Age | Commit message (Collapse) | Author | Files | Lines |
|
For AES-CBC, the IV must be unpredictable (see NIST SP800-38a Appendix
C). Chaining IVs like is done by ipsecmb and native backends for the
VNET_CRYPTO_OP_FLAG_INIT_IV is fully predictable.
Encrypt a counter as part of the message, making the (predictable)
counter-generated IV unpredictable.
Fixes: VPP-2037
Type: fix
Change-Id: If4f192d62bf97dda553e7573331c75efa11822ae
Signed-off-by: Benoît Ganne <bganne@cisco.com>
|
|
Type: fix
Signed-off-by: Florin Coras <fcoras@cisco.com>
Change-Id: If5300653edd2dad470985f4591959d00cad2a43b
(cherry picked from commit af2e88d964ff8bd8eca30c182ab00e178213c1d4)
|
|
Type: fix
Signed-off-by: Ondrej Fabry <ofabry@cisco.com>
Change-Id: I241cefbbce98cf6fef83f36bd87ae2c1f4b067f0
(cherry picked from commit a4f994f31e566cc5e6512d3aebf627a6e3ce2cc7)
|
|
When application performs SSL_read from the app rx-fifo, it can
pre-allocate multiple segments, but there is an issue if the OpenSSL
manages to partially fill in the first segment, in this case, since
data is assumed to be copied over by OpenSSL to the pre-allocated
segments(s), vpp uses svm_fifo_enqueue_nocopy API which performs
zero copy by passing the pre-allocated segment to SSL_read.
If the decrypted data size is smaller than the pre-allocated fifo
segment buffer size, application will fetch buffers including zero
in the area not filled in by SSL_read.
Type: fix
Signed-off-by: Ofer Heifetz <oferh@marvell.com>
Change-Id: I941a89b17d567d86e5bd2c35785f1df043c33f38
(cherry picked from commit 905ec8797790380e134714e15ff3341eeeabb05e)
|
|
This patch adds source ip based sticky session, which is already
implemented in many hardware LBs and software LBs. Note that sticky
sessions may be reset if the hash is recalculated as ASs are added
or deleted.
Since this feature is unrelated to the other existing options, the
lb_add_del_vip API version has been upgraded to v2 and a new option
"src_ip_sticky" has been added.
Type: feature
Signed-off-by: Nobuhiro MIKI <nmiki@yahoo-corp.jp>
Change-Id: I3eb3680a28defbc701f28c873933ec2fb54544ab
|
|
In some situations, CMake will find ccache in /usr/bin but /usr/bin
might not present in PATH. The former fix for this was to place the
ccache configuration logic before the project() declaration, but since
CMake 3.4 there is a new variable to be used which handles this case.
For the original problem, see also
https://crascit.com/2016/04/09/using-ccache-with-cmake/
Type: fix
Signed-off-by: Guillaume Solignac <gsoligna@cisco.com>
Change-Id: Ie026e02b2b06e2dca2d62da5fea7b1a104bcc7c3
|
|
Type: feature
Signed-off-by: Ole Troan <ot@cisco.com>
Change-Id: Ibd796adea734b64d9209c5e18c5b9800cbaf62c6
Signed-off-by: Dave Wallace <dwallacelf@gmail.com>
|
|
In function ‘memcpy’,
inlined from ‘clib_memcpy_fast’ at /home/vpp/src/vppinfra/string.h:86:10,
inlined from ‘memcpy_s_inline’ at /home/vpp/src/vppinfra/string.h:157:7,
inlined from ‘vnet_pppoe_add_del_session’ at /home/vpp/src/plugins/pppoe/pppoe.c:356:7:
error: ‘__builtin_memcpy’ offset [0, 5] is out of the bounds [0, 0] [-Werror=array-bounds]
34 | return __builtin___memcpy_chk (__dest, __src, __len, __bos0 (__dest));
| ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Cc1: all warnings being treated as errors
Hardware address is zero length vector for PPP, use vec_len instead.
Type: fix
Fixes: 62f9cdd82c52 ("Add PPPoE Plugin")
Signed-off-by: Tianyu Li <tianyu.li@arm.com>
Change-Id: If9fb409cfbbac77c15559d103987f0130bf30255
|
|
Type: improvement
Signed-off-by: aihua2013 <51931196@qq.com>
Change-Id: I22670f49abfb5d1fd728686fc7d65fb40ea6bda2
|
|
The musl libc does not support closedir(0) resulting in a crash. Only
call closedir() if we successfully opened it.
