Age | Commit message (Collapse) | Author | Files | Lines |
|
For AES-CBC, the IV must be unpredictable (see NIST SP800-38a Appendix
C). Chaining IVs like is done by ipsecmb and native backends for the
VNET_CRYPTO_OP_FLAG_INIT_IV is fully predictable.
Encrypt a counter as part of the message, making the (predictable)
counter-generated IV unpredictable.
Fixes: VPP-2037
Type: fix
Change-Id: If4f192d62bf97dda553e7573331c75efa11822ae
Signed-off-by: Benoît Ganne <bganne@cisco.com>
|
|
Type: fix
Signed-off-by: Florin Coras <fcoras@cisco.com>
Change-Id: If5300653edd2dad470985f4591959d00cad2a43b
(cherry picked from commit af2e88d964ff8bd8eca30c182ab00e178213c1d4)
|
|
path implementation
In fast path implementation of spd policy lookup opposite convention to
the original implementation has been applied and local ip range has been
interchanged with the remote ip range. This fix addresses this issue.
Type: fix
Signed-off-by: Piotr Bronowski <piotrx.bronowski@intel.com>
Change-Id: I0b6cccc80bf52b34524e98cfd1f1d542008bb7d0
|
|
Type: improvement
Change-Id: I30e66370c927afeb62ba3a2b3334bdc2a31d4561
Signed-off-by: Benoît Ganne <bganne@cisco.com>
|
|
This patch removes a
.runs_after = VNET_FEATURES ("ip6-lookup"),
On the 'pt' node, as 'ip6-lookup' does not belong to the 'ip6-output' arc.
Type: fix
Change-Id: Ie34aaf7351593f08c61e3b02aaf9f72a4de1a437
Signed-off-by: Nathan Skrzypczak <nathan.skrzypczak@gmail.com>
|
|
Uses VPP's clib_host_to_net functions, and initializes a potentially
uninitialized variable.
Type: fix
Signed-off-by: Guillaume Solignac <gsoligna@cisco.com>
Change-Id: Ie6b035c698f57ff39aeb955b35db8ec40f383b7a
|
|
Type: fix
Signed-off-by: Florin Coras <fcoras@cisco.com>
Change-Id: Ibff9f32e4fcaf0344207d8e43f3547180cbd4eef
|
|
Type: fix
Signed-off-by: Florin Coras <fcoras@cisco.com>
Signed-off-by: Steven Luong <sluong@cisco.com>
Change-Id: Ibebe9e4ab7331c3ae66c9502e910368acaba51ec
|
|
Type: fix
Signed-off-by: Florin Coras <fcoras@cisco.com>
Signed-off-by: Steven Luong <sluong@cisco.com>
Change-Id: I1b5a35b9d53cc56d4d8050de70f40b95e92f1011
|
|
Type: fix
Signed-off-by: Florin Coras <fcoras@cisco.com>
Change-Id: I1a3393b579caeb5dc25b60bc1b4a71706fb07051
|
|
unformat_ip46_address() requires the address type as 2nd parameter.
Type: fix
Change-Id: Iaa1aebaebd1a947dab6c936c3b931854c0a3facc
Signed-off-by: Benoît Ganne <bganne@cisco.com>
|
|
We were creating an additional worker not backed by any VPP threads,
leading off-by-1 access in the session main workers vector.
Also uses vec_elt_at_index() when accessing session main workers vector
elements to catch those errors more easily.
Type: fix
Change-Id: I6059116b7b64ae6b26ad83c1fcf55df8522868ad
Signed-off-by: Benoît Ganne <bganne@cisco.com>
|
|
Type: improvement
Signed-off-by: Mohsin Kazmi <sykazmi@cisco.com>
Change-Id: I3ec857adb3a9e8a778072a202a4d23f4101e83b2
|
|
Type: fix
Signed-off-by: Florin Coras <fcoras@cisco.com>
Change-Id: I659b9914fcfa4619a68e9807ef241f88c96b3bd0
|
|
New BFD UDP errors were no longer compatible with BFD errors. This was causing
out-of-bound reads and ASAN test crashes.
Fix this issue by statically checking if these enums are compatible.
