Age | Commit message (Collapse) | Author | Files | Lines |
|
Can to define src ip of outer IPv6 Hdr for each encap policy.
Along with that, I decided to develop it as API version V2.
This is useful in the SRv6 MUP case.
For example, it will be possible to handle multiple UPF destinations.
Type: feature
Change-Id: I44ff7b54e8868619069621ab53e194e2c7a17435
Signed-off-by: Takeru Hayasaka <hayatake396@gmail.com>
|
|
Allow apps/vcl to provide updated local ips for dgrams. In particular,
allow sessions bound to 0/0 to send data with valid local ips.
Type: improvement
Signed-off-by: Florin Coras <fcoras@cisco.com>
Change-Id: I50a086b1c252731a32a15b6a181ad3dba0c687e0
|
|
In current flow creating process in native avf and dpdk-plugins, when
parsing the input arguments, it does not copy IPv6 src address correctly,
so that IPv6 src address will not be configured in any flow rule, and
any packet with the same address will not be matched.
Type: fix
Signed-off-by: Ting Xu <ting.xu@intel.com>
Change-Id: Ic957c57e3e1488b74e6281f4ed1df7fd491af35c
|
|
When parsing flow action type in avf, there is an incorrect flag for
flow director, which makes flow director rule created unexpectedly.
Type: fix
Signed-off-by: Ting Xu <ting.xu@intel.com>
Change-Id: Id9fed5db8ccacd5cc6c2f4833183364d763188c1
|
|
Fix some configurations of avf checksum offload to get the correct
udp and tcp checksum. Change Tx checksum offload capability since
avf supports ipv4, tcp and udp offload all. Remove the operation to
swap bit of checksum.
Type: fix
Signed-off-by: Ting Xu <ting.xu@intel.com>
Change-Id: I55a916cc9ee6bef5b2074b5b6bb5f517fc2c178d
|
|
In avf the function fls_u32 is used to calculate the power of 2.
Fix the expression of this function.
Type: fix
Signed-off-by: Ting Xu <ting.xu@intel.com>
Change-Id: I27160de8588a5efb3f24306597a5a240deb3ab74
|
|
Type: improvement
With this change, add support for dumping IPv6 Router Advertisements
details on a per-interface basis (or all). Also, cover that with a test.
Signed-off-by: Alexander Chernavin <achernavin@netgate.com>
Change-Id: I89fa93439d33cc36252377f27187b18b3d30a1d4
|
|
For AES-CBC, the IV must be unpredictable (see NIST SP800-38a Appendix
C). Chaining IVs like is done by ipsecmb and native backends for the
VNET_CRYPTO_OP_FLAG_INIT_IV is fully predictable.
Encrypt a counter as part of the message, making the (predictable)
counter-generated IV unpredictable.
Fixes: VPP-2037
Type: fix
Change-Id: If4f192d62bf97dda553e7573331c75efa11822ae
Signed-off-by: Benoît Ganne <bganne@cisco.com>
|
|
Type: fix
Signed-off-by: Florin Coras <fcoras@cisco.com>
Change-Id: I3bc2c7986f492b7b7dfbc84e4893202354223790
|
|
Type: improvement
Signed-off-by: Florin Coras <fcoras@cisco.com>
Change-Id: I7322abc3d3b0aa81399667bf02b03786fc62c958
|
|
Control use of apis that rely on _GNU_SOURCE being defined with compile
time macro.
Also fixes sendmmsg and recvmmsg which were not probably wrapped.
Type: improvement
Signed-off-by: Florin Coras <fcoras@cisco.com>
Change-Id: I207de23210d4b9dc960bb4289159502760c5614d
|
|
Type: improvement
Change-Id: Ida2d044bccf0bc8914b4fe7d383f827400fa6a52
Signed-off-by: Damjan Marion <dmarion@me.com>
|
|
Type: fix
Change-Id: I7bd2696541c8b3824837e187de096fdde19b2c44
Signed-off-by: Benoît Ganne <bganne@cisco.com>
|
|
Type: fix
Signed-off-by: Florin Coras <fcoras@cisco.com>
Change-Id: If5300653edd2dad470985f4591959d00cad2a43b
|
|
Nat session is allocated before the port allocation. During port allocation
candidate address+port are set to o2i 6-tuple and tested against the flow hash.
