aboutsummaryrefslogtreecommitdiffstats
path: root/src
AgeCommit message (Collapse)AuthorFilesLines
2023-02-06ipsec: fix AES CBC IV generation (CVE-2022-46397)stable/2001Benoît Ganne2-5/+28
For AES-CBC, the IV must be unpredictable (see NIST SP800-38a Appendix C). Chaining IVs like is done by ipsecmb and native backends for the VNET_CRYPTO_OP_FLAG_INIT_IV is fully predictable. Encrypt a counter as part of the message, making the (predictable) counter-generated IV unpredictable. Fixes: VPP-2037 Type: fix Change-Id: If4f192d62bf97dda553e7573331c75efa11822ae Signed-off-by: Benoît Ganne <bganne@cisco.com>
2020-07-29fib: IPv6 lookup data structure MP safe when prefixes change (VPP-1881)Neale Ranns4-15/+84
Type: fix adding routes should be MP safe. When new prefixes with differrent prefix lengths are added, adjust the sorted list in an MP safe way. Change-Id: Ib73a3c84d01eb86d17f8e79ea2bd2505dd9afb3d Signed-off-by: Neale Ranns <nranns@cisco.com> (cherry picked from commit aecb10b97fa97b215c415ceaa3cac4c97204922f)
2020-05-26ipsec: DES/3DES fixing the iv_len for openssl cryptoRajesh Goel1-1/+2
Type: fix Signed-off-by: Rajesh Goel <rajegoel@cisco.com> Change-Id: I8d128598b4c872f19b64c779c19b5908ba2f2c08 (cherry picked from commit d1d90f5951df93625594f1904cddd95880838ff0)
2020-05-20bonding: fix the gso flagsMohsin Kazmi1-4/+10
Type: fix Only add GSO and Checksum offload flags when gso is enabled. Change-Id: I58945a4ffbb9a0e6a8640fc01424c63feef16306 Signed-off-by: Mohsin Kazmi <sykazmi@cisco.com>
2020-05-20gso: fix the gso segmentationMohsin Kazmi3-29/+39
Type: fix This fix is backported from master partial of patch: gso: add vxlan tunnel support It fixes required number of buffers for segmentation and also enables gso infra node on sub-interfaces. Change-Id: I2cf93cdb39c67e2252a3549905d141fffa95d249 Signed-off-by: Mohsin Kazmi <sykazmi@cisco.com>
2020-05-15interface: fix interface rx mode config APIJakub Grajciar1-2/+4
Swap byte order for fields of type vl_api_rx_mode_t. Ticket: VPP-1871 Type: fix Signed-off-by: Jakub Grajciar <jgrajcia@cisco.com> Change-Id: Ia1745257b57209d41661d38067e0dd7618f9a9b9 Signed-off-by: Jakub Grajciar <jgrajcia@cisco.com>
2020-05-07ipsec: Add/Del SA not MP safeNeale Ranns1-7/+0
Type: fix some crytto engines store key data indexed by SA index. Creating new SAs means this store reallocs with packets inflight; bad stuff ensues. Signed-off-by: Neale Ranns <nranns@cisco.com> Change-Id: Ia23c3a59e2d05fb006bdbd9922d01ee192e22853
2020-05-07vlib: add ASSERT to vlib_time_now(...)Dave Barach3-2/+10
Calling vlib_time_now (&vlib_global_main) from a worker thread is a bad mistake. ASSERT (vm->thread_index == __os_thread_index) will catch it. Type: fix Signed-off-by: Dave Barach <dave@barachs.net> Change-Id: I55af6de84e06143f8f43adc62103b77267a7a441 (cherry picked from commit 77d98382824ca211fb55fcf842931930ccfb3baa)
2020-05-01bonding: Add GSO supportSteven Luong2-2/+21
Add GSO support, configurable from the CLI. Type: feature Ticket: VPP-1820 Signed-off-by: Steven Luong <sluong@cisco.com> Change-Id: I65885a071b24c74437e6cfe5eff237b01bc1744b (cherry picked from commit a06f68556e506a6ff7f31a617a036614c84f71c0)
2020-04-29virtio: vhost checksum problem for ipv6Steven Luong1-3/+3