Type: fix
Signed-off-by: Dmitry Valter <d-valter@yandex-team.ru>
Change-Id: I92fddd26270f946bc16ade840c94e5496e2cb88a
|
|
Useful to update the tunnel paramaters and udp ports (NAT-T) of an SA
without having to rekey. Could be done by deleting and re-adding the
SA but it would not preserve the anti-replay window if there is one.
Use case: a nat update/reboot between the 2 endpoints of the tunnel.
Type: feature
Change-Id: Icf5c0aac218603e8aa9a008ed6f614e4a6db59a0
Signed-off-by: Arthur de Kerhor <arthurdekerhor@gmail.com>
|
|
format vlib_buffer_t::flags into interface output trace
Type: fix
Signed-off-by: luoyaozu <luoyaozu@foxmail.com>
Change-Id: Icb48a6d3a7ebdff7a3d42efe62723b0f0f1ea507
|
|
Some upon apps(e.g. Nginx-quic) package it's several protocol buffers into a struct msg
which is a combination of gso_buffer and gso_size.
but if HostStack regardless the gso_size to the buffer and split the buffer with default mss,
that cause peer client failed on parsing the package.
Type: improvement
Signed-off-by: Dou Chao <chao.dou@intel.com>
Change-Id: I805eb642be826038ba96d1b85dad8ec0c0f6c459
Signed-off-by: Dou Chao <chao.dou@intel.com>
|
|
NAT44 enable/disable return status was used
instead of appropriate VNET_API_ERROR_ code.
Type: fix
Signed-off-by: Filip Varga <filipvarga89@gmail.com>
Change-Id: If944866bf3061afdc91284c0ad475135e529bdc4
|
|
Type: fix
Signed-off-by: Florin Coras <fcoras@cisco.com>
Change-Id: Iefabc7b9dd1109fd6dcf65e5d9794173421b7369
|
|
The metadata in classifier entries is used to index a fib or a dpo in
the acl nodes which can exceeds UINT16_MAX in large configurations.
To maintain entries size and alignment, decrease next_index from 32- to
16-bits: next_index should not exceed 16-bits in VPP, as it is already
shown by vlib_buffer_enqueue_to_next() or dpo_id_t.dpoi_next_node.
Type: fix
Change-Id: I4fd1b3cd495319420044c219036b2d2ea952270a
Signed-off-by: Benoît Ganne <bganne@cisco.com>
|
|
Type: improvement
Signed-off-by: Florin Coras <fcoras@cisco.com>
Change-Id: I035e3fdbb52eca010ad7b2c20ca2930cb1645978
|
|
Type: fix
Signed-off-by: Klement Sekera <klement.sekera@gmail.com>
Change-Id: I0a947b74e40499327910c1ed10923f7a869039d6
|
|
convert vhost device driver to a plugin as described in
https://jira.fd.io/browse/VPP-2065
Type: improvement
Signed-off-by: Steven Luong <sluong@cisco.com>
Change-Id: Ibfe2f351bcaed36a04b136d082ae414145dd37b5
|
|
Type: improvement
Signed-off-by: Florin Coras <fcoras@cisco.com>
Change-Id: I4f7314ddf95d26f1939bd3772d29d011fb4cea47
|
|
Maintain a single writer multiple readers usage model for transport
endpoints pool.
Type: improvement
Signed-off-by: Florin Coras <fcoras@cisco.com>
Change-Id: I8555700ed725971341f145ea97f031042a298e83
|
|
Type: fix
Fixes: 815c6a4fbcbb636ce3b4dc98446ad205a30670a6
Ticket: VPP-2068
Change-Id: I42d678b0e28ac4d0b524dfc2dbd01bbad020cf24
Signed-off-by: Vratko Polak <vrpolak@cisco.com>
|
|
Fast path spd was explicitely storing array of policy id vectors.
This information was redundand, as this inofrmation is already stored
in bihash table. This additional array was affecting performance
when adding and removing fast path policies.
The other place that needed refactoring after removing this array was
cli command showing fast path policies.
Type: feature
Signed-off-by: Piotr Bronowski <piotrx.bronowski@intel.com>
Change-Id: I78d45653f71539e7ba90ff5d2834451f83ead4be
|
|
Not ideal. The sparse vector used to map ports to next nodes assumes
only a few ports are ever used. When udp transport is enabled this does
not hold and, to make matters worse, ports are consumed in a random
order.
