aboutsummaryrefslogtreecommitdiffstats
path: root/src
AgeCommit message (Collapse)AuthorFilesLines
2023-02-03ipsec: fix AES CBC IV generation (CVE-2022-46397)Benoît Ganne3-29/+65
For AES-CBC, the IV must be unpredictable (see NIST SP800-38a Appendix C). Chaining IVs like is done by ipsecmb and native backends for the VNET_CRYPTO_OP_FLAG_INIT_IV is fully predictable. Encrypt a counter as part of the message, making the (predictable) counter-generated IV unpredictable. Fixes: VPP-2037 Type: fix Change-Id: If4f192d62bf97dda553e7573331c75efa11822ae Signed-off-by: Benoît Ganne <bganne@cisco.com>
2022-08-14wireguard: increment interface RX countersMatthew Smith1-0/+15
Type: improvement When packets were received and processed successfully, increment the byte/packet counters for the tunnel interface. Change-Id: I42855607ac6916de641be42aac86c9942cc97140 Signed-off-by: Matthew Smith <mgsmith@netgate.com> (cherry picked from commit 42928beec9f4dc87dcf61332a39801a454c1d7bc)
2022-08-14ipfix-export: Fix frame leak in flow_report_process_send()Jon Loeliger1-1/+9
The flow_report_process_send() function always allocates a frame. However, when no template_send is needed, template_bi is ~0. When this happens, no vectors are placed in the frame. When the frame is then "put", a check for n_vectors == 0 prevents the frame from actually being placed back on the free list. Fix that by using a direct call to vlib_frame_free() when there are no frame vctors. Type: fix Signed-off-by: Jon Loeliger <jdl@netgate.com> Change-Id: I936b5cea4cb3c358247c3d2e1a77d034a322ea76 (cherry picked from commit eaa83c0439c13b76525224267c23d0cf52a6668b)
2022-07-19nat: disable nat44-ei-in2out-output ttl checkAlexander Skorichenko1-3/+3
Type: fix A packet passing through nat44-ei-in2out-output, has its ttl value validated in earlier nodes. "ip4-input" node checks ttl for locally generated packets. "ip4-rewrite" node validates ttl in forwarded packets. Thus for example, the ED counterpart disables ttl checks in its "nat44-ed-in2out-output" node. This patch updates nat44 EI conditions for ttl checks to those currently used in nat44 ED case, meaning no extra ttl validation for in2out when output-feature is enabled. Signed-off-by: Alexander Skorichenko <askorichenko@netgate.com> Change-Id: Idd15d7c9a746b60c0a6dac5537d00ef10c257fdc (cherry picked from commit d1ca70c7e11dac7b9fff802ca5f1d9051c984c34)
2022-06-29vcl: check if listener valid on disconnect cleanupFlorin Coras1-1/+2
Type: fix Signed-off-by: Florin Coras <fcoras@cisco.com> Change-Id: Ie057d0d5a51d3226a1a188cf9d48a5d82dc4a3c7
2022-06-29quic:fix crash rx_fifo full or growfanxb1-0/+16
if when the rx_fifo grows, svm_fifo_enqueue() return -4, stream_data->app_rx_data_len += rlen type conversion occurs, Finally,stream->recvstate.data_off calculation is wrong. Type:fix Signed-off-by: fanxb <fxb_mail@163.com> Change-Id: Iae11f0c453f32d836f4148d70e3b121545a53a90 (cherry picked from commit 5b4b4c05ff06b866b90b0df9b2be2ed28e606f16)
2022-06-29session: fix connected udp acceptsFlorin Coras1-0/+1
Type: fix Signed-off-by: Florin Coras <fcoras@cisco.com> Change-Id: I0963bae4b56b08c0a9ab4ee1f2738013217e1fb7 (cherry picked from commit fc20c8e50f2784ad62b97bdb0094605d2b86f596)
2022-06-28session quic: allow custom config of rx mqs seg sizeFlorin Coras1-2/+5
Type: fix Signed-off-by: Florin Coras <fcoras@cisco.com> Signed-off-by: Dave Wallace <dwallacelf@gmail.com> Change-Id: Idc0fdebfea29c241d8a36128241ccec03eace5fd (cherry picked from commit cf5c774b594d4b403e817886c8d41efd927f06b4)
2022-06-10hsa: allow first segments larger than 4g for proxyv22.06-rc2Florin Coras2-14/+5
