Age | Commit message (Collapse) | Author | Files | Lines |
|
For AES-CBC, the IV must be unpredictable (see NIST SP800-38a Appendix
C). Chaining IVs like is done by ipsecmb and native backends for the
VNET_CRYPTO_OP_FLAG_INIT_IV is fully predictable.
Encrypt a counter as part of the message, making the (predictable)
counter-generated IV unpredictable.
Fixes: VPP-2037
Type: fix
Change-Id: If4f192d62bf97dda553e7573331c75efa11822ae
Signed-off-by: Benoît Ganne <bganne@cisco.com>
|
|
Type: fix
adding routes should be MP safe. When new prefixes with differrent
prefix lengths are added, adjust the sorted list in an MP safe way.
Change-Id: Ib73a3c84d01eb86d17f8e79ea2bd2505dd9afb3d
Signed-off-by: Neale Ranns <nranns@cisco.com>
(cherry picked from commit aecb10b97fa97b215c415ceaa3cac4c97204922f)
|
|
Type: fix
Signed-off-by: Rajesh Goel <rajegoel@cisco.com>
Change-Id: I8d128598b4c872f19b64c779c19b5908ba2f2c08
(cherry picked from commit d1d90f5951df93625594f1904cddd95880838ff0)
|
|
Type: fix
Only add GSO and Checksum offload flags when gso is
enabled.
Change-Id: I58945a4ffbb9a0e6a8640fc01424c63feef16306
Signed-off-by: Mohsin Kazmi <sykazmi@cisco.com>
|
|
Type: fix
This fix is backported from master partial of patch:
gso: add vxlan tunnel support
It fixes required number of buffers for segmentation and
also enables gso infra node on sub-interfaces.
Change-Id: I2cf93cdb39c67e2252a3549905d141fffa95d249
Signed-off-by: Mohsin Kazmi <sykazmi@cisco.com>
|
|
Swap byte order for fields of type vl_api_rx_mode_t.
Ticket: VPP-1871
Type: fix
Signed-off-by: Jakub Grajciar <jgrajcia@cisco.com>
Change-Id: Ia1745257b57209d41661d38067e0dd7618f9a9b9
Signed-off-by: Jakub Grajciar <jgrajcia@cisco.com>
|
|
Type: fix
some crytto engines store key data indexed by SA index. Creating new SAs
means this store reallocs with packets inflight; bad stuff ensues.
Signed-off-by: Neale Ranns <nranns@cisco.com>
Change-Id: Ia23c3a59e2d05fb006bdbd9922d01ee192e22853
|
|
Calling vlib_time_now (&vlib_global_main) from a worker thread is a bad
mistake. ASSERT (vm->thread_index == __os_thread_index) will catch it.
Type: fix
Signed-off-by: Dave Barach <dave@barachs.net>
Change-Id: I55af6de84e06143f8f43adc62103b77267a7a441
(cherry picked from commit 77d98382824ca211fb55fcf842931930ccfb3baa)
|
|
Add GSO support, configurable from the CLI.
Type: feature
Ticket: VPP-1820
Signed-off-by: Steven Luong <sluong@cisco.com>
Change-Id: I65885a071b24c74437e6cfe5eff237b01bc1744b
(cherry picked from commit a06f68556e506a6ff7f31a617a036614c84f71c0)
|
|
When checksum is enable for IPv6, it erroneously set the flag
VNET_BUFFER_F_OFFLOAD_IP_CKSUM. That flag is meant for ip4 packets only.
Type: fix
Ticket: VPP-1857
Signed-off-by: Steven Luong <sluong@cisco.com>
Change-Id: Id03b2937bfa34e2a9b50a36aafe0700bad7fb95e
(cherry picked from commit f78294d8468f156e066e7e69aab3a1b285810c3a)
(cherry picked from commit 82b62bbf58bc3d1143a359d8f58f7be2f473cddd)
|
|
Building applications using the VPP bin_api outside of the VPP tree is broken, missing these includes.