This can lead to a lot of slow updates to internal data structures
which in turn can slow udp connection allocations until all ports are
eventually consumed.
Consequently, reallocate sparse vector, preallocate all ports and have
them point to UDP_NO_NODE_SET. We could consider switching the sparse
vector to a preallocated vector but that would increase memory
consumption for vpp deployments that do not rely on host stack.
For reference, populating one of the v4 or v6 sparse vectors in reverse
order takes about 9.8s on a skylake cpu.
Type: improvement
Signed-off-by: Florin Coras <fcoras@cisco.com>
Change-Id: Id795e1805d0d3ba54f56a152a9506a7a2a06ecbc
|
|
Type: fix
Signed-off-by: Mohsin Kazmi <sykazmi@cisco.com>
Change-Id: I3138f97519d216b89a9c46865271db1f9ddd53cd
|
|
Implements the API for SRv6 Path Tracing
Type: feature
Signed-off-by: Julian Klaiber <julian@klaiber.me>
Change-Id: Iefa7e512c8e1894595a9e3f5d42eab4160db1f28
|
|
Type: docs
Signed-off-by: Mohsin Kazmi <sykazmi@cisco.com>
Change-Id: I8a96e6cc73b5f7ab3049fef37aafba43f3ef4d84
|
|
Type: docs
Several kinds of policers are implemented in VPP.
However, they could differ from the RFCs it is
said they are from.
Additionally, the CLI command's help has been
updated with the current list of acceptable
parameters.
Signed-off-by: Maxime Peim <mpeim@cisco.com>
Change-Id: Ic9bf94e1094bea0fcc87ccaa882c2c5f88824041
|
|
Type: improvement
Signed-off-by: jiangxiaoming <jiangxiaoming@outlook.com>
Change-Id: I91ba1ff4c1085f4aca60ca111cbbaf14a3b4d761
|
|
the batch
Type: fix
Signed-off-by: Neale Ranns <neale@graphiant.com>
Change-Id: Icd1e43a5764496784c355c93066273435f16dd35
|
|
Leave tp_vfts vector out for now.
Type: improvement
Signed-off-by: Florin Coras <fcoras@cisco.com>
Change-Id: Ic20a1671be9424280d0645f48ef2131a694cd16f
|
|
Type: improvement
Signed-off-by: Florin Coras <fcoras@cisco.com>
Change-Id: I6dd400285ae475974c416f9b94e8a5b4b6257ca1
|
|
Make sure they only double in size.
Type: improvement
Signed-off-by: Florin Coras <fcoras@cisco.com>
Change-Id: I18d5508c7f32836deb3b25943e8e3af39d0dbc33
|
|
Type: feature
Signed-off-by: Filip Tehlar <ftehlar@cisco.com>
Change-Id: I0738c0aefb41ab6c0ff717cfccd1df75ddb481fa
|
|
dd2f12ba made use of ip46_address_is_ip4() in order to determine whether
the address is ipv4 or ipv6 within unformat_ip_address - however, its
logic is correct only for some addresses. e.g. a valid IPv6 address of :: (unspecified)
will result in "true" result. This is probably not an issue for most
of the cases (the unspecified address is quite rare),
however if the unformat_ip_address is used as part of the
prefix parsing, the ::/0 is a fairly often utilized construct,
which gets parsed as 0.0.0.0
Solution: return the old logic, but use a temporary
variable to avoid overwriting the target memory on failure.
Type: fix
Fixes: dd2f12ba6ab952d9d66f4d9ba89ffde6309b1ff2.
Change-Id: I272f740dfdf07036cec68516e153f0701a53233d
Signed-off-by: Andrew Yourtchenko <ayourtch@gmail.com>
|
|
cli show policer's help info is not consistent
with it's arguments.
Type: improvement
Signed-off-by: Huawei LI <lihuawei_zzu@163.com>
Change-Id: I8332fe97ba343e98511db9ff1bb6afd6f3c657cd
|
|
Type: fix
The router flag on a neighbor advertisement can be used by neighbors to
detect that a router has changed to a host (RFC 4861 section 4.4).