When checksum is enable for IPv6, it erroneously set the flag VNET_BUFFER_F_OFFLOAD_IP_CKSUM. That flag is meant for ip4 packets only. Type: fix Ticket: VPP-1857 Signed-off-by: Steven Luong <sluong@cisco.com> Change-Id: Id03b2937bfa34e2a9b50a36aafe0700bad7fb95e (cherry picked from commit f78294d8468f156e066e7e69aab3a1b285810c3a) (cherry picked from commit 82b62bbf58bc3d1143a359d8f58f7be2f473cddd)
2020-04-20build: building applications outside of vpp is missing header filesIJsbrand Wijnands1-0/+3
Building applications using the VPP bin_api outside of the VPP tree is broken, missing these includes. Type: fix Change-Id: Signed-off-by: IJsbrand Wijnands <ice@cisco.com> Change-Id: Ibcb2fea0f5740a73b9577392aa54ac3c93c8d2b5 (cherry picked from commit 724c8051d1f589c8890b0a4ad41a29d8d6581c9c)
2020-04-13dhcp: fix unicast pkts, clean up state machineDave Barach2-55/+51
Send dhcp unicast packets to ip4-lookup. Otherwise, these packets won't reach a dhcp server on a different subnet. Do an immediate client scan after processing wakeup events. Calculate the next process wakeup time by scanning all clients. Increase maximum (idle, no-clients-configured) timeout to 1000 seconds. Reduce log spew. Type: fix Signed-off-by: Dave Barach <dave@barachs.net> Change-Id: I3d10cd4c353298ed0b19e7e30887dc1d8d07b19e (cherry picked from commit c54162981cdd41d65ed283df36955007552ddffe)
2020-04-13ping: fix buffer allocator error handlingDave Barach1-0/+2
The code sets f->n_vectors = n_to_send, but it can bail out of the loop if vlib_buffer_copy(...) returns 0. Need to fix f->n_vectors in the error return path, or we enqueue some number of 0xfefefefe buffer indices in a debug image or worse in a production image. Type: fix Signed-off-by: Dave Barach <dave@barachs.net> Change-Id: I2d886266006c6c1c2f9ef8e3b95eb46ac6c0b3df (cherry picked from commit 8324c55f95dd5ddbf1f5f9c47907204a12e152ef)
2020-04-13l2: handle complete clone fail in l2_floodDave Barach2-4/+10
vlib_buffer_clone(...) may not manage to produce any buffer clones at all. vlib_buffer_clone_256 should not smash the original buffer reference count if no clones are produced. Type: fix Signed-off-by: Dave Barach <dave@barachs.net> Change-Id: I14d9d53637a220485c7a0036cfc75a4149b264ea (cherry picked from commit 95e19253320ab07748787f4c8a7620704563f6b8)
2020-04-13misc: check return values from vlib_buffer_copy(...)Dave Barach8-4/+30
vlib_buffer_copy(...) returns NULL if the system is temporarily out of buffers. This is NOT correct. Please don't be this person: c0 = vlib_buffer_copy (vm, p0); ci0 = vlib_get_buffer_index (vm, c0); Type: fix Signed-off-by: Dave Barach <dave@barachs.net> Change-Id: Ic25ef58965871ea5d2b40904df9506803f69e47e (cherry picked from commit 954c707972bf7efcd227e26d9679544813a78115)
2020-04-10geneve: Fix the byte swapping for the VNINeale Ranns4-69/+48
Type: fix - swipe away the vomit indent left last time. - add tests for VNIs > 16bit Change-Id: I2d1f591bfb9d7a18996c38969365a509168d4193 Signed-off-by: Neale Ranns <nranns@cisco.com> (cherry picked from commit 91fd910d7d7611a28d1f85482ed5d5c3ee6a8853)
2020-03-30vppinfra: fix typo in dlmalloc.cDave Barach1-1/+1
Type: fix Signed-off-by: Dave Barach <dave@barachs.net> Change-Id: Idc567717494b4c40c307f20a40d5e10cd26b0a46 (cherry picked from commit 6e6968f06435727e6887abef4669715c9e59de6b)