Type: fix
Change-Id:
Signed-off-by: IJsbrand Wijnands <ice@cisco.com>
Change-Id: Ibcb2fea0f5740a73b9577392aa54ac3c93c8d2b5
(cherry picked from commit 724c8051d1f589c8890b0a4ad41a29d8d6581c9c)
|
|
Send dhcp unicast packets to ip4-lookup. Otherwise, these packets
won't reach a dhcp server on a different subnet.
Do an immediate client scan after processing wakeup events.
Calculate the next process wakeup time by scanning all
clients.
Increase maximum (idle, no-clients-configured) timeout to 1000
seconds.
Reduce log spew.
Type: fix
Signed-off-by: Dave Barach <dave@barachs.net>
Change-Id: I3d10cd4c353298ed0b19e7e30887dc1d8d07b19e
(cherry picked from commit c54162981cdd41d65ed283df36955007552ddffe)
|
|
The code sets f->n_vectors = n_to_send, but it can bail out of the
loop if vlib_buffer_copy(...) returns 0.
Need to fix f->n_vectors in the error return path, or we enqueue some
number of 0xfefefefe buffer indices in a debug image or worse in a
production image.
Type: fix
Signed-off-by: Dave Barach <dave@barachs.net>
Change-Id: I2d886266006c6c1c2f9ef8e3b95eb46ac6c0b3df
(cherry picked from commit 8324c55f95dd5ddbf1f5f9c47907204a12e152ef)
|
|
vlib_buffer_clone(...) may not manage to produce any buffer clones at
all.
vlib_buffer_clone_256 should not smash the original buffer reference
count if no clones are produced.
Type: fix
Signed-off-by: Dave Barach <dave@barachs.net>
Change-Id: I14d9d53637a220485c7a0036cfc75a4149b264ea
(cherry picked from commit 95e19253320ab07748787f4c8a7620704563f6b8)
|
|
vlib_buffer_copy(...) returns NULL if the system is temporarily out of
buffers.
This is NOT correct. Please don't be this person:
c0 = vlib_buffer_copy (vm, p0);
ci0 = vlib_get_buffer_index (vm, c0);
Type: fix
Signed-off-by: Dave Barach <dave@barachs.net>
Change-Id: Ic25ef58965871ea5d2b40904df9506803f69e47e
(cherry picked from commit 954c707972bf7efcd227e26d9679544813a78115)
|
|
Type: fix
- swipe away the vomit indent left last time.
- add tests for VNIs > 16bit
Change-Id: I2d1f591bfb9d7a18996c38969365a509168d4193
Signed-off-by: Neale Ranns <nranns@cisco.com>
(cherry picked from commit 91fd910d7d7611a28d1f85482ed5d5c3ee6a8853)
|
|
Type: fix
Signed-off-by: Dave Barach <dave@barachs.net>
Change-Id: Idc567717494b4c40c307f20a40d5e10cd26b0a46
(cherry picked from commit 6e6968f06435727e6887abef4669715c9e59de6b)
|
|
For details, see the Jira ticket below. Fix gerrit 23350.
Type: fix
Fixes: 28a6eb7
Ticket: VPP-1840
Signed-off-by: Dave Barach <dave@barachs.net>
Change-Id: Ic9248734bb330eadb302f8410e8db9c64723f075
(cherry picked from commit d1586962a5f8f14fb81c930174d12d0453adaab8)
|
|
Remove duplicate space allocation for the pool header. Not significant
w/ CLIB_CACHE_LINE_BYTES >= 64 since the code rounds the size of the
pool header to an even multiple of the cache line size.
Type: fix
Signed-off-by: Dave Barach <dave@barachs.net>
Change-Id: I923f2a60e7565cf2dfbc18d78264bf82ff30c926
(cherry picked from commit 6e495ce428e110665ee9616e0951015963502cac)
|
|
The option parsing loop had "break" statements included in each
'if (unformat (line_input, "this-option ...") option_values=xxx;'
statement.
Result: the code would silently ignore all but the first
option. Probably broken forever, not easy to spot because the code
looks OK even though it's badly broken.
