436fe568531c02614a577a7c (cherry picked from commit c95eefb393d05167ce6e35e5617179f536de0bda)
2020-08-12dpdk: enforce max tx retriesBenoît Ganne1-0/+1
n_retry was never decremented and so never enforced. Type: fix Change-Id: I71d60a72c156286f7e5b82b1c77a723361317c69 Signed-off-by: Benoît Ganne <bganne@cisco.com> (cherry picked from commit 207a1633094526697729f322269b937f841aaf47)
2020-08-12ct6: dst,src copy typoNeale Ranns1-1/+1
Type: fix Signed-off-by: Neale Ranns <nranns@cisco.com> Change-Id: I266fa5dc637383fd8dac6592c9c266a1b70a73e9 (cherry picked from commit 629e268aa171a8bc03fb93fc995725b78ae64063)
2020-08-12tls: enable TLS OpenSSL plugin works in 3.0.0Yu Ping1-0/+5
Type: fix Change-Id: Id1602981fcc6efed1b0efe79a1fc8177457acdb5 Signed-off-by: Yu Ping <ping.yu@intel.com> (cherry picked from commit 1c6486f7b8a00a1358d5c8f4ea1d874073bbcd6c)
2020-08-12tcp: fix last sacked with no holesFlorin Coras1-0/+44
Type: fix Signed-off-by: Florin Coras <fcoras@cisco.com> Change-Id: Id12b0a9b8bc47aef8b393544e5b4c8228ed6a606 (cherry picked from commit 479f7fec6a876bf06f6007c03fd7b9fa3404df54)
2020-08-12tls: Make tls CPS test run for a quite long timeYu Ping1-3/+7
Type: fix Change-Id: I8cfb48bd7f92689b296861dd368186408918061b Signed-off-by: Yu Ping <ping.yu@intel.com> (cherry picked from commit a9ed934745403461834b4361f06bd3865682f368)
2020-08-12tcp: fix duplicate sack whith renegingFlorin Coras1-11/+99
Type: fix Signed-off-by: Florin Coras <fcoras@cisco.com> Change-Id: I6f7fb91e059996ff702eb9c36e3abaed237fe221 (cherry picked from commit 067f8f963d64b1cbc70f2b78ebd2c6d3791e7d22)
2020-08-12gtpu: Track the dst FIB entry instead of RR sourcing thatMiklos Tirpak1-9/+9
RR sourcing the destination FIB entry limits the number of tunnels to 255 for a particular destination. This change removes this limit. Type: fix The patch is based on 1f50bf8fc57ebf78f9056185a342493be460a847 that introduced the FIB entry tracking but did not update the gtpu plugin. Signed-off-by: Miklos Tirpak <miklos.tirpak@gmail.com> Change-Id: I8a4a87382a6eb5120e2bb65b9bc3c446bbfdbd3b (cherry picked from commit 75c72369186f6341a13374d2dd6e60ce3c7a88a6)
2020-08-12vxlan geneve gtpu: fix short helpPaul Vinciguerra1-1/+1
Type: fix Change-Id: Id53eb6ed15f270d747b9831a7b585cbafe515dd2 Signed-off-by: Paul Vinciguerra <pvinci@vinciconsulting.com> (cherry picked from commit 5fb2278cb8badbbfe727acbdcaeda008a7fd2833)
2020-08-12tls: change SSL_has_pending to avoid BIO check errorYu Ping1-2/+2
Type: fix Change-Id: I454aff1b187b75a1328c90e30b9b487377ae5f68 Signed-off-by: Yu Ping <ping.yu@intel.com> (cherry picked from commit ce9bdfe5fcfa6e2acd670ea0063ce5e0fde15096)
2020-08-12map: Fix a coverity MAP dead-code issue.Jon Loeliger1-3/+0
Type: fix Change-Id: I5467bbe3b25b1ea3fb44157abe6e7bfb3f191e77 Signed-off-by: Jon Loeliger <jdl@netgate.com> (cherry picked from commit 3aae3dc7acddbe2f46de785b50c3358b7d3e0acc)
2020-08-12map: Avoid null dereference in 'map show' and 'map del'Jon Loeliger1-12/+22