Type: improvement Signed-off-by: Florin Coras <fcoras@cisco.com> Change-Id: I9c502a491ff56806a2e631f7a4c18903a2e93ab2 (cherry picked from commit c2ab1bdbc73f2743979f8779c027adc04d79bf22)
2022-06-09hsa: dealloc proxy fifos on right threadFlorin Coras2-1/+46
Type: fix Signed-off-by: Florin Coras <fcoras@cisco.com> Change-Id: Ia66c12e1da126d0d8d101b645e6dc8454c3826d6 (cherry picked from commit db8dd260d5d8ac798a9524f29e746b9094eb73bf)
2022-06-08hsa: refactor proxy session lookup and cleanupFlorin Coras2-103/+52
Type: improvement Signed-off-by: Florin Coras <fcoras@cisco.com> Change-Id: Ic68627bbca676cc78b0be05bc1fa0f386f5d27fa (cherry picked from commit 7b8d26c136081563c89e50df3d16a37f2ad3e489)
2022-06-03session: fix double free in CLIFilip Tehlar1-7/+2
Type: fix Signed-off-by: Filip Tehlar <ftehlar@cisco.com> Change-Id: I646ac946d0b07929dfdd1966a4f4a3b697768040 (cherry picked from commit af21b2e6994893e97ad0fef52ca154c69a4a09cb)
2022-05-25docs: update spelling word list and fix typosDave Wallace1-5/+5
- update wordlist and fix typos so that 'make docs-spell' passes - sort spelling_wordlist.txt - update docs maintainers list Type: docs Signed-off-by: Dave Wallace <dwallacelf@gmail.com> Change-Id: I38ac7850c604c323427d2bb6877ea98bd10bcc38 (cherry picked from commit dac97e2c627ca3a911dac7fd8eb268bde23f853f)
2022-05-24devices: add af-packet v3 apiMohsin Kazmi2-0/+114
Type: improvement Signed-off-by: Mohsin Kazmi <sykazmi@cisco.com> Change-Id: I4679acbe4fd4400d57c0a79b0a6c74c8f1639703
2022-05-24flow: support generic flow and RSS action in vapiTing Xu4-3/+232
Add generic flow type and rss action type to vapi. It is to support creating generic flow rule via vapi. Type: feature Signed-off-by: Ting Xu <ting.xu@intel.com> Change-Id: Ifeaa007679487e02bd2903dc591d80a1caba33bc
2022-05-24vppinfra: fix memory traceLeung Lai Yung1-0/+5
Type: fix reset the memory trace if mem trace is turned on Signed-off-by: Leung Lai Yung <benkerbuild@gmail.com> Change-Id: Ib99355b9ed42ff66c720bbea5cbbf03c65820d12
2022-05-24vlib: implement aux data handoffMohammed Hawari7-19/+128
Type: improvement Change-Id: I20b41537a249a55f01004e45392b34adaa8fd792 Signed-off-by: Mohammed Hawari <mohammed@hawari.fr>
2022-05-24api: start enum values from 0Filip Varga1-1/+1
C enum values by default start from 0. All unassigned names should get value as value of previous name plus one. The problem was that default value was 0 and adding one for the first value would make generated api files start from 1 instead of 0. Type: fix Change-Id: I772d6411435648de3ec514f57025ef1acae87338 Signed-off-by: Filip Varga <fivarga@cisco.com>
2022-05-23dpdk: fix update link stateAlexander Skorichenko1-18/+13
Type: fix Correct vnet_hw_interface_t flags update on link state changes. Currently incomplete set of flags is applied on each change, only flags related to the most recent change are being set correct. E.g. setting the link up would erase the duplex part of the flags. Signed-off-by: Alexander Skorichenko <askorichenko@netgate.com> Change-Id: I5b95e1c0eaea0c283b108dbf7f809682ec9064eb
2022-05-23linux-cp: fix display of link_speedAnton Nikolaev1-1/+2
Type: fix Don't set link speed for tap interface when link speed is unknown Signed-off-by: Anton Nikolaev <anikolaev@netgate.com> Change-Id: Ia97277b3bf7c958fa665e4ead8d0e48f02921e69
2022-05-23ip: reassembly - fixing stepping index in a better wayVijayabhaskar Katamreddy2-18/+13
Type: fix pool_is_free_index() check is performed only for the first element Signed-off-by: Vijayabhaskar Katamreddy <vkatamre@cisco.com> Change-Id: Icadc715a9b54761ec69805a134a69a262137536d
2022-05-23ip: reassembly - adding custom reassembly nodeVijayabhaskar Katamreddy1-13/+75