If insertion fails, the port is busy and rejected. When all N attempts are
unsuccessful, "out-of-ports" error is recorded and the session is to be
deleted.
During session deletion o2i and i2o tuples are deleted from the flow hash.
In case of "out-of-ports" i2o tuple is not valid, however o2i is and it refers
to **some other** session that's known to be allocated.
By backing match tuple up session should be invalidated well enough not to
collide with any valid one.
Type: fix
Signed-off-by: Dmitry Valter <d-valter@yandex-team.ru>
Change-Id: Id30be6f26ecce7a5a63135fb971bb65ce318af82
|
|
Type: fix
Signed-off-by: Ondrej Fabry <ofabry@cisco.com>
Change-Id: I241cefbbce98cf6fef83f36bd87ae2c1f4b067f0
|
|
When application performs SSL_read from the app rx-fifo, it can
pre-allocate multiple segments, but there is an issue if the OpenSSL
manages to partially fill in the first segment, in this case, since
data is assumed to be copied over by OpenSSL to the pre-allocated
segments(s), vpp uses svm_fifo_enqueue_nocopy API which performs
zero copy by passing the pre-allocated segment to SSL_read.
If the decrypted data size is smaller than the pre-allocated fifo
segment buffer size, application will fetch buffers including zero
in the area not filled in by SSL_read.
Type: fix
Signed-off-by: Ofer Heifetz <oferh@marvell.com>
Change-Id: I941a89b17d567d86e5bd2c35785f1df043c33f38
|
|
lcp_itf_pair_pool could grew during sub-interface creation.
Type: fix
Signed-off-by: Stanislav Zaikin <zstaseg@gmail.com>
Change-Id: Ideafe392f9bb2b418ce9d6faa4f08dfe26f4a273
|
|
If we match a next table, we must save its index in the trace instead of
the index of the 1st table.
Type: fix
Change-Id: Idd862242e7fc200eb3ab29b17a26131b844af2c0
Signed-off-by: Benoît Ganne <bganne@cisco.com>
|
|
Change to get ad->linux_ifindex in af_xdp_create_if() instead of in
af_xdp_load_program(), previous if did not load custom XDP program,
ad->linux_ifindex will be none, but bpf_xdp_detach() need it, so default
xdp program will be not unloaded when delete af_xdp interface.
Type: fix
Signed-off-by: Yulong Pei <yulong.pei@intel.com>
Change-Id: Id8a640204e8d29152f03349a0b58104b275635aa
|
|
Policer API calls were only by policer name. It is now possible to
select a policer by its index.
Some functionalities are also added to allow updating a policer
configuration and to refill its token buckets.
Some dead codes are being removed, and small fixes made.
Type: improvement
Signed-off-by: Maxime Peim <mpeim@cisco.com>
Change-Id: I4cc8fda0fc7c635a4110da3e757356b150f9b606
|
|
adj_delegate_remove() makes 'ad' invalid, invalidate it only after its
use.
Type: fix
Change-Id: I6908d3dd2962ebd3fdf37e946cb19dae727bda09
Signed-off-by: Benoît Ganne <bganne@cisco.com>
|
|
Type: improvement
Change-Id: I12b120d988347cced3df82810e86dc2fd5cfca80
Signed-off-by: Damjan Marion <dmarion@me.com>
|
|
We cannot confidently say that if we have received and processed
the handshake_initiation message, then the connection has been established.
Because we also send a response.
The fact that the connection is established can only be considered if a keepalive packet was received.
Type: fix
Signed-off-by: Artem Glazychev <artem.glazychev@xored.com>
Change-Id: I61731916071990f28cdebcd1d0e4d302fa1dee15
|
|
The vector size must be increased before setting the element so that
AddressSanitizer can keep track of the accessible memory.
Type: fix
Change-Id: I7b13ce98ff29d98e643f399ec1ecb4681d3cec92
Signed-off-by: Benoît Ganne <bganne@cisco.com>
|
|
Type: improvement
Change-Id: Id8ab75ef4384a1029ab7ee84048f347708307830
Signed-off-by: Damjan Marion <dmarion@me.com>
|
|
Playing with vector length prevents AddressSanitizer to track accessible
memory. Make sure we update the size of the vector once we received the
data.