If a map domain is created without a tag name, inspecting the map data will segfault looking for an unset name in the so-called "domain extras" vector. Enhance "show map domain" to show all map domains. Type: fix Change-Id: Ic55662b84eec58221816da270b2ef9e89c3a31c3 Signed-off-by: Jon Loeliger <jdl@netgate.com> (cherry picked from commit 4a6d093e7ef72b06b35ffee911d35033dfde0171)
2020-08-12flow: fix several crash issuesChenmin Sun1-2/+0
Type: fix This patch fixes crash issues(marked in brackets) in the below test cases test flow enable index 0 1/1 -> [crash] test flow disable index 0 1/1 -> [crash] test flow add src-ip 192.168.8.8 proto udp redirect-to-queue 8 test flow enable index 0 1/1 test flow disable index 0 1/1 - [crash] test flow add src-ip 192.168.8.8 proto udp redirect-to-queue 8 test flow enable index 0 1/1 test flow enable index 0 1/2 test flow del index 0 -> [crash] Signed-off-by: Chenmin Sun <chenmin.sun@intel.com> Change-Id: I84bc6faa3d93a2cab4c82e8a876a8b1067257b62 (cherry picked from commit be2ad0b4743ed8a3875a5b6039c10c66eb07614c)
2020-08-12map: Fix inverted 'map security check enable' CLI flag.Jon Loeliger1-2/+2
Type: fix Fixes: 5a2e278a09726be627b8310e03f0522d60aafedf Change-Id: Ibdc2f0be44e382bfa4a8f3e16be8d6239d7a0ec1 Signed-off-by: Jon Loeliger <jdl@netgate.com> (cherry picked from commit acaa04a22dd8bade2eca944ddd8517961433a34f)
2020-08-12nat: respect arc features (multi worker)Filip Varga7-419/+887
Type: fix Ticket: VPP-1747 Change-Id: If282aae3e584d7017c200f897b99c8a37eb1b2e5 Signed-off-by: Filip Varga <fivarga@cisco.com> (cherry picked from commit 9a6dc8a9376e7270331255861b3ead1045b40c6d)
2020-08-07session: fix transport proto unformatFlorin Coras1-3/+12
Type: fix Change-Id: I38a5cbd53b278c21142bac4ee1bbe5dc8bcaaac9 Signed-off-by: Florin Coras <fcoras@cisco.com> (cherry picked from commit 3bbbf0dbd367fd8611f9f390a2c6e31a89ce08a9)
2020-08-07quic: Hotfix crypto context on migrateNathan Skrzypczak1-0/+17
Type: fix quicly_connections have internal references to crypto contexts which need to be updated when we switch thread as the supporting pools are thread-based. This under the assumption that the new contexts will be exactly identical Change-Id: I38083e59657ff068e347d9e7b47abe91a1167b6c Signed-off-by: Nathan Skrzypczak <nathan.skrzypczak@gmail.com> (cherry picked from commit d9942bcc61d83cee390fc2c6a428e562ec9750f0)
2020-08-07quic: remove redundant function callsDave Wallace1-2/+0
- session_transport_delete_notify() is called before and inside quic_connection_delete() Type: fix Signed-off-by: Dave Wallace <dwallacelf@gmail.com> Change-Id: I5c79a3269e36c4aab5aa99fdfdac06c1334f0f6f (cherry picked from commit 34d92ebde67efb96784e0360f25a3b3c3b86b8f0)
2020-08-07quic: disable failing testFlorin Coras1-0/+1
Type: fix Disable test until fixed. Change-Id: I1f03630d126e61578c63a3536a0dd1a7b4da2b92 Signed-off-by: Florin Coras <fcoras@cisco.com> (cherry picked from commit 3ad984732961d0a8ec3bd6e68a37a4927275419d)
2020-08-07quic: Add PICOTLS_INCLUDE_DIR var to CMakeLists.Mathias Raoul1-0/+6
Type: fix Change-Id: I10ebcc653491d11ca798e0a60be6eeef82c41766 Signed-off-by: Mathias Raoul <mathias.raoul@gmail.com> (cherry picked from commit 74dcbf97af4e55cb29932dad7d65472403c6006d)