2020-03-30dhcp: update secondary radv_info structuresDave Barach3-27/+122
For details, see the Jira ticket below. Fix gerrit 23350. Type: fix Fixes: 28a6eb7 Ticket: VPP-1840 Signed-off-by: Dave Barach <dave@barachs.net> Change-Id: Ic9248734bb330eadb302f8410e8db9c64723f075 (cherry picked from commit d1586962a5f8f14fb81c930174d12d0453adaab8)
2020-03-30vppinfra: correct fixed pool header size calculationDave Barach1-3/+1
Remove duplicate space allocation for the pool header. Not significant w/ CLIB_CACHE_LINE_BYTES >= 64 since the code rounds the size of the pool header to an even multiple of the cache line size. Type: fix Signed-off-by: Dave Barach <dave@barachs.net> Change-Id: I923f2a60e7565cf2dfbc18d78264bf82ff30c926 (cherry picked from commit 6e495ce428e110665ee9616e0951015963502cac)
2020-03-30ip-neighbor: fix ip6_ra_cmdDave Barach1-10/+0
The option parsing loop had "break" statements included in each 'if (unformat (line_input, "this-option ...") option_values=xxx;' statement. Result: the code would silently ignore all but the first option. Probably broken forever, not easy to spot because the code looks OK even though it's badly broken. Type: fix Signed-off-by: Dave Barach <dave@barachs.net> Change-Id: I667bee85b4ca654b53fb3af421f957957ed0f0f8 (cherry picked from commit 7249b90ab21c20138907e692dcb6032aea9e2f0f)
2020-03-27tap: fix the host mac addressMohsin Kazmi3-20/+11
Tap configuration code sets the host mac address two time. This patch fixes it. Type: fix Change-Id: I7bebb9b7f25352a8a9a98bae6a0636757c0cea9c Signed-off-by: Mohsin Kazmi <sykazmi@cisco.com> (cherry picked from commit 3039753eda526e63d57a09debd3762e5590459df)
2020-03-27tap: fix host mtu configuration settingMohsin Kazmi1-12/+13
host mtu can't be set if tap interface is in namespace. This patch fixes this issue. Type: fix Change-Id: I63811c4b56c708fe708061a8afbaec41994f08ca Signed-off-by: Mohsin Kazmi <sykazmi@cisco.com> (cherry picked from commit 91592c0c9cdd1bc61a2796e41a8becc30aaf8082)
2020-03-27tap: fix the default parameter for num_rx_queuesMohsin Kazmi3-40/+53
Type: fix Change-Id: I1a20fea56f1ba1fada7c7ce96ea333bf097b1273 Signed-off-by: Mohsin Kazmi <sykazmi@cisco.com> (cherry picked from commit 9f32b6acada965d61236fd112445297fc22b60c7)
2020-03-27tap: fix the numa/queue for buffersMohsin Kazmi1-1/+1
Type: fix Change-Id: Ib320171708bebde6d1dae0b2c665f9bcfc9102db Signed-off-by: Mohsin Kazmi <sykazmi@cisco.com> (cherry picked from commit 547a61654629370211468679b263c49571ecb1f9)
2020-03-27virtio: fix link up/down flagMohsin Kazmi1-3/+9
Type: fix "set int state <interface> down" puts the virtio device link down. It will not put the link in "UP" state, when "set int state <interface up>" will be used again to change the interface admin up. This patch fixes it. To test: create tap set int state tap0 up set int state tap0 down sh hardware sh int set int state tap0 up sh int sh hardware Change-Id: I3c0e31539f8a2a1e40220e7fb57eedecf408f067 Signed-off-by: Mohsin Kazmi <sykazmi@cisco.com> (cherry picked from commit 529f0e97b6064039c500adce0d54b738954b2ffa)
2020-03-27virtio: fix the out of order descriptors in txMohsin Kazmi4-8/+102