Type: fix
Change-Id: I3198454f44735501047afc42b94b2fea273212f4
Signed-off-by: Benoît Ganne <bganne@cisco.com>
|
|
Allow the CLI caller to specify an optional [index <idx>] index,
which will remove the ACL at that index. This mimicks the API behavior,
Add a 'delete acl-plugin acl index <idx>' to mimick the API acl_del
call, which will refuse to delete a non-existent index, as well as
an index that is referenced by an interface.
Type: improvement
Signed-off-by: pim@ipng.nl
Change-Id: I5f240f7a4e3bca14e8122917e8a5186d80094de2
|
|
Change-Id: I7888ab58abced93859ce15d0dbd1c3d7c94a02f5
Signed-off-by: Mohammed Hawari <mohammed@hawari.fr>
Type: fix
Fixes: 0654242d1ef51566f0d58445a16053cf376e5a6e
|
|
The current implementation of wireguard use dereference value from
pointer, but between get and dereference the value from pointer can be
occur change in pool memory, which means that this pointer can be
invalid. Since current implementation doesn't handle with invalid
pointers, segfault can occur.
The fix add a local variable to keep index of peer from pool and also
handle with null pointers from get pointer from pool.
Type: fix
Signed-off-by: Gabriel Oginski <gabrielx.oginski@intel.com>
Change-Id: Ic161ab08266e584493338c682d827ea1fd754b98
|
|
path implementation
In fast path implementation of spd policy lookup opposite convention to
the original implementation has been applied and local ip range has been
interchanged with the remote ip range. This fix addresses this issue.
Type: fix
Signed-off-by: Piotr Bronowski <piotrx.bronowski@intel.com>
Change-Id: I0b6cccc80bf52b34524e98cfd1f1d542008bb7d0
|
|
These functions do not need modifiable strings.
It helps with linker sections as well as C++ compatibility.
It is a good style to use const where approriate.
Type: refactor
Signed-off-by: void234@gmail.com
Change-Id: Ib437a01663aa61860c6a938d869ed1111da71ec7
|
|
These functions do not need modifiable strings.
It helps with linker sections as well as C++ compatibility.
It is a good style to use const where approriate.
Type: refactor
Signed-off-by: void234@gmail.com
Change-Id: I8d1e922197b3594122296e8c1af57e0a8ec0bf3d
|
|
Type: fix
Signed-off-by: Florin Coras <fcoras@cisco.com>
Change-Id: I021f8e8bba247b0050d390a37dbc75900dc6a598
|
|
Type: fix
Signed-off-by: Liangxing Wang <liangxing.wang@arm.com>
Change-Id: I1f757abccd228b9e73f25c96754738c8e6bff259
|
|
Installs the unversioned .so symlink in the -dev component.
This prevent debian lintian error:
link-to-shared-library-in-wrong-package
NAMELINK_COMPONENT was added in cmake 3.12
Type: make
Change-Id: I9d743218fa1f6b677659d745525e399ff66e73f4
Signed-off-by: Nick Brown <nickbroon@gmail.com>
|
|
AF_XDP support is deprecated in libbpf since v0.7.0 [1], the libxdp library
now provides the functionality which once was in libbpf, this commit updates
af_xdp plugin to depend on libxdp, libbpf still remains a dependency even if
libxdp is present, as it need use libbpf APIs for program loading.
libxdp is distributed within xdp-tool [2], xdp-tools package also
include libbpf in it as dependency, so here installed libxdp v1.2.9 and
libbpf v0.8.0, both from xdp-tool-1.2.9 package.
More information about libxdp compatibility can be found in the libxdp
README [3].
In libbpf v0.8.0, The bpf_prog_load function was deprecated and changed to
bpf_object__open_file and bpf_object__next_program and bpf_object__load,
The bpf_get_link_xdp_id and bpf_set_link_xdp_fd functions were deprecated
and changed to bpf_xdp_attach and bpf_xdp_detach, The bpf_object__unload
function was deprecated and changed to bpf_object__close.
[1] https://github.com/libbpf/libbpf/commit/277846bc6c15
[2] https://github.com/xdp-project/xdp-tools/releases/tag/v1.2.9
[3] https://github.com/xdp-project/xdp-tools/blob/master/lib/libxdp/README.org
Type: improvement
Change-Id: Ifbf6e3aa38bc6e0b77561f26311fd11c15ddb47e
Signed-off-by: Yulong Pei <yulong.pei@intel.com>
|
|
serialize_get() -> serialize_write_not_inline(...) was losing track of
the current buffer index when it managed to empty the overflow vector
but had to turn around and use it again.