2020-08-07memif: 14 bytes extra overhead issue fixed.Mrityunjay Kumar1-2/+2
Type: fix Signed-off-by: Mrityunjay Kumar <kumarnitp@gmail.com> Change-Id: I31cc5e853b57e285064647503231b251e5152d3f (cherry picked from commit 3f0579e8df831d42745e0b97191eb5e4bcffb011)
2020-08-07memif: fix zero-copy arg overwriteJakub Grajciar1-3/+0
Type: fix Signed-off-by: Jakub Grajciar <jgrajcia@cisco.com> Change-Id: I9a34465c85597baecdbc672ce395265f7dbb7f00 (cherry picked from commit 8a1dea4ce6fd0684aef6d0b0843a90658775129d)
2020-08-07gbp: More reliable unit-testsNeale Ranns1-16/+16
Type: fix the GBP unit tests would peridocially fail. The reason being that there is dynamic state whose presence nneds to be created, tested and then timeed out. The failures occurded when the timeout occured before the state could be tested. the previous timeout was 2 seconds, this has been doubled, as a result i saw no faliures running continuously for ~16 hours. bumping the timer increasing the test run time from ~40 to ~53 seconds, a small price to pay. in test cases where the state is not timed out i bumped the timer to 60 seconds. Signed-off-by: Neale Ranns <nranns@cisco.com> Change-Id: I11b0970570caa8eebf486fe8cd8e44a4b2b1fc36 (cherry picked from commit 8d0d8d2fcccd77e462f30b21f7f8810db312ee62)
2020-06-11vppinfra: refactor mpcap.hDave Barach1-1/+1
vppinfra source files MUST NOT #include <vlib/vlib.h>, <vnet/vnet.h> or similar. Move mpcap_add_packet(...), mpcap_add_buffer(...) to a new file: src/vnet/mpcap.h. Type: refactor Signed-off-by: Dave Barach <dave@barachs.net> Change-Id: Id517aef6fe49b618f853ce32940b91ba45a1e60d (cherry picked from commit 2a41919e39d4672f76a654f30be9c2093cef4fad)
2020-05-26ipsec: DES/3DES fixing the iv_len for openssl cryptoRajesh Goel1-1/+2
Type: fix Signed-off-by: Rajesh Goel <rajegoel@cisco.com> Change-Id: I8d128598b4c872f19b64c779c19b5908ba2f2c08 (cherry picked from commit d1d90f5951df93625594f1904cddd95880838ff0)
2020-04-13ping: fix buffer allocator error handlingDave Barach1-0/+2
The code sets f->n_vectors = n_to_send, but it can bail out of the loop if vlib_buffer_copy(...) returns 0. Need to fix f->n_vectors in the error return path, or we enqueue some number of 0xfefefefe buffer indices in a debug image or worse in a production image. Type: fix Signed-off-by: Dave Barach <dave@barachs.net> Change-Id: I2d886266006c6c1c2f9ef8e3b95eb46ac6c0b3df (cherry picked from commit 8324c55f95dd5ddbf1f5f9c47907204a12e152ef)
2020-04-10misc: check return values from vlib_buffer_copy(...)Dave Barach1-3/+5
vlib_buffer_copy(...) returns NULL if the system is temporarily out of buffers. This is NOT correct. Please don't be this person: c0 = vlib_buffer_copy (vm, p0); ci0 = vlib_get_buffer_index (vm, c0); Type: fix Signed-off-by: Dave Barach <dave@barachs.net> (cherry picked from commit c25ef58965871ea5d2b40904df9506803f69e47e) Change-Id: I6cd4f289c4fadc3f36c3203b53546e9a788ef99b
2020-03-10rdma: fix bug related to ring bufferElias Rudberg1-2/+2