Type: fix Custom node functionality is missing in v6, so bringing in similar to v4 functionality into ip6 as well Signed-off-by: Vijayabhaskar Katamreddy <vkatamre@cisco.com> Change-Id: I28b0be2fc55a00bfc0b456b1caaa1dcf5641a44e
2022-05-20virtio: use the internal hdr offsets of buffer metadata for offloadsMohsin Kazmi2-39/+23
Type: improvement Signed-off-by: Mohsin Kazmi <sykazmi@cisco.com> Change-Id: Ie63c360f2e42e9e5799f5c536453823ea95ed3b8
2022-05-19api: refactor api data storageDamjan Marion25-293/+258
single struct to hold all api handler, flags, etc. Provide functions to toggle flags instead of writing directly to internal data. Type: refactor Change-Id: I4730d7290e57489de8eda34a72211527e015b721 Signed-off-by: Damjan Marion <damarion@cisco.com>
2022-05-19ikev2: fix tunnel directionStanislav Zaikin1-4/+4
Type: fix Change-Id: I480b1fcace1c27a5cb2d2956cec80b379105b55d Signed-off-by: Stanislav Zaikin <zstaseg@gmail.com>
2022-05-19 ip: reassembly - pacing reassembly timeoutsVijayabhaskar Katamreddy2-9/+45
Type: fix Pace the main thread activity for reassembly timeouts, to avoid barrier syncs Signed-off-by: Vijayabhaskar Katamreddy <vkatamre@cisco.com> Change-Id: If8c62a05c7d28bfa6ac530c2cd5124834b4e8a70
2022-05-19stats: fix collector updates of symlinksArthur de Kerhor1-3/+9
A node name is not bound to a node index. For example, if an interface is deleted and re-added, the indexes of its nodes "<itfc_name>-tx" and "<itfc_name>-output" may change. Thus, when the collector updates the nodes stats, it should first delete all the symlinks for nodes that have changed their names before adding new symlinks. Otherwise, it could attempt to add already existing symlinks or delete valid ones. Example of a series of command that triggers a crash in the assert `ASSERT (node_data[i].symlinks[j] != CLIB_U32_MAX);`: ``` create loopback interface create loopback interface ``` Wait for the nodes stats to update, then: ``` delete loopback interface intfc loop0 delete loopback interface intfc loop1 create loopback interface create loopback interface ``` Type: fix Change-Id: Ief8e7135e5c02dc6bc64dc94b76cff21ea9ab3a9 Signed-off-by: Arthur de Kerhor <arthurdekerhor@gmail.com>
2022-05-19ip: reassembly - increasing the nbuckets for reassVijayabhaskar Katamreddy2-47/+84
Type: fix Adding stats from debugging point of view Signed-off-by: Vijayabhaskar Katamreddy <vkatamre@cisco.com> Change-Id: I3118d3fd5d630fad80a42ab960e30459789123cf
2022-05-18vppinfra: fix non-vector build on x86_64Damjan Marion1-1/+3
Type: fix Fixes: 56f54af Change-Id: Id03185953eb16da3a3276d2f21d64499784bbf17 Signed-off-by: Damjan Marion <damarion@cisco.com>
2022-05-18ip: reassembly - increasing the nbuckets for reassVijayabhaskar Katamreddy2-2/+6
Type: fix as number of reass contexts increasing based on workers, increasing the number of nbuckets for bihash Signed-off-by: Vijayabhaskar Katamreddy <vkatamre@cisco.com> Change-Id: I83d061a709ecb8845ce745b18d03fdefc795787f
2022-05-17interface: fix overflow of link speed.Anton Nikolaev4-8/+13
Type: fix There were several places where mbps were converted to kbps for link_speed, but often drivers of devices set link speed to unknown (0xFFFFFFFF) on initialization, so there was multiplication of link_speed equal 0xFFFFFFFF(UINT32_MAX) by 1000, this provides overflow of unsigned int, and as result link_speed was equal 4295 Gbps, but actually link_speed is unknown. Signed-off-by: Anton Nikolaev <anikolaev@netgate.com> Change-Id: Ib462ed6ed685654af4687041e115bfb74e640f13
2022-05-16acl: memory leak in acl_fa_session_cleaner_processSteven Luong1-0/+1