If a neighbor adds routes after receiving a router advertisement sent
by VPP and subsequently receives a neighbor advertisement sent by VPP,
it may remove any routes it added based on the RA if the NA does not
have the router flag set. It appears that this is how windows behaves.
When sending a neighbor advertisement, set the router flag if sending
RAs is enabled on the interface.
Signed-off-by: Matthew Smith <mgsmith@netgate.com>
Change-Id: I1f3e42bbd8ea1a4c116b1ce5a8273652d4cd763d
|
|
Otherwise, the newly configured interface will never send RADV's.
See below. In the typical case, suppress = 0 and is_no = 0, which
propagates the current value of radv->send_radv:
radv_info->send_radv =
(suppress != 0) ? ((is_no != 0) ? 1 : 0) : radv_info->send_radv;
No other bit of code will set send_radv, at least in straightforward
ways.
Type:fix
Signed-off-by: Dave Barach <dave@barachs.net>
Change-Id: If9368155f7676460ca1f87729c2b3c453405d08d
|
|
vpp crash when update nonexistent classify table.
Program received signal SIGABRT, Aborted.
0x00007fbf3b49b337 in raise () from /lib64/libc.so.6
(gdb) bt
0 0x00007fbf3b49b337 in raise () from /lib64/libc.so.6
1 0x00007fbf3b49ca28 in abort () from /lib64/libc.so.6
2 0x00000000004079db in os_panic () at /usr/src/debug/vpp-23.02/src/vpp/vnet/main.c:417
3 0x00007fbf3bb611c7 in debugger () at /usr/src/debug/vpp-23.02/src/vppinfra/error.c:84
4 0x00007fbf3bb61529 in _clib_error (how_to_die=2, function_name=0x0, line_number=0, fmt=0x7fbf3d03af08 "%s:%d (%s) assertion `%s' fails")
at /usr/src/debug/vpp-23.02/src/vppinfra/error.c:143
5 0x00007fbf3c67062c in vnet_classify_add_del_table (cm=0x7fbf3d438f00 <vnet_classify_main>, mask=0x7fbf00fdc088 "", nbuckets=2, memory_size=2097152,
skip=4, match=1, next_table_index=4294967295, miss_next_index=4294967295, table_index=0x7fbeed930b98, current_data_flag=0 '\000',
current_data_offset=0, is_add=1, del_chain=0) at /usr/src/debug/vpp-23.02/src/vnet/classify/vnet_classify.c:780
6 0x00007fbf3c672bf4 in classify_table_command_fn (vm=0x7fbefb465740, input=0x7fbeed930ef0, cmd=0x7fbefc45ec18)
at /usr/src/debug/vpp-23.02/src/vnet/classify/vnet_classify.c:1622
7 0x00007fbf3d52b527 in vlib_cli_dispatch_sub_commands (vm=0x7fbefb465740, cm=0x4273f0 <vlib_global_main+48>, input=0x7fbeed930ef0,
parent_command_index=1064) at /usr/src/debug/vpp-23.02/src/vlib/cli.c:650
8 0x00007fbf3d52b2c3 in vlib_cli_dispatch_sub_commands (vm=0x7fbefb465740, cm=0x4273f0 <vlib_global_main+48>, input=0x7fbeed930ef0,
parent_command_index=0) at /usr/src/debug/vpp-23.02/src/vlib/cli.c:607
9 0x00007fbf3d52b9cb in vlib_cli_input (vm=0x7fbefb465740, input=0x7fbeed930ef0, function=0x7fbf3d597406 <unix_vlib_cli_output>, function_arg=0)
at /usr/src/debug/vpp-23.02/src/vlib/cli.c:753
10 0x00007fbf3d59cb0c in unix_cli_process_input (cm=0x7fbf3d61fe00 <unix_cli_main>, cli_file_index=0)
at /usr/src/debug/vpp-23.02/src/vlib/unix/cli.c:2616
11 0x00007fbf3d59d25a in unix_cli_process (vm=0x7fbefb465740, rt=0x7fbf00f7bfc0, f=0x0) at /usr/src/debug/vpp-23.02/src/vlib/unix/cli.c:2745
12 0x00007fbf3d555a25 in vlib_process_bootstrap (_a=140458063833296) at /usr/src/debug/vpp-23.02/src/vlib/main.c:1221