Type: fix Some vhost-backends give used descriptors back in out-of-order. This patch fixes the native virtio to handle out-of-order descriptors. Change-Id: I57323303349f6a385e412ee22772ab979ae8edbf Signed-off-by: Mohsin Kazmi <sykazmi@cisco.com> (cherry picked from commit 7f6d145accc6e63b150ab4efc282f19cbe996b57)
2020-03-25classify: fix pcap filter set initFlorin Coras1-4/+2
Type: fix Change-Id: I6a48a6c14bfb84b3460e8211021bc9df6e915dba Signed-off-by: Florin Coras <fcoras@cisco.com> (cherry picked from commit cd681adab40f49d1305144b6bbbd5118e63a2805)
2020-03-25ip: Adding IP tables is no MP safeNeale Ranns1-2/+0
Type: fix it was marked MP safe in the CLI (which it shouldn't be) but it it not marked MP safe on the API. Change-Id: I4bdea498a510a8b406d13d62a899b6d03656f7e8 Signed-off-by: Neale Ranns <nranns@cisco.com>
2020-03-17nat: in2out/out2in handoff node index bugfixElias Rudberg1-2/+2
This fixes a bug in the initialization of handoff_out2in_index and handoff_in2out_index where the node index for out2in was set to the in2out node, and vice versa. Type: fix Signed-off-by: Elias Rudberg <elias.rudberg@bahnhof.net> Change-Id: I983ddd3b3cec06f4cb3fb95b2a9cda4ab6d1270f (cherry picked from commit dd9aedaf377f4af8620408843bd3e4610d3df5f9)
2020-03-16vppapigen: fix options representationOle Troan1-1/+1
Type: fix Signed-off-by: Ole Troan <ot@cisco.com> Change-Id: Ief77110160120ea0e1291cc79949a73404cdbfda (cherry picked from commit 59b6c0c86d0c3310b8d87b9f2600b6fc7682b549)
2020-03-11rdma: fix bug related to ring bufferElias Rudberg1-2/+2
Fix a bug that caused some input packets to be dropped due to errors of the type 'ip4 length > l2 length'. The change is related to the second call to the rdma_device_input_bufs() function that happens when the end of the ring buffer is reached. Type: fix Change-Id: I332d69ab22242b3443a0baca6e5dd86349a54765 Signed-off-by: Elias Rudberg <elias.rudberg@bahnhof.net> (cherry picked from commit e5ecf3ea4b456afb710f4ed903cd7e4c1ae87859)
2020-03-10dpdk: TSO does not work for Cisco VICSteven Luong1-0/+11
While TSO is supported for Intel NIC, Cisco VIC does not work. The problem is due to txmode offloads is not properly set for the Cisco VIC when enable-tcp-udp-checksum is configured. Type: fix Ticket: VPP-1838 Signed-off-by: Steven Luong <sluong@cisco.com> Change-Id: I72c41db9b327ed8d08ef70d74e8cc6206d4a102f (cherry picked from commit ac8bb9263438221cc93db62257ffd8db711530e2)
2020-03-10avf: Handle chain buffer in TX properlySteven Luong2-7/+140
For chain buffer, need to traverse b->next_buffer to transmit all buffers in the chain. Only set EOP at the last descriptor in the chain to signal this is a chain descriptor. Introduce slow path to handle ring wrap. This is needed because chain buffer may consist of multiple pieces and it may span from near the end of the ring to the beginning of the ring. Type: fix Signed-off-by: Steven Luong <sluong@cisco.com> Change-Id: Id7c872f3e39e09f3566aa63f3cdba8f40736d508 (cherry picked from commit f7ab7b2d9bc0f42c1e766d22d49dd0dc4f28abb6)
2020-03-10ip6: fix l4 checksum with hop-by-hop headerMatthew Smith1-13/+23