Type: fix
Change-Id: If7808254d46d7ab37d516e3de49e3583d07bb9ff
Signed-off-by: Benoît Ganne <bganne@cisco.com>
|
|
socket_tx_buffer is a vector, update its length accordingly so that
AddressSanitizer can keep track of the allowed memory area.
By doing so we can get rid of socket_tx_nbytes which becomes redundant
with the vector length.
Type: fix
Change-Id: Ied7cb430b5dd40d5ed1390aa15bd5f455a0dba62
Signed-off-by: Benoît Ganne <bganne@cisco.com>
|
|
Type: fix
Change-Id: I793206068b8dca15b2f7f525ae1049139333c5b8
Signed-off-by: Benoît Ganne <bganne@cisco.com>
|
|
Type: fix
Change-Id: I0ae4071ee317f38daa882fec17087a55afe75d1d
Signed-off-by: Benoît Ganne <bganne@cisco.com>
|
|
This patch allows to pass a tag when specifying
the dpdk `dev { }` interface configuration.
It allows a control plane generating a vpp.conf
file to retreive the resulting mapping between
dpdk interfaces & sw_if_indices in VPP without
having to change the interface name exposed
to the user.
Type: feature
Change-Id: I55907417de0083b82d4a127172816cec3459acf3
Signed-off-by: Nathan Skrzypczak <nathan.skrzypczak@gmail.com>
|
|
After creating a peer, we send a handshake request. But it's not quite right
to call wg_send_keepalive() directly.
According to documentation, handshake initiation is sent after (REKEY_TIMEOUT + jitter) ms.
Since it's the first one - we don't need to take REKEY_TIMEOUT into account,
but we still have jitter.
It also makes no sense to immediately send keepalives,
because the connection is not created yet.
Type: fix
Signed-off-by: Artem Glazychev <artem.glazychev@xored.com>
Change-Id: I61707e4be79be65abc3396b5f1dbd48ecbf7ba60
|
|
Allow enabling and disabling pcap capture via the API.
A little bug is fixed along the way in
vl_api_classify_pcap_set_table_t_handler.
Type: improvement
Signed-off-by: Maxime Peim <mpeim@cisco.com>
Change-Id: I096129c82aecdc82bee5dbfb5e19c76a51d80aab
|
|
In libbpf code, xsk_socket__create will call xsk_link_lookup to get the
xdp_sock bpf prog. But xsk_link_lookup can't get any bpf prog. This will
cause Libbpf not to insert the fd into xsks_map and return ERROR.
The solution to this problem is to insert fd into xsks_map ourselves
instead of libbpf.
Type: fix
Change-Id: Ic5d279c6ddc02d67371262d6106a5b53b70e7913
Signed-off-by: Chen Yahui <goodluckwillcomesoon@gmail.com>
|
|
Enable codegen for C type from 'rpc A returns B stream C' notation
Type: improvement
Change-Id: I05cfce71c385d414d7b177a080009628bc8c8fad
Signed-off-by: Stanislav Zaikin <zstaseg@gmail.com>
|
|
Don't truncate with vec_set_len bytes before they can be used. When
built with ASAN, it these bytes are poisoned and trigger SIGSEGV when
read.
Type: fix
Signed-off-by: Dmitry Valter <d-valter@yandex-team.ru>
Change-Id: I912dbbd83822b884f214b3ddcde02e3527848592
|
|
vec_alloc_aligned() pre-allocates the vector memory but does not
update its size, making ASan unhappy when trying to access it.
Type: fix
Change-Id: I80e753cf2458cf516d1180a24cfaca4f382339d5
Signed-off-by: Benoît Ganne <bganne@cisco.com>
|
|
In clib_bitmap_set_region and clib_bitmap_set_multiple the index of
the last bit to set was off by 1. If this index was pointing to the
last bit of the bitmap, another uword would have been allocated,
even though it was unnecessary.
Moreover, in clib_bitmap_set_region, bits in the last word were not
properly set. Indeed, the n_bits_left value is wrong since n_bits
is not decreased by the number of already set bits.