Test-case added to test_serialize.c.
This issue dates from 2010.
Type: fix
Signed-off-by: Dave Barach <dave@barachs.net>
Change-Id: I024a03f7a50fd6df543ddbc7c45d85def4f1981d
|
|
Musl is stricter than glibc and has a warning that including fctnl.h and
poll.h should be prefered rather than their sys/ counterparts, which
breaks -Wall setups.
Type: fix
Signed-off-by: Guillaume Solignac <gsoligna@cisco.com>
Change-Id: Id101e999371951b0927cc8c4109f8f1536de1bc2
|
|
Type: improvement
Signed-off-by: Josh Dorsey <jdorsey@netgate.com>
Change-Id: Iee43ca9278922fc7396764b88cff1a87bcb28349
|
|
Type: improvement
Change-Id: I30e66370c927afeb62ba3a2b3334bdc2a31d4561
Signed-off-by: Benoît Ganne <bganne@cisco.com>
|
|
Type: improvement
Change-Id: Ifea4badd58f7e2b5e792d7506f6747851a08587f
Signed-off-by: Benoît Ganne <bganne@cisco.com>
|
|
Creation of LCP will return garbled host_sw_if_index of the newly
created TAP interface.
Example PAPI code:
```
lcp_add = vpp.api.lcp_itf_pair_add_del_v2(is_add=True, sw_if_index=17,
host_if_type=VppEnum.vl_api_lcp_itf_host_type_t.LCP_API_ITF_HOST_TAP,
host_if_name="loop0", netns="dataplane")
print(lcp_add)
lcp_ret = vpp.api.lcp_itf_pair_get()
print(lcp_ret)
```
Before, the returned host_sw_if_index has the wrong endianness:
VPP version is 23.02-rc0~212-gf06a518f8
lcp_itf_pair_add_del_v2_reply(_0=103, context=2, retval=0, host_sw_if_index=301989888)
(lcp_itf_pair_get_reply(_0=105, context=3, retval=0, cursor=4294967295),[lcp_itf_pair_details(_0=106, context=3, phy_sw_if_index=17, host_sw_if_index=18, vif_index=594, host_if_name='loop0', host_if_type=<vl_api_lcp_itf_host_type_t.LCP_API_ITF_HOST_TAP: 0>, netns='dataplane')])
After, it is correctly showing idx 18:
VPP version is 23.02-rc0~212-gf06a518f8
lcp_itf_pair_add_del_v2_reply(_0=103, context=2, retval=0, host_sw_if_index=18)
(lcp_itf_pair_get_reply(_0=105, context=3, retval=0, cursor=4294967295), [lcp_itf_pair_details(_0=106, context=3, phy_sw_if_index=17, host_sw_if_index=18, vif_index=595, host_if_name='loop0', host_if_type=<vl_api_lcp_itf_host_type_t.LCP_API_ITF_HOST_TAP: 0>, netns='dataplane')])
Type: fix
Signed-off-by: pim@ipng.nl
Change-Id: I9085bac0c4a9ad64356c67f9b85f4910131e349e
|
|
This patch removes a
.runs_after = VNET_FEATURES ("ip6-lookup"),
On the 'pt' node, as 'ip6-lookup' does not belong to the 'ip6-output' arc.
Type: fix
Change-Id: Ie34aaf7351593f08c61e3b02aaf9f72a4de1a437
Signed-off-by: Nathan Skrzypczak <nathan.skrzypczak@gmail.com>
|
|
Type: fix
Change-Id: Ifc709b6e7217a893d13aee6d3019e699637366ef
Signed-off-by: Benoît Ganne <bganne@cisco.com>
|
|
Uses VPP's clib_host_to_net functions, and initializes a potentially
uninitialized variable.
Type: fix
Signed-off-by: Guillaume Solignac <gsoligna@cisco.com>
Change-Id: Ie6b035c698f57ff39aeb955b35db8ec40f383b7a
|
|
In most cases we only need OpenSSL libcrypto (crypto primitives) but
not libssl (tls).
Type: improvement
Change-Id: I9dce27d23d65bf46aea2d0f8aaf417240701efcc
Signed-off-by: Benoît Ganne <bganne@cisco.com>
|
|
Type: fix
Signed-off-by: Florin Coras <fcoras@cisco.com>
Change-Id: Ibff9f32e4fcaf0344207d8e43f3547180cbd4eef
|
|
When use update api delete a virtual address, no matter which IP want to delete, always delete the last one.