13 0x00007fbf3bb74204 in clib_calljmp () at /usr/src/debug/vpp-23.02/src/vppinfra/longjmp.S:123
14 0x00007fbef10028a0 in ?? ()
15 0x00007fbf3d555b4e in vlib_process_startup (vm=0x7fbf3bb7d70f <clib_mem_size+24>, p=0x7fbef10028d0, f=0x7fbf00f06ae0)
at /usr/src/debug/vpp-23.02/src/vlib/main.c:1246
16 0x00007fbf3d592be6 in vec_max_bytes (v=0x8) at /usr/src/debug/vpp-23.02/src/vppinfra/vec_bootstrap.h:161
17 0x00007fbf00f06af8 in ?? ()
18 0x0000000000000004 in ?? ()
19 0x00000000000000ff in ?? ()
20 0x00007fbef1002980 in ?? ()
21 0x00007fbf3d592dcb in _vec_set_len (v=<error reading variable: Cannot access memory at address 0xfffffffffffffff5>,
len=<error reading variable: Cannot access memory at address 0xffffffffffffffed>,
elt_sz=<error reading variable: Cannot access memory at address 0xffffffffffffffe5>) at /usr/src/debug/vpp-23.02/src/vppinfra/vec_bootstrap.h:196
Backtrace stopped: previous frame inner to this frame (corrupt stack?)
(gdb) f 5
0x00007fbf3c67062c in vnet_classify_add_del_table (cm=0x7fbf3d438f00 <vnet_classify_main>, mask=0x7fbf00fdc088 "", nbuckets=2, memory_size=2097152,
skip=4, match=1, next_table_index=4294967295, miss_next_index=4294967295, table_index=0x7fbeed930b98, current_data_flag=0 '\000',
current_data_offset=0, is_add=1, del_chain=0) at /usr/src/debug/vpp-23.02/src/vnet/classify/vnet_classify.c:780
780 t = pool_elt_at_index (cm->tables, *table_index);
(gdb) p *table_index
$1 = 8
(gdb) p cm->tables
$2 = (vnet_classify_table_t *) 0x0
(gdb)
Type: fix
Signed-off-by: Huawei LI <lihuawei_zzu@163.com>
Change-Id: I1c5f6168f0a7e1d1989ce07ec6c30c6fd9f0aaa9
|
|
The tx_fifo of session may not be set up yet, if app request to
disconnect the session, svm_fifo_dequeue_drop_all will crash.
In debug image, ho_session_alloc will do clib_bitmap_validate to
prevent race condition, however the input is not correct which
will make vpp crash.
Type: fix
Change-Id: Ia8bff325d238eacb671e6764ea2a4eecd3fca609
Signed-off-by: Dongya Zhang <fortitude.zhang@gmail.com>
|
|
Type: feature
Signed-off-by: Julian Klaiber <julian@klaiber.me>
Change-Id: I866a2d2e06013380309c98a54078c1b3f6ad76fc
|
|
Type: improvement
Signed-off-by: Florin Coras <fcoras@cisco.com>
Change-Id: Ia2c771cbf826526d2d06b6da022509ab02917350
|
|
To aid sesipon debug, add session event log in SM debug to track
the session state.
Type: improvement
Signed-off-by: Steven Luong <sluong@cisco.com>
Change-Id: I6909cf969cd5b6a3ea5a06d08ae32c2f1d48f686
|
|
Type: fix
virtio transmit node uses header offsets to set the
appropriate metadata for packet with offloads. But
l2_hdr_offset is not correctly set by previous node(s).
This patch makes use of curren_data field as l2_hdr_offset.
Signed-off-by: Mohsin Kazmi <sykazmi@cisco.com>
Change-Id: Id2f41a7650be45c9cc1ebacc7bec298be79bf218
|
|
Type: fix
af_packet transmit node uses header offsets to set the
appropriate metadata for packet with offload. But
l2_hdr_offset is not correctly set by previous node.
This patch makes use of curren_data field as l2_hdr_offset.
Signed-off-by: Mohsin Kazmi <sykazmi@cisco.com>
Change-Id: I751a725af5c231a443eed22231a867eb7f3894e0
|