Type: fix
Signed-off-by: Dave Barach <dave@barachs.net>
Change-Id: I667bee85b4ca654b53fb3af421f957957ed0f0f8
(cherry picked from commit 7249b90ab21c20138907e692dcb6032aea9e2f0f)
|
|
Tap configuration code sets the host mac address
two time. This patch fixes it.
Type: fix
Change-Id: I7bebb9b7f25352a8a9a98bae6a0636757c0cea9c
Signed-off-by: Mohsin Kazmi <sykazmi@cisco.com>
(cherry picked from commit 3039753eda526e63d57a09debd3762e5590459df)
|
|
host mtu can't be set if tap interface is in namespace.
This patch fixes this issue.
Type: fix
Change-Id: I63811c4b56c708fe708061a8afbaec41994f08ca
Signed-off-by: Mohsin Kazmi <sykazmi@cisco.com>
(cherry picked from commit 91592c0c9cdd1bc61a2796e41a8becc30aaf8082)
|
|
Type: fix
Change-Id: I1a20fea56f1ba1fada7c7ce96ea333bf097b1273
Signed-off-by: Mohsin Kazmi <sykazmi@cisco.com>
(cherry picked from commit 9f32b6acada965d61236fd112445297fc22b60c7)
|
|
Type: fix
Change-Id: Ib320171708bebde6d1dae0b2c665f9bcfc9102db
Signed-off-by: Mohsin Kazmi <sykazmi@cisco.com>
(cherry picked from commit 547a61654629370211468679b263c49571ecb1f9)
|
|
Type: fix
"set int state <interface> down" puts the virtio device link
down. It will not put the link in "UP" state, when
"set int state <interface up>" will be used again to change
the interface admin up. This patch fixes it.
To test:
create tap
set int state tap0 up
set int state tap0 down
sh hardware
sh int
set int state tap0 up
sh int
sh hardware
Change-Id: I3c0e31539f8a2a1e40220e7fb57eedecf408f067
Signed-off-by: Mohsin Kazmi <sykazmi@cisco.com>
(cherry picked from commit 529f0e97b6064039c500adce0d54b738954b2ffa)
|
|
Type: fix
Some vhost-backends give used descriptors back in
out-of-order. This patch fixes the native virtio to
handle out-of-order descriptors.
Change-Id: I57323303349f6a385e412ee22772ab979ae8edbf
Signed-off-by: Mohsin Kazmi <sykazmi@cisco.com>
(cherry picked from commit 7f6d145accc6e63b150ab4efc282f19cbe996b57)
|
|
Type: fix
Change-Id: I6a48a6c14bfb84b3460e8211021bc9df6e915dba
Signed-off-by: Florin Coras <fcoras@cisco.com>
(cherry picked from commit cd681adab40f49d1305144b6bbbd5118e63a2805)
|
|
Type: fix
it was marked MP safe in the CLI (which it shouldn't be) but
it it not marked MP safe on the API.
Change-Id: I4bdea498a510a8b406d13d62a899b6d03656f7e8
Signed-off-by: Neale Ranns <nranns@cisco.com>
|
|
This fixes a bug in the initialization of handoff_out2in_index and
handoff_in2out_index where the node index for out2in was set to the
in2out node, and vice versa.
Type: fix
Signed-off-by: Elias Rudberg <elias.rudberg@bahnhof.net>
Change-Id: I983ddd3b3cec06f4cb3fb95b2a9cda4ab6d1270f
(cherry picked from commit dd9aedaf377f4af8620408843bd3e4610d3df5f9)
|
|
Type: fix
Signed-off-by: Ole Troan <ot@cisco.com>
Change-Id: Ief77110160120ea0e1291cc79949a73404cdbfda
(cherry picked from commit 59b6c0c86d0c3310b8d87b9f2600b6fc7682b549)
|
|
Fix a bug that caused some input packets to be dropped due to errors of
the type 'ip4 length > l2 length'. The change is related to the second
call to the rdma_device_input_bufs() function that happens when the end
of the ring buffer is reached.