The statement pw0->pending_clear_sw_if_index_bitmap = clib_bitmap_dup (pw0->serviced_sw_if_index_bitmap); will cause pw0->pending_clear_sw_if_index_bitmap's previous vector to be gone. Need to free it prior to calling clib_bitmap_dup() Type: fix Signed-off-by: Steven Luong <sluong@cisco.com> Change-Id: I20de780e73daea7be17efa0bf660af2592cd4680
2022-05-16flowprobe: add api messages to obtain current stateAlexander Chernavin3-6/+383
Type: improvement With this change: - add dump/details messages to obtain interfaces for which IPFIX flow record generation is enabled; - add get message to obtain parameters; - add a new message to set parameters with validation present and to correspond with get/set naming; - add tests for get/set parameters and dump/details interfaces. Change-Id: I09f6ec990171ac8bcb9d2f5c92629803b8ab6c28 Signed-off-by: Alexander Chernavin <achernavin@netgate.com>
2022-05-16ip: format table ids with %uNathan Skrzypczak1-2/+2
Type: fix Change-Id: I69f7e23b23e8cfcfe57ba019862470e0eb4b06db Signed-off-by: Nathan Skrzypczak <nathan.skrzypczak@gmail.com>
2022-05-16vlib: exec cli line-by-line processing and script updatesDamjan Marion56-1153/+1145
Type: improvement Change-Id: I82e7c0acc547794bcc7c42f4b8881a8251bf7a9b Signed-off-by: Damjan Marion <damarion@cisco.com>
2022-05-14session: revert "fix session cli maybe parse wrong args if executed in files"Damjan Marion3-79/+27
Fixed at infra level. Type: improvement Change-Id: I43cf16870c1d2e12189073f7786d62375c46e2c2 Signed-off-by: Damjan Marion <damarion@cisco.com>
2022-05-13vlib: process startup config exec scripts line by lineDamjan Marion4-2/+73
This fixes long standing annoyance that CLIs with optional args cannot be executed from file, as they cannot distinguish between valid optional args and next line in the file. Multiline statements can be provided simply by using backslash before \n. Also comments are supported - everything after # is ignored up to the end of the line. Example: # multiline cli using backslash show version \ verbose # end of line comment packet-generator new { \ name x \ limit 5 \ # comment inside cmultiline cli \ size 128-128 \ interface local0 \ node null-node \ data { \ incrementing 30 \ } \ } Type: fix Change-Id: Ia6d588169bae14e6e3f18effe94820d05ace1dbf Signed-off-by: Damjan Marion <damarion@cisco.com>
2022-05-13dpdk: fix overflow in mtu arithmeticMohammed Hawari2-2/+2
When the driver's max_rx_pktlen is >= 65536, max_supported_frame_size overflows and queue creation fails. Change-Id: If78707cb698adf8619ec44a852dd05d570917577 Signed-off-by: Mohammed Hawari <mohammed@hawari.fr> Type: fix
2022-05-13ip: reassembly - Fixing buffer leaks, corruptionVijayabhaskar Katamreddy1-50/+126
Type: fix *Buffer leaks and corruptions during internal errors, either overriding or missing to add the buffer to the list Signed-off-by: Vijayabhaskar Katamreddy <vkatamre@cisco.com> Change-Id: I6c2406cff53a741e800e2d05593696f3e9fd6ff5
2022-05-13flowprobe: add support for reporting on inbound packetsAlexander Chernavin7-91/+441
Type: feature Currently, the plugin supports only IPFIX flow record generation for outbound packets. With this change: - add a new API message for enabling the feature on an interface that accepts direction (rx, tx, both); - update existing debug command for feature enabling to accept direction; - update existing debug command for showing currently enabled feature on interfaces to display direction; - update templates to include a direction field; - generate flow records on the specified direction and data path; - report direction in flow data; - update tests to use the new API; - add tests for inbound flows. Change-Id: I121fd904b38408641036ebeea848df7a4e5e0b30 Signed-off-by: Alexander Chernavin <achernavin@netgate.com>
2022-05-12pnat: add support to wildcard IP Protocol field if not specifiedFahad Naeem4-4/+39