Type: fix
Signed-off-by: GaoChX <chiso.gao@gmail.com>
Change-Id: Ia67c06dd53a442740794e1884d1a4aaa06965398
|
|
Type: fix
Signed-off-by: Florin Coras <fcoras@cisco.com>
Signed-off-by: Steven Luong <sluong@cisco.com>
Change-Id: Ibebe9e4ab7331c3ae66c9502e910368acaba51ec
|
|
Type: fix
Signed-off-by: Florin Coras <fcoras@cisco.com>
Signed-off-by: Steven Luong <sluong@cisco.com>
Change-Id: I1b5a35b9d53cc56d4d8050de70f40b95e92f1011
|
|
Type: fix
Signed-off-by: Florin Coras <fcoras@cisco.com>
Change-Id: I1a3393b579caeb5dc25b60bc1b4a71706fb07051
|
|
unformat_ip46_address() requires the address type as 2nd parameter.
Type: fix
Change-Id: Iaa1aebaebd1a947dab6c936c3b931854c0a3facc
Signed-off-by: Benoît Ganne <bganne@cisco.com>
|
|
Type: improvement
Allow vapi to signal to an application's RX thread that it should wake
up and exit.
Before disconnecting from VPP's API, libvlibmemoryclient inserts an
rx_thread_exit message into the client's own input queue to cause its
RX thread to wake up from its blocking dequeue and exit cleanly. Add a
function to vapi's API which will allow libvapi client applications
which have an RX thread waiting for incoming messages using vapi_wait()
to do the same thing.
The existing libvlibmemoryclient code which does this was moved to a
separate function and made available for vapi_stop_rx_thread() to call.
Also fixed some inconsistencies in indentation of function prototypes in
vapi.h to make checkstyle.sh happy.
Signed-off-by: Matthew Smith <mgsmith@netgate.com>
Change-Id: I7bbb73470807123cc63ef313cfb91d1fd31b34e5
|
|
Type: fix
Signed-off-by: Dave Barach <dave@barachs.net>
Change-Id: Idbdfdf2d3fdbb64366f50d5a7458c4073a4f2746
|
|
We were creating an additional worker not backed by any VPP threads,
leading off-by-1 access in the session main workers vector.
Also uses vec_elt_at_index() when accessing session main workers vector
elements to catch those errors more easily.
Type: fix
Change-Id: I6059116b7b64ae6b26ad83c1fcf55df8522868ad
Signed-off-by: Benoît Ganne <bganne@cisco.com>
|
|
Type: fix
Signed-off-by: Arthur de Kerhor <arthurdekerhor@gmail.com>
Change-Id: I208724a515c9a38c4032f101bdf73aa87b1c13be
|
|
Previously it was linked and worker properly. While rdma build
was simplified, link was lost so all encrypted data won't pass
via Mellanox interfaces(ipsec, ipip, ssh etc) and NetVSC taps
won't created the right way.
Errors:
mlx5_common: Verbs device not found: 21a5:00:02.0
mlx5_common: Failed to initialize device context.
EAL: Requested device 21a5:00:02.0 cannot be used
Tested on Azure. Same errors appears on physical machine with
Mellanox connect adapter
Type: fix
Signed-off-by: Vladimir Ratnikov <vratnikov@netgate.com>
Change-Id: Ib68976282e0ed91c016a7318db6b5eddf5510c47
|
|
Type: improvement
Signed-off-by: Mohsin Kazmi <sykazmi@cisco.com>
Change-Id: I3ec857adb3a9e8a778072a202a4d23f4101e83b2
|
|
- load openssl legacy providers during quic init
when building with openssl 3.0 or greater
- re-enable quic 'make test' testcases on
ubuntu-22.04
Type: fix
Change-Id: Icfd429b6bc1bddf9f9937baa44cc47cd535ac5f2
Signed-off-by: Dave Wallace <dwallacelf@gmail.com>
|
|
Type: fix
Signed-off-by: Florin Coras <fcoras@cisco.com>
Change-Id: I659b9914fcfa4619a68e9807ef241f88c96b3bd0
|
|
While before the my_client_index variable was stored as global variable
in api_main_t, after commit 2ca88ff97884ec9ed20a853b13cee6d86f9c9d0f
the my_client_index becomes part of vapi_ctx_t.