L4 checksums for IPv6 should be calculated using a pseudo header that includes the source/destination addresses, payload length, and payload protocol. ip6_tcp_udp_icmp_compute_checksum() was using the payload length and protocol from the IPv6 header. If there is a hop-by-hop header (or any other extension header), the payload length used for the pseudo header should only include the upper layer header and payload and not the extension header bytes. Same deal with the protocol, the upper layer next header value should be used instead of the extension header. Type: fix Fixes: cb9cadad57 Change-Id: Ifa2c9ad41c0fc4eea674f0671255b637c8e01f71 Signed-off-by: Matthew Smith <mgsmith@netgate.com> (cherry picked from commit 97677a26f7c857e7ee0acbdb2c13eef214aa70a8)
2020-02-19fib: adjacency midchain teardown (VPP-1841)Neale Ranns3-5/+40
Type: fix Change-Id: I57f8bfbce4feed9d2775875cb8b1b729a47900a4 Signed-off-by: Neale Ranns <nranns@cisco.com>
2020-02-18fib: fib path realloc during midchain stackNeale Ranns1-9/+13
Type: fix Change-Id: I0677f46dfa22c8abab7f311230a09ef1cd8ac335 Signed-off-by: Neale Ranns <nranns@cisco.com>
2020-02-14fib: Fix some more realloc errorsNeale Ranns5-55/+34
Type: fix Change-Id: I6011f5d6eae79019d3c16a260a9bedf0a76d2151 Signed-off-by: Neale Ranns <nranns@cisco.com> (cherry picked from commit 6ede570259a91cd0c34b9faf9fec7e4ec8275200)
2020-02-13classify: fix "show classify filter" debug CLIDave Barach1-3/+1
Null pointer bug, memory leak. D'oh! Type: fix Signed-off-by: Dave Barach <dave@barachs.net> Change-Id: Ic2865757ed9cbb7f48d23c7c30b64299eb5f6674 (cherry picked from commit 104112f2d412a4576b5e0d3bbb20665d2b5bd615)
2020-02-12classify: pcap / packet trace debug CLI bugsDave Barach2-1/+5
"classify filter trace ... " and "classify filter pcap ..." are mutually exclusive. vnet_pcap_dispatch_trace_configure needs to check for set->table_indices == NULL. Type: fix Ticket: VPP-1827 Signed-off-by: Dave Barach <dave@barachs.net> Change-Id: I43733364087ffb0a43de92e450955033431d559d (cherry picked from commit 196fce2b62c0d215722dd233aa8bf70a43aa0a66)
2020-02-05ipsec: set l2_len for GRE-TEB tunnel decapJohn Lo1-0/+2
Type: fix Ticket: VPP-1831 Signed-off-by: John Lo <loj@cisco.com> Change-Id: I655964b22021ac38cbced577091a1156286d4fd6
2020-02-05vppinfra: fix typo in tw_timer_template.cDave Barach1-1/+1
Fix minor memory leak Type: fix Ticket: VPP-1833 Fixes: 4af9ba1dab Signed-off-by: Dave Barach <dave@barachs.net> Change-Id: Id10fba70471ca78f73f14146054f6b12c5d4431f
2020-02-05virtio: vhost gso is broken in some topologySteven Luong1-2/+8
Recent modification added a call to vnet_gso_header_offset_parser in the beginning of vhost_user_handle_tx_offload. The former routine may set tcp or udp->checksum to 0. While it is appropriate to set it to 0 for the GSO packet, it is broken and causes checksum error if the aformentiooned routine is called by a non-GSO packet. The fix is to not call vhost_user_handle_tx_offload if the buffer does not indicate checksum offload is needed. Type: fix Signed-off-by: Steven Luong <sluong@cisco.com> Change-Id: I6e699d7a40b7887ff149cd8f77e8f0fa9374ef19 (cherry picked from commit 564e1672917e205d7ae79525bb937df18f8d764b)
2020-02-03fib: refresh adj pointer after fib_walk_sync due to possible reallocSteven Luong2-0/+13