- add pnat_binding_add_v2 which explicitly requires match mask to set to PNAT_PROTO if we want to match on IP Protocol - fix pnat_binding_add backward compatibility i.e. no need to set match mast to PNAT_PROTO Type: improvement Signed-off-by: Fahad Naeem <fahadnaeemkhan@gmail.com> Change-Id: I5a23244be55b7d4c10552c555881527a4b2f325f
2022-05-11api: revert the changes to atexit for shared memory clientAndrew Yourtchenko1-1/+1
2ca88ff97884ec9ed20a853b13cee6d86f9c9d0f introduced the change into the shared memory atexit, which breaks IPSec tests in some environments. Type: fix Fixes: 2ca88ff97884ec9ed20a853b13cee6d86f9c9d0f Change-Id: Ia132cb045e8d66f55e41d29cffdca3458d61096d Signed-off-by: Andrew Yourtchenko <ayourtch@gmail.com>
2022-05-11dpdk: clear the RTE_MEMPOOL_F_NON_IOMohammed Hawari1-0/+3
This mempool flag should be cleared when the mempool is populated, to reproduce the behaviour of rte_mempool_populate_iova in DPDK 22.03 Change-Id: I4c0e07efca9df2e472e8e393689127c01cf66da2 Signed-off-by: Mohammed Hawari <mohammed@hawari.fr> Type: fix Fixes: 2f132efc3cafde5a0dd01ef8a91606528970cdf7
2022-05-10tests: replace pycodestyle with blackKlement Sekera43-3989/+4955
Drop pycodestyle for code style checking in favor of black. Black is much faster, stable PEP8 compliant code style checker offering also automatic formatting. It aims to be very stable and produce smallest diffs. It's used by many small and big projects. Running checkstyle with black takes a few seconds with a terse output. Thus, test-checkstyle-diff is no longer necessary. Expand scope of checkstyle to all python files in the repo, replacing test-checkstyle with checkstyle-python. Also, fixstyle-python is now available for automatic style formatting. Note: python virtualenv has been consolidated in test/Makefile, test/requirements*.txt which will eventually be moved to a central location. This is required to simply the automated generation of docker executor images in the CI. Type: improvement Change-Id: I022a326603485f58585e879ac0f697fceefbc9c8 Signed-off-by: Klement Sekera <klement.sekera@gmail.com> Signed-off-by: Dave Wallace <dwallacelf@gmail.com>
2022-05-10nat: improve icmp type detection performanceKlement Sekera1-12/+10
Replace code with branchless code. Type: improvement Signed-off-by: Klement Sekera <ksekera@cisco.com> Change-Id: Ic38a20ad33483c1c26f90a927f8b963b0ead4a87
2022-05-10ip: reassembly: add documentationKlement Sekera1-0/+221
Type: docs Signed-off-by: Klement Sekera <ksekera@cisco.com> Change-Id: I23008cde47d8b7a531346eab02902e2ced18742a
2022-05-10ip: fix buffer leaks in reassemblyKlement Sekera2-29/+32
Type: fix Signed-off-by: Klement Sekera <ksekera@cisco.com> Change-Id: I952ba7e042779855e29628d048da7edec1caaafd
2022-05-09vhost: memory leak upon deleting vhost-user interfaceSteven Luong1-3/+1
We allocate vring_spinlock for all vrings in the vui, not just the ones being used. So when we free the vui, we have to free vring_spinlock for all vrings, not just the one being used. Type: fix Signed-off-by: Steven Luong <sluong@cisco.com> Change-Id: I3951fda71ce6e11474b04302116ea9e08b404758
2022-05-08devices: fix crash on invalid interfaceGabriel Ganne1-2/+5
Type: fix A simple "create host-interface name xxx" is enough to trigger the bug: The interface is not found, and we goto error with apif=NULL Signed-off-by: Gabriel Ganne <gabriel.ganne@gmail.com> Change-Id: I2f894176d39b3d15efab054dc7340e7a0600a2e8
2022-05-06session: fix session cli maybe parse wrong args if executed in filesXiaoming Jiang3-29/+69
Type: fix Signed-off-by: Xiaoming Jiang <jiangxiaoming@outlook.com> Change-Id: Id19a52df4f237cf5d85d305fdc279ab7df2d6f4b