Each API client (internal/external) connected to VPP stores its
client index in vapi_ctx_t.
The issue is in the client disconnection. The vapi_disconnect is
untouched in patch 2ca88ff97884ec9ed20a853b13cee6d86f9c9d0f,
so it keeps the behavior of using the my_client_index stored
in api_main_t.
Ticket: VPP-2069
Type: fix
Fixes: 2ca88ff97884ec9ed20a853b13cee6d86f9c9d0f
Signed-off-by: Mauro Sardara <msardara@cisco.com>
Change-Id: Idf8c1d1056cbd631cc3057cf7acc486216fa8303
|
|
Type: fix
Signed-off-by: Huawei LI <lihuawei_zzu@163.com>
Change-Id: I2a96ab0dafe4db796704341c325c43a6960be312
|
|
fix memory leak and refactor nat44-ed db init/free through.
how to reproduce memory leak: input "set nat44 session limit
50000 vrf 1" repeatedly.
Program received signal SIGABRT, Aborted.
0x00007ff4b3cc5337 in raise () from /lib64/libc.so.6
(gdb) bt
0 0x00007ff4b3cc5337 in raise () from /lib64/libc.so.6
1 0x00007ff4b3cc6a28 in abort () from /lib64/libc.so.6
2 0x00000000004079db in os_panic () at /usr/src/debug/vpp-23.02/src/vpp/vnet/main.c:417
3 0x00007ff4b43e784f in os_out_of_memory ()
at /usr/src/debug/vpp-23.02/src/vppinfra/unix-misc.c:221
4 0x00007ff4b43a71aa in clib_mem_heap_alloc_inline (heap=0x0, size=27263040, align=64,
os_out_of_memory_on_failure=1) at /usr/src/debug/vpp-23.02/src/vppinfra/mem_dlmalloc.c:613
5 0x00007ff4b43a7256 in clib_mem_alloc_aligned (size=27263040, align=64)
at /usr/src/debug/vpp-23.02/src/vppinfra/mem_dlmalloc.c:635
6 0x00007ff4b522fafa in alloc_aligned_16_8 (h=0x7ff46a7815b8 <snat_main+408>, nbytes=27262976)
at /usr/src/debug/vpp-23.02/src/vppinfra/bihash_template.c:59
7 0x00007ff4b522fd12 in clib_bihash_instantiate_16_8 (h=0x7ff46a7815b8 <snat_main+408>)
at /usr/src/debug/vpp-23.02/src/vppinfra/bihash_template.c:163
8 0x00007ff4b5230037 in clib_bihash_init2_16_8 (a=0x7ff465f36870)
at /usr/src/debug/vpp-23.02/src/vppinfra/bihash_template.c:245
9 0x00007ff4b52300ac in clib_bihash_init_16_8 (h=0x7ff46a7815b8 <snat_main+408>,
name=0x7ff46a754871 "ed-flow-hash", nbuckets=262144, memory_size=0)
at /usr/src/debug/vpp-23.02/src/vppinfra/bihash_template.c:260
10 0x00007ff46a7013e8 in reinit_ed_flow_hash ()
at /usr/src/debug/vpp-23.02/src/plugins/nat/nat44-ed/nat44_ed.c:3264
11 0x00007ff46a7014fd in nat44_ed_sessions_clear ()
at /usr/src/debug/vpp-23.02/src/plugins/nat/nat44-ed/nat44_ed.c:3299
12 0x00007ff46a701044 in nat44_update_session_limit (session_limit=70000, vrf_id=1)
at /usr/src/debug/vpp-23.02/src/plugins/nat/nat44-ed/nat44_ed.c:3225
13 0x00007ff46a73d3d1 in nat44_set_session_limit_command_fn (vm=0x7ff473c8f740,
input=0x7ff465f36ef0, cmd=0x7ff474c5ce48)
at /usr/src/debug/vpp-23.02/src/plugins/nat/nat44-ed/nat44_ed_cli.c:1638
14 0x00007ff4b5d56527 in vlib_cli_dispatch_sub_commands (vm=0x7ff473c8f740,
cm=0x4273f0 <vlib_global_main+48>, input=0x7ff465f36ef0, parent_command_index=97)
at /usr/src/debug/vpp-23.02/src/vlib/cli.c:650
15 0x00007ff4b5d562c3 in vlib_cli_dispatch_sub_commands (vm=0x7ff473c8f740,
cm=0x4273f0 <vlib_global_main+48>, input=0x7ff465f36ef0, parent_command_index=98)