Type: fix
Change-Id: I332d69ab22242b3443a0baca6e5dd86349a54765
Signed-off-by: Elias Rudberg <elias.rudberg@bahnhof.net>
(cherry picked from commit e5ecf3ea4b456afb710f4ed903cd7e4c1ae87859)
|
|
While TSO is supported for Intel NIC, Cisco VIC does not work.
The problem is due to txmode offloads is not properly set for
the Cisco VIC when enable-tcp-udp-checksum is configured.
Type: fix
Ticket: VPP-1838
Signed-off-by: Steven Luong <sluong@cisco.com>
Change-Id: I72c41db9b327ed8d08ef70d74e8cc6206d4a102f
(cherry picked from commit ac8bb9263438221cc93db62257ffd8db711530e2)
|
|
For chain buffer, need to traverse b->next_buffer to transmit all buffers
in the chain. Only set EOP at the last descriptor in the chain to signal
this is a chain descriptor.
Introduce slow path to handle ring wrap. This is needed because chain
buffer may consist of multiple pieces and it may span from near the end of
the ring to the beginning of the ring.
Type: fix
Signed-off-by: Steven Luong <sluong@cisco.com>
Change-Id: Id7c872f3e39e09f3566aa63f3cdba8f40736d508
(cherry picked from commit f7ab7b2d9bc0f42c1e766d22d49dd0dc4f28abb6)
|
|
L4 checksums for IPv6 should be calculated using a pseudo header that
includes the source/destination addresses, payload length, and payload
protocol.
ip6_tcp_udp_icmp_compute_checksum() was using the payload length and
protocol from the IPv6 header. If there is a hop-by-hop header (or any
other extension header), the payload length used for the pseudo header
should only include the upper layer header and payload and not the
extension header bytes. Same deal with the protocol, the upper layer
next header value should be used instead of the extension header.
Type: fix
Fixes: cb9cadad57
Change-Id: Ifa2c9ad41c0fc4eea674f0671255b637c8e01f71
Signed-off-by: Matthew Smith <mgsmith@netgate.com>
(cherry picked from commit 97677a26f7c857e7ee0acbdb2c13eef214aa70a8)
|
|
Type: fix
Change-Id: I57f8bfbce4feed9d2775875cb8b1b729a47900a4
Signed-off-by: Neale Ranns <nranns@cisco.com>
|
|
Type: fix
Change-Id: I0677f46dfa22c8abab7f311230a09ef1cd8ac335
Signed-off-by: Neale Ranns <nranns@cisco.com>
|
|
Type: fix
Change-Id: I6011f5d6eae79019d3c16a260a9bedf0a76d2151
Signed-off-by: Neale Ranns <nranns@cisco.com>
(cherry picked from commit 6ede570259a91cd0c34b9faf9fec7e4ec8275200)
|
|
Null pointer bug, memory leak. D'oh!
Type: fix
Signed-off-by: Dave Barach <dave@barachs.net>
Change-Id: Ic2865757ed9cbb7f48d23c7c30b64299eb5f6674
(cherry picked from commit 104112f2d412a4576b5e0d3bbb20665d2b5bd615)
|
|
"classify filter trace ... " and "classify filter pcap ..." are
mutually exclusive.
vnet_pcap_dispatch_trace_configure needs to check for
set->table_indices == NULL.
Type: fix
Ticket: VPP-1827
Signed-off-by: Dave Barach <dave@barachs.net>
Change-Id: I43733364087ffb0a43de92e450955033431d559d
(cherry picked from commit 196fce2b62c0d215722dd233aa8bf70a43aa0a66)
|
|
Type: fix
Ticket: VPP-1831
Signed-off-by: John Lo <loj@cisco.com>
Change-Id: I655964b22021ac38cbced577091a1156286d4fd6
|
|
Fix minor memory leak
Type: fix
Ticket: VPP-1833
Fixes: 4af9ba1dab
Signed-off-by: Dave Barach <dave@barachs.net>
Change-Id: Id10fba70471ca78f73f14146054f6b12c5d4431f
|
|
Recent modification added a call to vnet_gso_header_offset_parser in the
beginning of vhost_user_handle_tx_offload. The former routine may set tcp or
udp->checksum to 0. While it is appropriate to set it to 0 for the GSO packet,
it is broken and causes checksum error if the aformentiooned routine is called
by a non-GSO packet. The fix is to not call vhost_user_handle_tx_offload
if the buffer does not indicate checksum offload is needed.