Fix a bug that caused some input packets to be dropped due to errors of the type 'ip4 length > l2 length'. The change is related to the second call to the rdma_device_input_bufs() function that happens when the end of the ring buffer is reached. Type: fix Change-Id: I332d69ab22242b3443a0baca6e5dd86349a54765 Signed-off-by: Elias Rudberg <elias.rudberg@bahnhof.net> (cherry picked from commit e5ecf3ea4b456afb710f4ed903cd7e4c1ae87859)
2020-02-29dpdk: TSO does not work for Cisco VICSteven Luong1-0/+11
While TSO is supported for Intel NIC, Cisco VIC does not work. The problem is due to txmode offloads is not properly set for the Cisco VIC when enable-tcp-udp-checksum is configured. Type: fix Ticket: VPP-1838 Signed-off-by: Steven Luong <sluong@cisco.com> Change-Id: I72c41db9b327ed8d08ef70d74e8cc6206d4a102f
2020-02-27avf: Handle chain buffer in TX properlySteven Luong2-7/+140
For chain buffer, need to traverse b->next_buffer to transmit all buffers in the chain. Only set EOP at the last descriptor in the chain to signal this is a chain descriptor. Introduce slow path to handle ring wrap. This is needed because chain buffer may consist of multiple pieces and it may span from near the end of the ring to the beginning of the ring. Type: fix Ticket: VPP-1843 Signed-off-by: Steven Luong <sluong@cisco.com> Change-Id: Id7c872f3e39e09f3566aa63f3cdba8f40736d508 (cherry picked from commit f7ab7b2d9bc0f42c1e766d22d49dd0dc4f28abb6)
2020-02-18mactime: remove unnecessary function declarationNeale Ranns1-2/+0
Type: fix Change-Id: I80cb666d9eae9d0f780d51fb95454d97ed320454 Signed-off-by: Neale Ranns <nranns@cisco.com> (cherry picked from commit bb688a4dc188b097a2dbca91da58fc5585ab6838)
2020-02-13ikev2: correct byte order in api handlersAleksander Djuric1-10/+21
Type: fix Signed-off-by: Aleksander Djuric <aleksander.djuric@gmail.com> Change-Id: I186286b8959ae138528a5171c22d3e1b00f46baf Signed-off-by: Aleksander Djuric <aleksander.djuric@gmail.com> (cherry picked from commit 50c99b4a8679e6c0d6f48677a5b91455bb612c86)
2020-02-06lb: lb_add_del_vip and lb_add_del_as doesn't work.Hongjun Ni2-4/+14
Ticket: FDIO-753 Type: fix Change-Id: I4a8cf06970b658dfa15768459a3ff76571d6dfff Signed-off-by: Hongjun Ni <hongjun.ni@intel.com> (cherry picked from commit e69f4714323e1f7e7754fef58a2d75949e146317)
2020-02-06ikev2: fix memory leak in child SAFilip Tehlar1-16/+15
traffic selector vector isn't freed when freeing child SA Type: fix Change-Id: Icf6c240db5093f45d141451bad6f6627a61821cf Signed-off-by: Filip Tehlar <ftehlar@cisco.com> (cherry picked from commit 99eefc2cfee4f71e1aaad1d420e6d9335072eb2c)
2020-02-06lacp: add actor steady state check prior to skip processing lacp pduSteven Luong2-3/+5
In a rare event, we may be skipping processing lacp pdu's when the it is not in steady state. Type: fix Signed-off-by: Steven Luong <sluong@cisco.com> Change-Id: I4e4f81dfd4e95433879ee66cdf6edb8d8afbe9b0
2019-12-21vxlan: reuse inner packet flow hash for tunnel outer header load balanceShawn Ji1-0/+9
Type: fix Several tunnels encapsulation use udp as outer header and udp src port is set by inner header flow hash, such as gtpu, geneve, vxlan, vxlan-gbd Since flow hash of inner header is already been calculated, keeping it to vnet_buffere[b]->ip.flow_hash should save load-balance node work to select ECMP uplinks. Change-Id: I0e4e2b27178f4fcc5785e221d6d1f3e8747d0d59 Signed-off-by: Shawn Ji <xiaji@tethrnet.com> (cherry picked from commit 623b4f85e6ee4611ae15bb3103fe30725ca977ed)