Type: fix
Signed-off-by: Maxime Peim <mpeim@cisco.com>
Change-Id: I8d7ef6f47abb9f1f64f38297da2c59509d74dd72
|
|
per https://jira.fd.io/browse/VPP-2058
Type: improvement
Signed-off-by: Steven Luong <sluong@cisco.com>
Change-Id: Ica0828de218d25ada2d0d1491e373c3b78179ac1
|
|
Type: fix
Signed-off-by: Mohsin Kazmi <sykazmi@cisco.com>
Change-Id: I64283648985c98e81f315da32a451cef6e60f933
|
|
Type: fix
Signed-off-by: Mohsin Kazmi <sykazmi@cisco.com>
Change-Id: Ifb790c25b38b2b1865cda7d95891bddd4195c601
|
|
This patch adds source ip based sticky session, which is already
implemented in many hardware LBs and software LBs. Note that sticky
sessions may be reset if the hash is recalculated as ASs are added
or deleted.
Since this feature is unrelated to the other existing options, the
lb_add_del_vip API version has been upgraded to v2 and a new option
"src_ip_sticky" has been added.
Type: feature
Signed-off-by: Nobuhiro MIKI <nmiki@yahoo-corp.jp>
Change-Id: I3eb3680a28defbc701f28c873933ec2fb54544ab
|
|
In some situations, CMake will find ccache in /usr/bin but /usr/bin
might not present in PATH. The former fix for this was to place the
ccache configuration logic before the project() declaration, but since
CMake 3.4 there is a new variable to be used which handles this case.
For the original problem, see also
https://crascit.com/2016/04/09/using-ccache-with-cmake/
Type: fix
Signed-off-by: Guillaume Solignac <gsoligna@cisco.com>
Change-Id: Ie026e02b2b06e2dca2d62da5fea7b1a104bcc7c3
|
|
Type: feature
Signed-off-by: Ole Troan <ot@cisco.com>
Change-Id: Ibd796adea734b64d9209c5e18c5b9800cbaf62c6
Signed-off-by: Dave Wallace <dwallacelf@gmail.com>
|
|
In function ‘memcpy’,
inlined from ‘clib_memcpy_fast’ at /home/vpp/src/vppinfra/string.h:86:10,
inlined from ‘memcpy_s_inline’ at /home/vpp/src/vppinfra/string.h:157:7,
inlined from ‘vnet_pppoe_add_del_session’ at /home/vpp/src/plugins/pppoe/pppoe.c:356:7:
error: ‘__builtin_memcpy’ offset [0, 5] is out of the bounds [0, 0] [-Werror=array-bounds]
34 | return __builtin___memcpy_chk (__dest, __src, __len, __bos0 (__dest));
| ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Cc1: all warnings being treated as errors
Hardware address is zero length vector for PPP, use vec_len instead.
Type: fix
Fixes: 62f9cdd82c52 ("Add PPPoE Plugin")
Signed-off-by: Tianyu Li <tianyu.li@arm.com>
Change-Id: If9fb409cfbbac77c15559d103987f0130bf30255
|
|
Type: improvement
Signed-off-by: aihua2013 <51931196@qq.com>
Change-Id: I22670f49abfb5d1fd728686fc7d65fb40ea6bda2
|
|
The musl libc does not support closedir(0) resulting in a crash. Only
call closedir() if we successfully opened it.
Type: fix
Change-Id: I3198454f44735501047afc42b94b2fea273212f4
Signed-off-by: Benoît Ganne <bganne@cisco.com>
|
|
Allow the CLI caller to specify an optional [index <idx>] index,
which will remove the ACL at that index. This mimicks the API behavior,
Add a 'delete acl-plugin acl index <idx>' to mimick the API acl_del
call, which will refuse to delete a non-existent index, as well as
an index that is referenced by an interface.
Type: improvement
Signed-off-by: pim@ipng.nl
Change-Id: I5f240f7a4e3bca14e8122917e8a5186d80094de2
|
|
Change-Id: I7888ab58abced93859ce15d0dbd1c3d7c94a02f5
Signed-off-by: Mohammed Hawari <mohammed@hawari.fr>
Type: fix
Fixes: 0654242d1ef51566f0d58445a16053cf376e5a6e
|
|
The current implementation of wireguard use dereference value from
pointer, but between get and dereference the value from pointer can be
occur change in pool memory, which means that this pointer can be
invalid. Since current implementation doesn't handle with invalid
pointers, segfault can occur.
The fix add a local variable to keep index of peer from pool and also
handle with null pointers from get pointer from pool.
Type: fix
Signed-off-by: Gabriel Oginski <gabrielx.oginski@intel.com>
Change-Id: Ic161ab08266e584493338c682d827ea1fd754b98
|