Type: fix
Signed-off-by: Steven Luong <sluong@cisco.com>
Change-Id: I6e699d7a40b7887ff149cd8f77e8f0fa9374ef19
(cherry picked from commit 564e1672917e205d7ae79525bb937df18f8d764b)
|
|
fib_walk_sync may call adj_alloc which may cause adj_pool to expand. When
that happens, any previous frame which still use the old adj pointer needs to
refresh. Failure to do so may access or update to the old adj memory
unintentionally and crash mysteriously.
Type: fix
Ticket: VPPSUPP-54
Signed-off-by: Steven Luong <sluong@cisco.com>
Change-Id: I173dec4c5ce81c6e26c4fe011b894a7345901b24
(cherry picked from commit 3d5f6229bccf77fcf7e0e17ab4f1b361fedd1b2b)
|
|
Regardless of whether the virtio_net_hdr is sent as a separate
descriptors or in the same descriptor as the data, we always want to
skip the header length - maybe moving to the next descriptor along the
way.
Type: fix
Change-Id: Iaa70aeb310e589639b20f8c7029aaa8d3ce5d307
Signed-off-by: Benoît Ganne <bganne@cisco.com>
(cherry picked from commit 5ecc1e4d433a34845c7bfd761dc990413e6c321b)
|
|
Type: fix
Ticket: VPP-1830
Change-Id: Ib823d016c64998779fb1d00b8aad3acb5e8340be
Signed-off-by: Florin Coras <fcoras@cisco.com>
(cherry picked from commit 30928f87a3c9d98e288d1364d50c032e052e69ab)
|
|
Type: fix
Fixes: 418b225931634f6d113d2971cb9550837d69929d
Change-Id: Ia5f4ea24188c4f3de87e06a7fd07b40bcb47cfc1
Signed-off-by: Neale Ranns <nranns@cisco.com>
|
|
Type: fix
Ticket: VPP-1813
Change-Id: I5d47cb9bc7eb7f3c8485e3b42f0701e81d87ba2a
Signed-off-by: Dave Wallace <dwallacelf@gmail.com>
(cherry picked from commit c0c4eec3bc309bcc656eade82f17754875f9ed7c)
|
|
Updating the document of srv6-mobile plugin code integrated into stable/2001. The reason of this patch just only for the document is that the latest commit to master was reverted by the release master for some reason. The commit included not only the code for new feature, but also the updated document for the already merged code into stable/2001. The previous doc is work-in-progress status in terms of its CLI and features. It seems there is some confusion on this patch is trying to update the document of outside feature of stable/2001 which is not true. This patch exactly reflects the correct information of srv6-mobile plugin within the extent of stable/2001.
Type: docs
Signed-off-by: Satoru Matsushima <satoru.matsushima@gmail.com>
Change-Id: I376386ef6fc9584ab945db7358e3c4a698471e9b
Signed-off-by: Satoru Matsushima <satoru.matsushima@gmail.com>
|
|
Call session queue node with the right node runtime instead of the
pre-input node runtime.
Type: fix
Ticket: VPP-1826
Change-Id: I43d20bed4930fc877b187ce7ecdce62034b393c5
Signed-off-by: Florin Coras <fcoras@cisco.com>
(cherry picked from commit 2d8829cbb5f3d214fbc09bf4258573659e0c5e60)
|
|
Binary API trace replay with multiple worker threads depends in many
cases on worker thread graph replica maintenance. If we (implicitly)
assert a worker thread barrier at the debug CLI level, all graph
replica changes are deferred until the replay operation completes. If
an interface is deleted, the wheels may fall off.
Type: fix
Ticket: VPP-1824
Signed-off-by: Dave Barach <dave@barachs.net>
Change-Id: I9b07d43f8501caa5519e5ff9ae4c19dc2661cc84
|