2019-12-02ip: IP address and prefix types (moved from LISP)Neale Ranns1-20/+20
Type: refactor Change-Id: I2c6b59013bfd21136a2955442c779685f951932b Signed-off-by: Neale Ranns <nranns@cisco.com> (cherry picked from commit ea93e48cf6e918937422638cb574964b88a146b6)
2019-12-01dpdk: fix non-NULL terminated stringBenoît Ganne1-1/+1
Type: fix Change-Id: Ic221cd4fcad89aece71239ed96152bf0311f3286 Signed-off-by: Benoît Ganne <bganne@cisco.com> (cherry picked from commit ab9b9a5c0e3257136701cde6cdfdc66c35bf8f3d)
2019-11-28tests: add cli_return_response to vpp_papi_providerDave Barach1-1/+6
To improve gcov/lcov code coverage stats, it's necessary to send incorrect debug CLI commands; to force vpp into debug CLI error paths. cli_return_response() sends commands and returns the response object, so test vectors can handle failures. Type: feature Signed-off-by: Dave Barach <dave@barachs.net> Change-Id: I4fab591c9d2e30c996f016e18e4fd69b9c5bed06 (cherry picked from commit 5932ce17e128c096fcc56eb04b27e780da3cf255)
2019-11-18gtpu: check packet has enough data for gtpu headerBenoît Ganne2-106/+60
Type: fix Change-Id: I604e4dd2b29962bfcd8e950a0074637dab53c79e Signed-off-by: Benoît Ganne <bganne@cisco.com> (cherry picked from commit 318fbfe89d4143824cec1ed81f9f7fbcddc21639)
2019-11-18rdma: fix name auto-generation on createBenoît Ganne1-1/+5
When creating rdma interface without specifying a name, we need to generate one instead of NULL. Type: fix Change-Id: If41870691dec47e8e673d48ac4b4ddffd2385a03 Signed-off-by: Benoît Ganne <bganne@cisco.com> (cherry picked from commit a50892e1504401e243076f08d9077675eb0b030e)
2019-11-18dpdk: ipsec gcm fixesChristian Hopps3-25/+14
- Fix AAD initialization. With use-esn the aad data consists of the SPI and the 64-bit sequence number in big-endian order. Fix the u32 swapped code. - Remove salt-reinitialization. The GCM code seems inspired by the GCM RFCs recommendations on IKE keydata and how to produce a salt value (create an extra 4 octets of keying material). This is not IKE code though and the SA already holds the configured salt value which this code is blowing away. Use the configured value instead. Type: fix Change-Id: I5e75518aa7c1d91037bb24b2a40fe4fc90bdfdb0 Signed-off-by: Christian Hopps <chopps@labn.net> (cherry picked from commit d58419f19b33560d224471bc16674a525427308e)
2019-11-18crypto: fix crypto perf unittest crashFan Zhang1-1/+33
Type: fix crypto perf test crashes for key size different than 16 bytes. This patch fixes the issue Signed-off-by: Fan Zhang <roy.fan.zhang@intel.com> Change-Id: Ic8a8ca83ca189c879815dc5d065b8c6f7826cd41 (cherry picked from commit bc2e640db7533394a3de7bdffd78fadf2a2ffd9f)
2019-11-18nat: NAT udp counter & unit test fixesFilip Varga5-20/+20
Ticket: VPP-1798 Type: fix Change-Id: I42f02d5824575720e95b9fc99cfa864252221a82 Signed-off-by: Filip Varga <fivarga@cisco.com> (cherry picked from commit 5854b43de4c04a7c52b0cf03cd548c9cac86c325)