fib_walk_sync may call adj_alloc which may cause adj_pool to expand. When that happens, any previous frame which still use the old adj pointer needs to refresh. Failure to do so may access or update to the old adj memory unintentionally and crash mysteriously. Type: fix Ticket: VPPSUPP-54 Signed-off-by: Steven Luong <sluong@cisco.com> Change-Id: I173dec4c5ce81c6e26c4fe011b894a7345901b24 (cherry picked from commit 3d5f6229bccf77fcf7e0e17ab4f1b361fedd1b2b)
2020-01-29devices: vhost: fix data offset on inputBenoît Ganne1-11/+1
Regardless of whether the virtio_net_hdr is sent as a separate descriptors or in the same descriptor as the data, we always want to skip the header length - maybe moving to the next descriptor along the way. Type: fix Change-Id: Iaa70aeb310e589639b20f8c7029aaa8d3ce5d307 Signed-off-by: Benoît Ganne <bganne@cisco.com> (cherry picked from commit 5ecc1e4d433a34845c7bfd761dc990413e6c321b)
2020-01-28session tcp: fix packet tracingFlorin Coras5-13/+15
Type: fix Ticket: VPP-1830 Change-Id: Ib823d016c64998779fb1d00b8aad3acb5e8340be Signed-off-by: Florin Coras <fcoras@cisco.com> (cherry picked from commit 30928f87a3c9d98e288d1364d50c032e052e69ab)
2020-01-27fib: Reload the adj after possible realloc (VPP-1822)Neale Ranns1-0/+1
Type: fix Fixes: 418b225931634f6d113d2971cb9550837d69929d Change-Id: Ia5f4ea24188c4f3de87e06a7fd07b40bcb47cfc1 Signed-off-by: Neale Ranns <nranns@cisco.com>
2020-01-27nsim: enable output scheduling on main threadDave Wallace2-2/+29
Type: fix Ticket: VPP-1813 Change-Id: I5d47cb9bc7eb7f3c8485e3b42f0701e81d87ba2a Signed-off-by: Dave Wallace <dwallacelf@gmail.com> (cherry picked from commit c0c4eec3bc309bcc656eade82f17754875f9ed7c)
2020-01-27srv6-mobile: Update the documentSatoru Matsushima10-351/+248
Updating the document of srv6-mobile plugin code integrated into stable/2001. The reason of this patch just only for the document is that the latest commit to master was reverted by the release master for some reason. The commit included not only the code for new feature, but also the updated document for the already merged code into stable/2001. The previous doc is work-in-progress status in terms of its CLI and features. It seems there is some confusion on this patch is trying to update the document of outside feature of stable/2001 which is not true. This patch exactly reflects the correct information of srv6-mobile plugin within the extent of stable/2001. Type: docs Signed-off-by: Satoru Matsushima <satoru.matsushima@gmail.com> Change-Id: I376386ef6fc9584ab945db7358e3c4a698471e9b Signed-off-by: Satoru Matsushima <satoru.matsushima@gmail.com>
2020-01-25session: fix node runtime in pre-input queue handlerFlorin Coras1-0/+1
Call session queue node with the right node runtime instead of the pre-input node runtime. Type: fix Ticket: VPP-1826 Change-Id: I43d20bed4930fc877b187ce7ecdce62034b393c5 Signed-off-by: Florin Coras <fcoras@cisco.com> (cherry picked from commit 2d8829cbb5f3d214fbc09bf4258573659e0c5e60)
2020-01-24api: mark api_trace_command_fn thread-safeDave Barach1-1/+20
Binary API trace replay with multiple worker threads depends in many cases on worker thread graph replica maintenance. If we (implicitly) assert a worker thread barrier at the debug CLI level, all graph replica changes are deferred until the replay operation completes. If an interface is deleted, the wheels may fall off. Type: fix Ticket: VPP-1824 Signed-off-by: Dave Barach <dave@barachs.net> Change-Id: I9b07d43f8501caa5519e5ff9ae4c19dc2661cc84