at /usr/src/debug/vpp-23.02/src/vlib/cli.c:607
16 0x00007ff4b5d562c3 in vlib_cli_dispatch_sub_commands (vm=0x7ff473c8f740,
cm=0x4273f0 <vlib_global_main+48>, input=0x7ff465f36ef0, parent_command_index=21)
at /usr/src/debug/vpp-23.02/src/vlib/cli.c:607
17 0x00007ff4b5d562c3 in vlib_cli_dispatch_sub_commands (vm=0x7ff473c8f740,
cm=0x4273f0 <vlib_global_main+48>, input=0x7ff465f36ef0, parent_command_index=0)
at /usr/src/debug/vpp-23.02/src/vlib/cli.c:607
18 0x00007ff4b5d569cb in vlib_cli_input (vm=0x7ff473c8f740, input=0x7ff465f36ef0,
function=0x7ff4b5dc2406 <unix_vlib_cli_output>, function_arg=0)
---Type <return> to continue, or q <return> to quit---
at /usr/src/debug/vpp-23.02/src/vlib/cli.c:753
19 0x00007ff4b5dc7b0c in unix_cli_process_input (cm=0x7ff4b5e4ae00 <unix_cli_main>,
cli_file_index=0) at /usr/src/debug/vpp-23.02/src/vlib/unix/cli.c:2616
20 0x00007ff4b5dc825a in unix_cli_process (vm=0x7ff473c8f740, rt=0x7ff4797a5280, f=0x0)
at /usr/src/debug/vpp-23.02/src/vlib/unix/cli.c:2745
21 0x00007ff4b5d80a25 in vlib_process_bootstrap (_a=140687718901968)
at /usr/src/debug/vpp-23.02/src/vlib/main.c:1221
22 0x00007ff4b439e298 in clib_calljmp () at /usr/src/debug/vpp-23.02/src/vppinfra/longjmp.S:123
23 0x00007ff4698268a0 in ?? ()
24 0x00007ff4b5d80b4e in vlib_process_startup (vm=0x7ff4b43a77a3 <clib_mem_size+24>,
p=0x7ff4698268d0, f=0x7ff474b1e580) at /usr/src/debug/vpp-23.02/src/vlib/main.c:1246
25 0x00007ff4b5dbdbe6 in vec_max_bytes (v=0x8)
at /usr/src/debug/vpp-23.02/src/vppinfra/vec_bootstrap.h:161
26 0x00007ff474b1e598 in ?? ()
27 0x0000000000000004 in ?? ()
28 0x00000000000000ff in ?? ()
29 0x00007ff469826980 in ?? ()
30 0x00007ff4b5dbddcb in _vec_set_len (
v=<error reading variable: Cannot access memory at address 0xfffffffffffffff5>,
len=<error reading variable: Cannot access memory at address 0xffffffffffffffed>,
elt_sz=<error reading variable: Cannot access memory at address 0xffffffffffffffe5>)
at /usr/src/debug/vpp-23.02/src/vppinfra/vec_bootstrap.h:196
Backtrace stopped: previous frame inner to this frame (corrupt stack?)
(gdb)
Type: fix
Signed-off-by: Huawei LI <lihuawei_zzu@163.com>
Change-Id: I52a7d229c95e4ab30f7f2cfe574440aa37bed6a2
|
|
New BFD UDP errors were no longer compatible with BFD errors. This was causing
out-of-bound reads and ASAN test crashes.
Fix this issue by statically checking if these enums are compatible.
Type: fix
Signed-off-by: Dmitry Valter <d-valter@yandex-team.ru>
Change-Id: I92fddd26270f946bc16ade840c94e5496e2cb88a
|
|
Useful to update the tunnel paramaters and udp ports (NAT-T) of an SA
without having to rekey. Could be done by deleting and re-adding the
SA but it would not preserve the anti-replay window if there is one.
Use case: a nat update/reboot between the 2 endpoints of the tunnel.
Type: feature
Change-Id: Icf5c0aac218603e8aa9a008ed6f614e4a6db59a0
Signed-off-by: Arthur de Kerhor <arthurdekerhor@gmail.com>
|
|
format vlib_buffer_t::flags into interface output trace
Type: fix
Signed-off-by: luoyaozu <luoyaozu@foxmail.com>
Change-Id: Icb48a6d3a7ebdff7a3d42efe62723b0f0f1ea507
|